| Anton Komlev | 341668b | 2023-12-13 21:36:10 +0000 | [diff] [blame] | 1 | ####### |
| 2 | Roadmap |
| 3 | ####### |
| 4 | |
| 5 | TF-M has been under active development since it was launched in Q1'18. It is |
| 6 | being designed to include |
| 7 | |
| 8 | 1. Secure boot ensuring integrity of runtime images and responsible for firmware upgrade. |
| Anton Komlev | 28eef36 | 2024-04-22 17:58:32 +0100 | [diff] [blame] | 9 | 2. Runtime firmware consisting of TF-M Core is responsible for secure isolation, |
| Anton Komlev | 341668b | 2023-12-13 21:36:10 +0000 | [diff] [blame] | 10 | execution and communication aspects. and a set of Secure Services providing |
| 11 | services to the Non-Secure and Secure Applications. The secures services |
| 12 | currently supported are Secure Storage, Cryptography, Firmware Update, |
| 13 | Attestation and Platform Services |
| 14 | |
| 15 | If you are interested in collaborating on any of the roadmap features or other |
| 16 | features, please mail TF-M mailing list |
| 17 | |
| 18 | ****************** |
| 19 | Supported Features |
| 20 | ****************** |
| 21 | - PSA Firmware Framework v1.0, 1.1 Extension including IPC and SFN modes. |
| 22 | - PSA Level1, 2 and 3 Isolation. |
| 23 | - Secure Boot (mcuboot upstream) including generic fault injection mitigations |
| 24 | - PSA Protected Storage, Internal Trusted Storage v1.0 and Encrypted ITS |
| 25 | - PSA Cryptov1.0 (uses Mbed TLS v3.4.0) |
| 26 | - PSA Initial Attestation Service v1.0 |
| 27 | - PSA Firmware Update v1.0 |
| 28 | - PSA ADAC Specification Implementation |
| Anton Komlev | 28eef36 | 2024-04-22 17:58:32 +0100 | [diff] [blame] | 29 | - Base Config, kconfig based configuration |
| Anton Komlev | 341668b | 2023-12-13 21:36:10 +0000 | [diff] [blame] | 30 | - Profile Small, Medium, ARoT-less Medium, Large |
| 31 | - Secure Partition Interrupt Handling, Pre-emption of SPE execution |
| Anton Komlev | 341668b | 2023-12-13 21:36:10 +0000 | [diff] [blame] | 32 | - Dual CPU |
| 33 | - Open Continuous Integration (CI) System |
| 34 | - Boot and Runtime Crypto Hardware Integration |
| 35 | - Fault Injection Handling library to mitigate against physical attacks |
| 36 | - Threat Model |
| 37 | - Arm v8.1-M Privileged Execute Never (PXN) attribute and Thread reentrancy disabled (TRD) |
| 38 | - FPU, MVE Support |
| 39 | - CC-312 PSA Cryptoprocessor Driver Interface |
| Anton Komlev | c594e26 | 2024-01-15 12:07:14 +0000 | [diff] [blame] | 40 | - Secure Storage - Key Diversification Enhancements |
| 41 | - Build System - Separate Secure and Non-Secure builds |
| Anton Komlev | 28eef36 | 2024-04-22 17:58:32 +0100 | [diff] [blame] | 42 | - PSA Crypto layer for mcuboot/BL2 |
| Anton Komlev | e7e27a8 | 2025-02-11 19:19:37 +0000 | [diff] [blame] | 43 | - Support LLVM Embedded Toolchain for Arm |
| Anton Komlev | 837df13 | 2025-04-11 13:03:29 +0100 | [diff] [blame^] | 44 | - MISRA testing/documentation |
| 45 | - Switch to using upstream t_cose |
| 46 | - Remote Test Infrastructure |
| Anton Komlev | 341668b | 2023-12-13 21:36:10 +0000 | [diff] [blame] | 47 | |
| 48 | ****** |
| Anton Komlev | 837df13 | 2025-04-11 13:03:29 +0100 | [diff] [blame^] | 49 | CQ2'25 |
| Anton Komlev | 341668b | 2023-12-13 21:36:10 +0000 | [diff] [blame] | 50 | ****** |
| Anton Komlev | c594e26 | 2024-01-15 12:07:14 +0000 | [diff] [blame] | 51 | - Supporting multiple clients (Hybrid Platforms) i.e. TF-M supporting multiple on |
| Anton Komlev | 341668b | 2023-12-13 21:36:10 +0000 | [diff] [blame] | 52 | core and off core clients on heterogeneous (e.g. Cortex-A + Cortex-M platforms) |
| Anton Komlev | e7e27a8 | 2025-02-11 19:19:37 +0000 | [diff] [blame] | 53 | - TF-M v2.2.0 release |
| 54 | - Update to Mbed TLS3.6.3 |
| Anton Komlev | 341668b | 2023-12-13 21:36:10 +0000 | [diff] [blame] | 55 | |
| 56 | ****** |
| 57 | Future |
| 58 | ****** |
| Anton Komlev | d0303d8 | 2024-10-01 16:03:00 +0100 | [diff] [blame] | 59 | - Integrate TF-PSACrypto |
| Anton Komlev | 837df13 | 2025-04-11 13:03:29 +0100 | [diff] [blame^] | 60 | - TF-M v2.3.0 |
| 61 | - Image encryption via. PSA Crypto in mcuboot |
| Anton Komlev | 28eef36 | 2024-04-22 17:58:32 +0100 | [diff] [blame] | 62 | - Implement support for multiple clients (Hybrid Platforms) contd. |
| 63 | - Build System Enhancements - Simplify build scripts |
| Anton Komlev | 341668b | 2023-12-13 21:36:10 +0000 | [diff] [blame] | 64 | - TF-M Performance - Further Benchmarking and Optimization |
| 65 | - Scheduler - Multiple Secure Context Implementation |
| Anton Komlev | 341668b | 2023-12-13 21:36:10 +0000 | [diff] [blame] | 66 | - PSA FWU Service Enhancements |
| 67 | - PSA ADAC Spec - Enhancements and Testing |
| 68 | - Arm v8.1-M Unprevileged Debug |
| Anton Komlev | c594e26 | 2024-01-15 12:07:14 +0000 | [diff] [blame] | 69 | - [Secure Storage] Extended PSA APIs |
| Anton Komlev | 341668b | 2023-12-13 21:36:10 +0000 | [diff] [blame] | 70 | - [Audit Logs] Secure Storage, Policy Manager |
| 71 | - PSA FF Lifecycle API |
| 72 | - Fuzz Testing |
| 73 | |
| 74 | -------------- |
| 75 | |
| Anton Komlev | c594e26 | 2024-01-15 12:07:14 +0000 | [diff] [blame] | 76 | *Copyright (c) 2017-2024, Arm Limited. All rights reserved.* |