| Anton Komlev | 341668b | 2023-12-13 21:36:10 +0000 | [diff] [blame^] | 1 | ####### |
| 2 | Roadmap |
| 3 | ####### |
| 4 | |
| 5 | TF-M has been under active development since it was launched in Q1'18. It is |
| 6 | being designed to include |
| 7 | |
| 8 | 1. Secure boot ensuring integrity of runtime images and responsible for firmware upgrade. |
| 9 | 2. Runtime firmware consisting of TF-M Core responsible for secure isolation, |
| 10 | execution and communication aspects. and a set of Secure Services providing |
| 11 | services to the Non-Secure and Secure Applications. The secures services |
| 12 | currently supported are Secure Storage, Cryptography, Firmware Update, |
| 13 | Attestation and Platform Services |
| 14 | |
| 15 | If you are interested in collaborating on any of the roadmap features or other |
| 16 | features, please mail TF-M mailing list |
| 17 | |
| 18 | ****************** |
| 19 | Supported Features |
| 20 | ****************** |
| 21 | - PSA Firmware Framework v1.0, 1.1 Extension including IPC and SFN modes. |
| 22 | - PSA Level1, 2 and 3 Isolation. |
| 23 | - Secure Boot (mcuboot upstream) including generic fault injection mitigations |
| 24 | - PSA Protected Storage, Internal Trusted Storage v1.0 and Encrypted ITS |
| 25 | - PSA Cryptov1.0 (uses Mbed TLS v3.4.0) |
| 26 | - PSA Initial Attestation Service v1.0 |
| 27 | - PSA Firmware Update v1.0 |
| 28 | - PSA ADAC Specification Implementation |
| 29 | - Base Config |
| 30 | - kconfig based configuration |
| 31 | - Profile Small, Medium, ARoT-less Medium, Large |
| 32 | - Secure Partition Interrupt Handling, Pre-emption of SPE execution |
| 33 | - Platform Reset Service |
| 34 | - Dual CPU |
| 35 | - Open Continuous Integration (CI) System |
| 36 | - Boot and Runtime Crypto Hardware Integration |
| 37 | - Fault Injection Handling library to mitigate against physical attacks |
| 38 | - Threat Model |
| 39 | - Arm v8.1-M Privileged Execute Never (PXN) attribute and Thread reentrancy disabled (TRD) |
| 40 | - FPU, MVE Support |
| 41 | - CC-312 PSA Cryptoprocessor Driver Interface |
| 42 | |
| 43 | ****** |
| 44 | CQ4'23 |
| 45 | ****** |
| 46 | - TF-M v2.0.0 release |
| 47 | - Mbed TLS 3.5.0, mcuboot 2.0.0 Integration |
| 48 | - Design, prototype: Supporting multiple clients i.e. TF-M supporting multiple on |
| 49 | core and off core clients on heterogeneous (e.g. Cortex-A + Cortex-M platforms) |
| 50 | - Demonstrating TLS in Non-Secure using PSA Crypto APIs in TF-M |
| 51 | - Build System Enhancements - Separate Secure, Non-Secure Builds |
| 52 | - Mailbox interrupt handling |
| 53 | |
| 54 | ****** |
| 55 | Future |
| 56 | ****** |
| 57 | - Long Term Stable (LTS) support |
| 58 | - Implement support for multiple clients |
| 59 | - Remote Test Infrastructure |
| 60 | - MISRA testing |
| 61 | - TF-M Performance - Further Benchmarking and Optimization |
| 62 | - Scheduler - Multiple Secure Context Implementation |
| 63 | - Arm v8.1-M Architecture Enablement - PAC/BTI |
| 64 | - PSA FWU Service Enhancements |
| 65 | - PSA ADAC Spec - Enhancements and Testing |
| 66 | - Arm v8.1-M Unprevileged Debug |
| 67 | - [Secure Storage] Extended PSA APIs, Key Diversification Enhancements |
| 68 | - [Audit Logs] Secure Storage, Policy Manager |
| 69 | - PSA FF Lifecycle API |
| 70 | - Fuzz Testing |
| 71 | |
| 72 | -------------- |
| 73 | |
| 74 | *Copyright (c) 2017-2023, Arm Limited. All rights reserved.* |