Version 2.0.0

New major features

  • TF-M secure build process and non-secure build process are split to simplify and enhance non-secure integration with TF-M.

  • Update new Mailbox agent API.

    • Decouple the specific application Mailbox from SPM, make it an application in Secure Partition.

    • Unify the interfaces between partitions and SPM, and reduces the interaction interface between them.

  • Multi-core support in the Secure Function (SFN) model.

  • Optimize SPM critical section implementation to reduce time cost in isolation level 2&3.

  • Use local variables for connection handles instead of dynamic allocation when there is only synchronous service access routine in the SFN model.

  • P256-M [1] component is enabled on the TF-M side in profile medium which has a much smaller code size and RAM footprint.

  • MCUboot upgrade to v2.0.0.

  • Mbed TLS upgrade to v3.5.0.

  • TF-M PSA client API performance profiling is tracked in SQUAD [2] and the profiling tool [3] is updated.

  • TF-M integrates Read the Docs [4] to support finding documentation versions by the released tags and downloading PDFs. External links are supported for documentation in TF-M Tests, Tools and Extras repositories.

New security advisories

A Security vulnerability fixed in v1.8.1 Refer to TFMV-6 for more details. The mitigation is included in this release.

New platforms supported

Tested platforms

The following platforms are successfully tested in this release.

  • Arm

    • AN519

    • AN521

    • AN555

    • Corstone-1000

    • Corstone-300

    • Corstone-310

    • Musca-B1

    • Musca-S1

  • Infineon/Cypress

    • PSoC 64

  • STM

    • B-U585I-IOT02A

    • NUCLEO-L552ZE-Q

    • STM32H573idk

  • Nordic

    • nRF5340

    • nRF9160

  • NuMaker-PFM

    • M2351

    • M2354

  • NXP

    • LPCXpresso55S69

Reference memory footprint

All measurements below are made for AN521 platform, built TF-Mv2.0.0-RC2 on Windows 10 using Armclang v6.18 and build type MinSizeRel.

All modules are measured in bytes. Some minor modules are not shown in the table below.

Note

Profile Medium-ARoT-less built with disabled Firmware Update service to align with other TF-M Profiles.

Module

Base

Small

ARoT-less

Medium

Large

Flash

RAM

Flash

RAM

Flash

RAM

Flash

RAM

Flash

RAM

Generated (stack, stc)

112

3184

160

3184

160

3184

208

3184

272

3184

Objects

940

1064

1224

5464

1313

6152

1443

1496

1518

1496

c_w.l

190

0

690

0

690

0

690

0

930

0

platform (Secure)

5098

284

5430

284

5782

284

6154

284

6284

284

SPM

3574

165

4456

165

3946

165

6330

1353

6484

1358

sprt

274

0

1470

0

1308

0

2470

4

2454

4

MbedCrypto

N/A

N/A

25220

2108

29964

2104

29968

2104

78938

1996

PROT_attestation

N/A

N/A

2341

557

2571

1218

2571

3010

2687

3010

PROT_crypto

N/A

N/A

3866

2070

4420

16026

4420

22938

4552

25818

PROT_ITS

N/A

N/A

4830

80

4894

112

5064

1988

5068

2498

PROT_platform

N/A

N/A

N/A

N/A

478

0

520

1280

520

1280

AROT_PS

N/A

N/A

N/A

N/A

N/A

N/A

3276

4364

3276

4364

platform_crypto_keys

N/A

N/A

248

0

256

0

256

0

256

0

qcbor

N/A

N/A

854

0

854

0

854

0

854

0

crypto_service_p256m

N/A

N/A

N/A

N/A

3534

0

3534

0

N/A

N/A

Padding

32

39

111

16

118

19

126

47

187

38

Total incl. padding

10220

4736

50900

13928

60288

29264

67884

42052

114280

45300

Known issues

Some open issues are not fixed in this release.

Descriptions

Issue links

TF-M Kconfig is broken due to build split. It will be recovered in a future release.

Not tracked

Issues fixed since v1.8.0

The following issues have been fixed since the v1.8.0 release.

Descriptions

Issue links

Arm GNU toolchain version greater than 11.2 has a linker issue in syscall.

https://developer.trustedfirmware.org/T1029

Reference


Copyright (c) 2023, Arm Limited. All rights reserved.