| Soby Mathew | d8efe8f | 2020-03-16 15:19:05 +0000 | [diff] [blame] | 1 | *********** |
| 2 | Version 1.0 |
| 3 | *********** |
| 4 | |
| 5 | New Features |
| 6 | ============ |
| 7 | - First major release. |
| 8 | |
| 9 | - A Secure FW with support for PSA Level 1 and 2 isolation on Armv8-M |
| 10 | using TrustZone extension and Dual-core Cortex-M config. |
| 11 | |
| 12 | - The PSA Firmware Framework (PSA FF)/Dev API interfaces exposed by the |
| 13 | Secure FW to NS side. |
| 14 | |
| 15 | - A secure FW model with NS application example. |
| 16 | |
| 17 | - Secure services running within this SPE |
| 18 | |
| 19 | - Secure Storage Service (PSA Protected Storage API - 1.0.0) |
| 20 | - Attestation (PSA Attestation API 1.0.0) |
| 21 | - Crypto Service (PSA API 1.0-beta-3) |
| 22 | - TF-M Audit Log |
| 23 | - Platform Service |
| 24 | - Internal Trusted Storage (PSA API 1.0.0) |
| 25 | |
| 26 | - PSA IPC support |
| 27 | |
| 28 | - Support for Armv8-M mainline and baseline and Dual-core Cortex-M systems. |
| 29 | |
| 30 | - Testcases running baremetal and with RTX to test the functionality. |
| 31 | |
| 32 | - BL2 bootloader for image authentication based on SHA256 and RSA-3072 |
| 33 | digital signature. |
| 34 | |
| 35 | - Build system based on CMake, supporting ARMCLANG and GNU Arm. |
| 36 | |
| 37 | - Support for integrated CryptoCell-312 cryptographic hardware accelerator |
| 38 | on Musca-B1 platform. |
| 39 | |
| 40 | - Meets requirements for Updatable RoT for PSA Functional API, Level 1 and |
| 41 | Level 2 Certifications in the feature list. |
| 42 | |
| 43 | Platforms supported |
| 44 | =================== |
| 45 | Current release has been tested on: |
| 46 | |
| 47 | - Cortex M33 based SSE-200 system: |
| 48 | |
| 49 | - `FPGA image loaded on MPS2 board. |
| 50 | <https://developer.arm.com/products/system-design/development-boards/cortex-m-prototyping-systems/mps2>`__ |
| 51 | - `Fast model FVP_MPS2_AEMv8M. |
| 52 | <https://developer.arm.com/products/system-design/fixed-virtual-platforms>`__ |
| 53 | - `Musca-A test chip board. |
| 54 | <https://developer.arm.com/products/system-design/development-boards/iot-test-chips-and-boards/musca-a-test-chip-board>`__ |
| 55 | - `Musca-B1 test chip board. |
| 56 | <https://developer.arm.com/products/system-design/development-boards/iot-test-chips-and-boards/musca-b-test-chip-board>`__ |
| 57 | - `Musca-S1 test chip board.` |
| 58 | - `FPGA image loaded on MPS3 board. |
| 59 | <https://developer.arm.com/tools-and-software/development-boards/fpga-prototyping-boards/mps3>`__ |
| 60 | - `Arm DesignStart FPGA on AWS Cloud. |
| 61 | <https://developer.arm.com/docs/101965/0102/arm-designstart-fpga-on-cloud-arm-ds-getting-started>`__ |
| 62 | |
| 63 | - Cortex M23 based IoT Kit system: |
| 64 | |
| 65 | - `FPGA image loaded on MPS2 board. |
| 66 | <https://developer.arm.com/products/system-design/development-boards/cortex-m-prototyping-systems/mps2>`__ |
| 67 | |
| 68 | Other supported platforms: |
| 69 | |
| Minos Galanakis | e409401 | 2020-06-12 14:25:34 +0100 | [diff] [blame] | 70 | - Dual Core Cortex-M system: |
| Soby Mathew | d8efe8f | 2020-03-16 15:19:05 +0000 | [diff] [blame] | 71 | |
| Minos Galanakis | e409401 | 2020-06-12 14:25:34 +0100 | [diff] [blame] | 72 | - `Cypress PSoc64. |
| Soby Mathew | d8efe8f | 2020-03-16 15:19:05 +0000 | [diff] [blame] | 73 | <https://www.cypress.com/documentation/product-brochures/cypress-psoc-64-secure-microcontrollers>`__ |
| 74 | |
| 75 | Platform Limitations |
| 76 | ==================== |
| 77 | - The PSA Arch Tests need to be split into several binaries to load onto |
| 78 | Musca-A board because of low memory available to the NS world to use. |
| 79 | |
| 80 | - The Regression tests on MPS3 AN524 FPGA takes about 40 minutes to complete. |
