Introduction

Trusted Firmware M

Trusted Firmware-M (TF-M) implements the Secure Processing Environment (SPE) for Armv8-M, Armv8.1-M architectures (e.g. the Cortex-M33, Cortex-M23, Cortex-M55, Cortex-M85 processors) and dual-core platforms. It is the platform security architecture reference implementation aligning with PSA Certified guidelines, enabling chips, Real Time Operating Systems and devices to become PSA Certified.

TF-M relies on an isolation boundary between the Non-secure Processing Environment (NSPE) and the Secure Processing Environment (SPE). It can but is not limited to using the Arm TrustZone technology on Armv8-M and Armv8.1-M architectures. In pre-Armv8-M architectures physical core isolation is required.

TF-M consists of:

• Secure Boot to authenticate NSPE and SPE images

• TF-M Core for controlling the isolation, communication and execution within SPE and with NSPE

• Crypto, Internal Trusted Storage (ITS), Protected Storage (PS), Firmware Update and Attestation secure services

TF-M implements PSA-FF-M defined IPC and SFN mechanisms to allow communication between isolated firmware partitions. TF-M is highly configurable allowing users to only include the required secure services and features. Project provides Base Configuration build with just TF-M core and platform drivers and 4 predefined configurations known as TF-M Profiles. TF-M Profiles or TF-M base can be configured to include required services and features as described in the Configuration section.

Fig. 1 FF-M compliant design with TF-M

Applications and Libraries in the Non-secure Processing Environment can utilize these secure services with a standardized set of PSA Functional APIs. Applications running on Cortex-M devices can leverage TF-M services to ensure secure connection with edge gateways and IoT cloud services. It also protects the critical security assets such as sensitive data, keys and certificates on the platform. TF-M is supported on several Cortex-M based Microcontrollers and Real Time Operating Systems (RTOS).

Terms TFM and TF-M are commonly used in documents and code and both refer to Trusted Firmware M. Glossary has the list of terms and abbreviations.

Repositories

TF-M is comprised of multiple repositories that supplement each other in making the project both customisable and maintainable.

Table 1 TF-M Repositories

Repository	Description
trusted-firmware-m	Software implementation of TF-M with documentation and essential tools
tf-m-tests	Tests that focus on the functionalities of TF-M components
tf-m-tools	Non essential tools used for testing and verification of TF-M
tf-m-extras	Extension of the main repository to host examples, demonstrations, third-party modules etc

License

The software is provided under a BSD-3-Clause License. Contributions to this project are accepted under the same license with developer sign-off as described in the Contributing Guidelines.

This project contains code from other projects as listed below. The code from external projects is limited to bl2, lib and platform folders. The original license text is included in those source files.

• The bl2 folder contains files imported from MCUBoot project and the files have Apache 2.0 license.

• The lib/ext folder may contain 3rd party projects and files with diverse licenses. Here are some that are different from the BSD-3-Clause and may be a part of the runtime image. The source code for these projects is fetched from upstream at build time only.

  • CMSIS_5 - Apache 2.0 license

  • mbedcrypto - Apache 2.0 license MbedTLS

  • mcuboot - Apache 2.0 license MCUBoot

  • qcbor - Modified BSD-3-Clause license

  • tf-m-extras - Set of additional components. Please check individually in tf-m-extras repository

• The platform folder currently contains platforms support imported from the external project and the files may have different licenses.

Supported Platforms

• Cortex-M85 system:

  • Corstone-310 Ethos-U55/U65 Ecosystem FVP.

  • FPGA image loaded on MPS3 board (AN555).

• Cortex-M55 system:

  • FPGA image loaded on MPS3 board (AN547).

  • FPGA image loaded on MPS3 board (AN552).

  • Corstone-300 Ethos-U55/U65 Ecosystem FVP.

• Cortex-M33 system:

  • FPGA image loaded on MPS2 board (AN521).

  • Fast model FVP_MPS2_AEMv8M (AN521).

  • Musca-B1 test chip board.

  • Musca-S1 test chip board.

  • FPGA image loaded on MPS3 board (AN524).

  • LPC55S69.

  • STM32H573I-DK.

  • B-U585I-IOT02A.

  • NUCLEO L552ZE Q.

  • DISCO L562QE.

  • nRF9160 DK (nordic_nrf/nrf9160dk_nrf9160).

  • nRF5340 DK (nordic_nrf/nrf5340dk_nrf5340_cpuapp).

  • BL5340 DVK (lairdconnectivity/bl5340_dvk_cpuapp).

• Cortex-M23 system:

  • FPGA image loaded on MPS2 board (AN519).

  • M2351.

  • M2354.

• Dual Core Cortex-M system:

  • PSoc64.

• Runtime Security Subsystem (RSS):

  • RSS.

The document Platform Deprecation and Removal lists the deprecated platforms, removed from the upstream.

The document Supported Platforms lists the details.

Release Notes and Process

The Release Cadence and Process provides release cadence and process information.

The Releases provides details of major features of the release and platforms supported.

Feedback and Support

For this release, feedback is requested via email to tf-m@lists.trustedfirmware.org.

A bi-weekly technical forum is available for discussion on any technical topics online. Welcome to join TF-M Forum.

---

Copyright (c) 2017-2022, Arm Limited. All rights reserved.