Trusted Firmware-M: v1.5.0 Release
Trusted Firmware-M (TF-M) v1.5.0 was released on 30th November 2021. The release includes improved runtime performance, Floating Point Unit (FPU) support, integration of mcuboot v1.8, further enablement of PSA Firmware Framework-M v1.1 specification, and further enablement of new platforms.
Here are some of the main additions in TF-Mv1.5.0:
The project has been focussed on profiling and improving the run time performance – e.g. PSA API call latency from Non-Secure Processing Environment (NSPE) to TF-M (Secure Processing Environment) and interrupt latency. The release includes first set of changes for the SPM to run in thread mode when handling PSA API calls in isolation level1 and IPC mode. This has given significant performance improvement in non-secure interrupt latency and PSA API call latency while using Firmware Framework-M APIs. Further details on the improvements will be shared in upcoming TF-M open Tech Forums
Floating Point Unit (FPU) initial support has been enabled. This allows TF-M and its Secure Partitions to make use of the FPU. Refer to the user guide for more information. Non Secure Processing Environment (NSPE) is not allowed to access the FPU when FP support is enabled in Secure Processing Environment (SPE). The limitation will be removed prior to the next release.
mcuboot, used by the project as the 2nd stage bootloader, was updated to v1.8. This version adds support for AES256 image encryption, multi-image boot etc. which can be used by TF-M platforms.
Initial set of changes to align with Firmware Framework for M v1.1 was included in previous releases. Protected Storage, ITS, Crypto and Attestation services have been updated as stateless services supporting static handle. MM-IOVEC secure partition API for isolation level 1 has been added. Infrastructure support for Secure Function (SFN) mode is enabled. The PSA Secure Partitions supporting SFN is expected to be part of the next release.
B-U585I-IOT02A discovery kit with STM32U5 microcontroller and two Corstone platforms from Arm are the newly added platforms. This adds to the already supported platforms in the project.
More details can be found here. Testing of the release has been done on Trustedfirmware.org’s Open CI infrastructure. A new psa-adac repository in the trustefirmware.org project now provides the target side reference implementation of Authenticated Debug Access Control Specification. TF-M platforms can integrate the psa-adac library to enable secure debug.
The release has been made on the v1.5.0 release branch following the updated release process. Future releases will be made every 6 months. Any security fixes prior to the next release will be made available as patch releases in v1.5.x release branch.