| 81 | This is because AN524 uses QSPI Flash for runtime memory as the RAM is small. |
| 82 | The slow speed of QSPI device causes the tests to run slowly. |
| 83 | |
| 84 | - Warm reset of eFlash is not permitted on Musca-B1 due to HW bug |
| 85 | https://community.arm.com/developer/tools-software/oss-platforms/w/docs/426/musca-b1-warm-reset-of-eflash |
| 86 | As TF-M is executed in place from eFlash on Musca-B1, there is good chance |
| 87 | that a warm reset of the board will have unexpected (even non-deterministic) |
| 88 | effects on code execution. Hence the PSA Arch FF tests, which rely of warm |
| 89 | reset of Musca-B1 were executed on RAM FS using "-DSST_RAM_FS=ON" config. |
| 90 | |
| 91 | Known issues |
| 92 | ============ |
| 93 | Some open issues exist and will not be fixed in this release. |
| 94 | |
| 95 | .. list-table:: |
| 96 | |
| 97 | * - AN521 FVP soft reset via AIRCR does not reset MPC / PPC / MPU and will |
| 98 | cause boot failure. This is known issue for AN521 FVP. This will cause |
| 99 | the system to not boot after a warm reset during PSA Arch FF testing. |
| 100 | - Issue : https://developer.trustedfirmware.org/T692 |
| 101 | |
| 102 | * - PSA Arch Crypto tests have several known failures. |
| 103 | - See this link for detailed analysis of the failures : https://github.com/ARM-software/psa-arch-tests/blob/master/api-tests/docs/test_failure_analysis.md |
| 104 | |
| 105 | * - There are 2 additional failures for PSA-Arch Crypto tests with CC-312 |
| 106 | other than the known failures. This is due to limitation of CC-312 |
| 107 | implementation as it does not support MD_NONE hashing mode causing the |
| 108 | additional failures. |
| 109 | - The issue details are captured here : https://developer.trustedfirmware.org/T691 |
| 110 | |
| 111 | * - PS test case 2002 and 1002 does not fail on Musca-B1 flash when |
| 112 | run for second time without erasing flash. The WRITE_ONCE assets created |
| 113 | by SST module should not be updatable but after reboot, the update seems |
| 114 | to happen and is not expected. This issue will happen on any platform |
| 115 | using persistent storage for SST. |
| 116 | - Issue created : https://developer.trustedfirmware.org/T693 |
| 117 | |
| 118 | * - Boot up fails if there is unexpected data in flash on Musca-A. The boot |
| 119 | is successful and the tests pass if all the associated (SST/ITS/NV |
| 120 | Counter) flash areas are erased. |
| 121 | - Issue created : https://developer.trustedfirmware.org/T694 |
| 122 | |
| 123 | * - If the flash is not erased, boot fails on Musca-B1 when SST |
| 124 | is using flash for Minsizerel config. |
| 125 | - Issue created : https://developer.trustedfirmware.org/T695 |
| 126 | |
| 127 | * - When SST/ITS are using Flash on Musca-B1, PSA Arch FF test fails due |
| 128 | to known warm reset limitation in the platform. But after the failure, |
| 129 | Musca-B1 boot fails to boot. This could be related to general issues of |
| 130 | the SST module when Flash data is inconsistent. |
| 131 | - Issue created : https://developer.trustedfirmware.org/T696 |
| 132 | |
| 133 | * - The eflash driver on Musca-B1 can return random failures hence |
| 134 | triggering random failures during PSA Arch ITS and PSA Arch PS tests. |
| 135 | This happens when ITS/SST is configured to use flash. |
| 136 | - Issue created : https://developer.trustedfirmware.org/T697 |
| 137 | |
| 138 | * - Release build of PSA Arch Crypto tests have a different number of tests |
| 139 | when built for AN521 FVP. This is an issue in the PSA Arch Crypto tests. |
| 140 | - Issue created for PSA Arch Tests project : https://github.com/ARM-software/psa-arch-tests/issues/169 |
| 141 | |
| 142 | -------------- |
| 143 | |
| 144 | *Copyright (c) 2020, Arm Limited. All rights reserved.* |