Version 1.3.0

New major features

• Support stateless RoT Service defined in FF-M 1.1 [1].

• Support Second-Level Interrupt Handling (SLIH) defined in FF-M 1.1 [1].

• Add Firmware Update (FWU) secure service, following Platform Security Architecture Firmware Update API [2].

• Migrate to Mbed TLS v2.25.0.

• Update MCUboot version to v1.7.2.

• Add a TF-M generic threat model [3] .

• Implement Fault Injection Handling library to mitigate physical attacks [4].

• Add Profile Large [5].

• Enable code sharing between boot loader and TF-M [6].

• Support Armv8.1-M Privileged Execute Never (PXN) attribute and Thread reentrancy disabled (TRD) feature.

• New platforms added. See New platforms supported for details.

• Add a TF-M security landing page [7].

• Enhance dual-cpu non-secure mailbox reference implementation.

New security advisories

Invoking secure functions from non-secure handler mode

Refer to Advisory TFMV-2 for more details. The mitigation is included in this release.

New platforms supported

• Cortex-M23 based system:

  • Nuvoton M2354.

• Cortex-M55 based system:

  • FPGA image loaded on MPS3 board (AN547).

• Secure Enclave system:

  • Musca-B1 Secure Enclave (deprecated after TF-M v1.6.0).

Deprecated platforms

The following platforms have been removed from TF-M code base.

• SSE-200_AWS

• AN539

See Platform deprecation and removal for other platforms under deprecation process.

Tested platforms

The following platforms are successfully tested in this release.

• AN519

• AN521

• AN524

• AN547

• LPCXpresso55S69

• MPS2 SSE300

• Musca-B1

• Musca-B1 Secure Enclave

• Musca-S1

• M2351

• M2354

• nrf5340dk

• nrf9160dk

• NUCLEO-L552ZE-Q

• PSoC 64

• STM32L562E-DK

Known issues

Some open issues exist and will not be fixed in this release.

Descriptions	Issue links
PSA Arch Crypto test suite have several known failures.	See this link for detailed analysis of the failures.
Protected Storage Regression test 4001 is stuck on SSE-300 in isolation level 2 when PXN is enabled.	https://developer.trustedfirmware.org/T902
IPC Regression test fail when non-secure regression test is enabled and secure regression test is disabled.	https://developer.trustedfirmware.org/T903
Panic test in PSA Arch IPC test suite generates inconsistent results between Armclang and GNUARM.	https://developer.trustedfirmware.org/T909

Issues fixed since 1.2.0

Issues fixed by TF-M since v1.2.0 are listed below.

Descriptions	Issue links
Dual-cpu NS mailbox initialization shall be executed after CMSIS-RTOS RTX kernel initialization	https://developer.trustedfirmware.org/T904

Issues closed since 1.2.0

The following issues are closed since v1.2.0. These issues are related to platform hardware limitations or 3rd-party tools and therefore won’t be fixed by TF-M.

Descriptions	Issue links
psa_verify_rsa() fails when PSA Crypto processes RSASSA-PSS algorithm in CryptoCell-312. Mbed TLS implementation of psa_verify_rsa() always passes MBEDTLS_MD_NONE to mbedtls_rsa_rsassa_pss_verify(). However, CryptoCell-312 doesn’t support MD5 and uses other algorithms instead. Therefore, Mbed TLS implementation may fail when input algorithm doesn’t match other parameters.	https://github.com/ARMmbed/mbedtls/issues/3990
Regression tests fail with GNU Arm Embedded toolchain version 10-2020-q4-major. The support for CMSE feature is broken in version 10-2020-q4-major. The fix will be available in future release version. A note is added in Install a toolchain.	https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99157

Reference

[1] (1,2)

Arm Firmware Framework for M 1.1 Extensions

[2]

PSA Firmware Update API

[3]

TF-M generic threat model

[4]

TF-M physical attack mitigation

[5]

TF-M Profile Large design

[6]

Code sharing between independently linked XIP binaries

[7]

Security Handling

---

Copyright (c) 2021, Arm Limited. All rights reserved.