Change Log & Release Notes
This document contains a summary of the new features, changes, fixes and known issues in each release of Trusted Services.
Version v1.3.0
Feature Highlights
PSA Crypto: Enable support for AEAD block cyphers that require input data to be processed in whole block-sized chunks.
Enhance fTPM build scripts to support the memory-protection settings.
Implement support for the FFA_YIELD ABI, including the necessary updates in libsp, TS, and OP-TEE SPMC tests. The feature depends on OP-TEE SPMC version 4.7.0 or newer.
Add support for FF-A notification handling in libsp.
Add Security Assessment page of the Block Storage SP to the documentation.
Modify the CMake scripts to honor the CMAKE_COMPILE_WARNING_AS_ERROR configuration option, allowing integrators to temporarily turn off treating compilation warnings as errors.
Corstone1000: add Event Provider proxy service to support delivery of boot confirmation events from the normal world to the Secure Enclave
FWU Proxy: allow the RSE or SE to send success reboot status to the FWU agent. Success reboot is handled the same as success.
FWU Proxy: add support for exposing ESRT v1 to the FWU client. Introduces a new virtual FWU image ID that represents a read-only image; when accessed, the ESRT data is returned as the response.
Add support for the RD-Aspen platform. RD-Aspen is an Arm reference design that combines a high-performance Cortex-A720AE based compute subsystem with a Cortex-R82AE based Safety Island and a Runtime Security Engine (RSE) to enable safety- and security-critical automotive and industrial applications.
Deprecations
None.
Updated external components
MbedTLS v3.6.0 -> v3.6.5.
Breaking changes
The representation of boot-order property in the SP manifest file has been updated to match new version of the manifest binding documentation. This change broke compatibility to OP-TEE SPMC before 4.7.0.
The FFA_YIELD support requires OP-TEE v4.7.0+
Resolved issues
None.
Known limitations
fTPM SP:
The implementation is experimental. The end-to-end integration is lacking, some components are not published yet.
Missing support of hardware time source.
Missing support for boot measurements (event log) made by earlier boot stages.
Locality 4 command handling is not implemented yet.
Version v1.2.0
Feature Highlights
- Corstone1000 updates:
Integrated PSA-FWU proxy to the proxy SP.
Enabled compile-time configuration for MHU and RSE buffer sizes.
Aligned psa-crypto size definitions with TF-M v2.1
- rd1-ae:
Introduce the new Arm Reference Design-1 AE platform targeting the Automotive segment. It features high-performance Arm Neoverse V3AE Application Processor compute system, Arm Cortex-R82AE based Safety Island, and a Runtime Security Engine (RSE) for enhanced security. See RD-1 AE
Added driver support for MHU v3.
- se-proxy:
Added support for compile-time configuration of supported services.
Client ID value 0 is considered invalid by TF-M (the firmware implementation for RSE and SE) and is rejected starting from version v2.1.x. As a workaround, the SE-Proxy replaces value 0 with its own FF-A ID, which is always a valid positive integer. This substitution is safe, as the SE-Proxy does not initiate requests on its own behalf.
Added support for pointer access protocol.
- Block Storage SP
Added encryption support using the new Encrypted Block Store component.
- Test updates:
Removed libts-test
Merged unit-tests into a single deployment
spm-test
Fix mem retrieve in SPM test SP
Enabled platform-specific configuration of certain manifest entries.
- fTPM SP (experimental)
Introduced the fTPM SP deployment, which provides TPM services using the ms-tpm20-ref implementation.
- Documentation:
Added a new section covering threat assessments for various SPs.
- Notable generic fixes:
PSA FWU M: Load initial image state in PSA FWU M update agent.
Fix interrupted FFA_MSG_SEND_DIRECT_REQ handling.
Deprecations
None.
Updated external components
None.
Breaking changes
None.
Resolved issues
None.
Known limitations
fTPM SP:
The implementation is experimental. The end-to-end integration is lacking, some components are not published yet.
Missing support of hardware time source.
Missing support for boot measurements (event log) made by earlier boot stages.
Locality 4 command handling is not implemented yet.
Version v1.1.0
Trustedfirmware.org has deprecated Phabricator, the wiki and issue tracking provider. This functionality has been moved to GitHub. See the Trusted Services organization. The project wiki has been moved to here
Feature Highlights
Add documentation covering the OP-TEE SPMC tests.
-
Extend the implementation to support Authenticated Variables.
Relax the UEFI variable name length limit imposed by the size of the RPC buffer.
Introduce a work in progress RPMB implementation and integrate it to the Block Storage service. The current configuration uses an SWd RAM buffer for data storage, and is not connected to the RPMB provider running in the NWd. This is the first baseline to implement a scenario where the RPMB owner is an S-EL0 SP.
Introduce the Logging Service.
Add crypto key store partitioning support to the Crypto Service. This feature allows isolating clients running in different SPs.
Add the “RSE Com” protocol. RSE Com is a new protocol used between secure partitions and security subsystems like the Secure Enclave on Corstone-1000 or Runtime Security Engine on RD-1 AE.
libsp learnt to support FF-A v1.1 and all SPs are updated to use this version.
tstee Linux driver was merged upstream and the LinuxFfaTEEDriver external component is removed.
All SP and arm-linux deployments are updated to support Armv8.5-A Branch Protection feature. See: Branch Protection
A new FWU agent implementation is introduced, which implements a PSA Certified Firmware Update API 1.0 client. This component can be used to implement an FWU proxy on A+M systems like Corstone1000 and RD-1 AE. For more details see: Firmware update on A+M systems
A new shared library called
libpsatsis introduced to help integration of PSA clients to 3rd party linux user-space projects. For details see: libpsatsThe following new tests and enhancements have been added to OP-TEE SPMC tests:
FFA_MEM_PERM_GET/SET tests.
