:orphan:
*************
Version 1.3.0
*************
New major features
==================
- Support stateless RoT Service defined in FF-M 1.1 [1]_.
- Support Second-Level Interrupt Handling (SLIH) defined in FF-M 1.1 [1]_.
- Add Firmware Update (FWU) secure service, following Platform Security
Architecture Firmware Update API [2]_.
- Migrate to Mbed TLS v2.25.0.
- Update MCUboot version to v1.7.2.
- Add a TF-M generic threat model [3]_ .
- Implement Fault Injection Handling library to mitigate physical attacks [4]_.
- Add Profile Large [5]_.
- Enable code sharing between boot loader and TF-M [6]_.
- Support Armv8.1-M Privileged Execute Never (PXN) attribute and Thread
reentrancy disabled (TRD) feature.
- New platforms added.
See :ref:`releases/1.3.0:New platforms supported` for
details.
- Add a TF-M security landing page [7]_.
- Enhance dual-cpu non-secure mailbox reference implementation.
New security advisories
=======================
Invoking secure functions from non-secure handler mode
------------------------------------------------------
Refer to :doc:`Advisory TFMV-2`
for more details.
The mitigation is included in this release.
New platforms supported
=======================
- Cortex-M23 based system:
- `Nuvoton M2354.
`_
- Cortex-M55 based system:
- `FPGA image loaded on MPS3 board (AN547).
`_
- Secure Enclave system:
- :doc:`Musca-B1 Secure Enclave. `
Deprecated platforms
====================
The following platforms have been removed from TF-M code base.
- SSE-200_AWS
- AN539
See :doc:`Platform deprecation and removal `
for other platforms under deprecation process.
Tested platforms
================
The following platforms are successfully tested in this release.
- AN519
- AN521
- AN524
- AN547
- LPCXpresso55S69
- MPS2 SSE300
- Musca-B1
- Musca-B1 Secure Enclave
- Musca-S1
- M2351
- M2354
- nrf5340dk
- nrf9160dk
- NUCLEO-L552ZE-Q
- PSoC 64
- STM32L562E-DK
Known issues
============
Some open issues exist and will not be fixed in this release.
.. list-table::
* - **Descriptions**
- **Issue links**
* - | PSA Arch Crypto test suite have several known failures.
- See this `link `_
for detailed analysis of the failures.
* - | Protected Storage Regression test 4001 is stuck on SSE-300 in isolation
| level 2 when PXN is enabled.
- https://developer.trustedfirmware.org/T902
* - | IPC Regression test fail when non-secure regression test is enabled and
| secure regression test is disabled.
- https://developer.trustedfirmware.org/T903
* - | Panic test in PSA Arch IPC test suite generates inconsistent results
| between Armclang and GNUARM.
- https://developer.trustedfirmware.org/T909
Issues fixed since 1.2.0
========================
Issues fixed by TF-M since v1.2.0 are listed below.
.. list-table::
* - **Descriptions**
- **Issue links**
* - | Dual-cpu NS mailbox initialization shall be executed after CMSIS-RTOS
| RTX kernel initialization
- https://developer.trustedfirmware.org/T904
Issues closed since 1.2.0
=========================
The following issues are closed since v1.2.0. These issues are related to
platform hardware limitations or 3rd-party tools and therefore won't be fixed by
TF-M.
.. list-table::
* - **Descriptions**
- **Issue links**
* - | ``psa_verify_rsa()`` fails when PSA Crypto processes RSASSA-PSS
| algorithm in CryptoCell-312.
| Mbed TLS implementation of ``psa_verify_rsa()`` always passes
| ``MBEDTLS_MD_NONE`` to ``mbedtls_rsa_rsassa_pss_verify()``.
| However, CryptoCell-312 doesn't support MD5 and uses other algorithms
| instead. Therefore, Mbed TLS implementation may fail when input
| algorithm doesn't match other parameters.
- https://github.com/ARMmbed/mbedtls/issues/3990
* - | Regression tests fail with GNU Arm Embedded toolchain version
| 10-2020-q4-major.
| The support for CMSE feature is broken in version 10-2020-q4-major. The
| fix will be available in future release version.
| A note is added in :ref:`getting_started/tfm_getting_started:Install a toolchain`.
- https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99157
Reference
=========
.. [1] `Arm Firmware Framework for M 1.1 Extensions `_
.. [2] `PSA Firmware Update API `_
.. [3] :doc:`TF-M generic threat model `
.. [4] :doc:`TF-M physical attack mitigation `
.. [5] :doc:`TF-M Profile Large design `
.. [6] :doc:`Code sharing between independently linked XIP binaries `
.. [7] :doc:`Security Handling `
--------------
*Copyright (c) 2021, Arm Limited. All rights reserved.*