Memory sharing test updated to cover invalid requests.
VM availability message tests.
Endpoint ID checking is fixed.
Deprecations
This OpenAMP based psa_ipc implementation is deprecated and will be removed in the future.
Updated external components
MbedTLS version in the Crypto service is updated to v3.6.0.
NanoPB has been upgraded to v0.4.8.
Newlib is no longer required and the newlib external component is removed.
Breaking changes
None.
Resolved issues
Fix psa-ps-api-test test case 414.
Crypto key store partitioning has been implemented, and clients accessing the crypto service from different FF-A endpoints can not access each other’s assets anymore.
Known limitations
None.
Version 1.0.0
The first stabilised release of the project from previously prototype releases ready for product use.
Feature Highlights
Introduce the Block Storage Service. The Block Storage service can be used to share a block-oriented storage device such as a QSPI flash between a set of independent secure world clients.
Introduce the Firmware Update Service. The FWU service implements the Update Agent defined in the Arm FWU-A specification and allows replacing FW components with newer versions.
Refactor FF-A UUID policy. Reinterpret the FF-A UUID to identify the protocol supported by TS SP instead of the service. This removes the maintenance burden of keeping an up to date UUID list in the service locator. All SPs start using the same protocol UUID, and implement a new discovery service (see the next point).
Overhaul the RPC protocol. The main driver is to remove the single shared memory region limitation, which does not allow separating shared regions of clients running over Linux in the user-space. The second driver is to add versioning support to the RPC layer.
Allow multiple shared memory regions between endpoints.
Implement the discovery service in the RPC layer.
Allow assigning a UUID to interfaces. This mechanism replaces the protocol identifier used earlier. Each protocol of a service is represented as a dedicated interface.
Add versioning support to the RPC layer.
Refactor the discovery service. The is removing the runtime overhead of memory sharing during the discovery and decreases code size and duplication using the same code for service discovery.
Implement the discovery service in the RPC layer for efficiency reasons.
Implement service identity discovery for all services.
Remove the encoding type entity and use service UUIDs to represent the serialization type.
Service property discovery is to be implemented in the future.
Add support for the Corstone-1000 platform. For more information about this platform please see: Corstone-1000 product homepage
SPs now indicate support of Normal World interrupt preemption capability in their SP manifest and allow the SPMC to enable preemption if possible. This removes NWd interrupts being disabled for long periods due to long service calls.
Add support for the Armv8-A CRC32 feature for Secure World and Normal World components.
Extend FF-A support with:
FF-A v1.1 boot protocol between the SPM and SPs.
FF-A v1.2 FFA_CONSOLE_LOG call. This allows SPs to emit log messages in an SPMC agonistic way.
Improve the build system to allow setting the build steps of external components to be verbose.
Add support for runtime (dynamic) psa-acs test case configuration.
Updated external components
MbedTLS version integration into the Crypto service is updated to v3.4.0.
The PSA Arch test is updated to version 74dc6646ff594e131a726a5305aba77bac30eceb.
Breaking changes
The new RPC ABI is not backwards compatible and needs recent version of all depending components.
Resolved issues
The new RPC version allows having multiple shared memory regions between endpoints. This allows each NWd client running in Linux user-space to use a dedicated buffer.
Known limitations
Crypto key store partitioning by client is not yet supported. This means multiple clients running at the same FF-A endpoint use a shared key space.
The full firmware update process implementation and testing is work-in-progress. The FWU process relies on the cooperation of multiple FW components owned by multiple FW projects. Some 3rd party components do not implement the needed features yet and thus, the FWU service was validated in “isolation” and exercised by TS test on the FVP platform and on the host PC only.
Service property discovery is not implemented yet.
Discovering the maximum payload size of a service is not supported yet and buffer sizes are hardcoded.
Version 1.0.0-Beta
The first tagged release of the project.
Feature Highlights
The project supports the following services:
Secure Storage
Crypto
Initial Attestation
Smm Variable
Services may be accessed using client components that implement “Psacertified v1.0 APIs”. The project includes deployments that integrate PSA API certification tests with API clients to facilitate end-to-end PSA certification testing.
Known limitations
Crypto key store partitioning by client is not yet supported.
Discovery support is only currently integrated into the Crypto service provider. In case of services not supporting this feature yet, communication parameters (e.g. maximum buffer size) and supported feature set needs to be hardcode to the service provider and service client.
Supported Trusted Environments
In the default configuration each service is deployed to a dedicated FF-A Secure Partition and executes isolated. Service implementations are platform, trusted environment and service deployment agonistic. With appropriate enablement work services can be enabled to work in any combination of these.
The reference integration uses the SPMC implemented in OP-TEE OS to manage TS SPs. This release supports OP-TEE v3.19.
Supported Integration Systems
The reference solution uses the OP-TEE integration methodology. This relies on the google repo tool for high-level dependency management and a set of makefiles to capture the build configuration information. For details please refer to OP-TEE git repo documentation.
The project is officially enabled in Yocto meta-arm.
Supported Target Platforms
The only reference platform supported by this release is the AEM FVP build using the OP-TEE integration method.
Known limitations:
Non-volatile backend secure storage is not currently provided.
Test Report
Please find the Test Report covering this release in the project wiki.
Copyright (c) 2020-2024, Arm Limited and Contributors. All rights reserved.
SPDX-License-Identifier: BSD-3-Clause