1. Trusted Firmware M

Trusted Firmware-M (TF-M) implements the Secure Processing Environment (SPE) for Armv8-M, Armv8.1-M architectures (e.g. the Cortex-M33, Cortex-M23, Cortex-M55 processors) or dual-core platforms.It is the platform security architecture reference implementation aligning with PSA Certified guidelines, enabling chips,Real Time Operating Systems and devices to become PSA Certified.

TF-M relies on an isolation boundary between the Non-secure Processing Environment (NSPE) and the Secure Processing Environment (SPE). It can but is not limited to using the Arm TrustZone technology on Armv8-M and Armv8.1-M architectures. In pre-Armv8-M architectures physical core isolation is required.

Trusted Firmware-M consists of:

  • Secure Boot to authenticate integrity of NSPE and SPE images

  • TF-M Core responsible for controlling the isolation, communication and execution within SPE and with NSPE

  • Crypto, Internal Trusted Storage (ITS), Protected Storage (PS) and Attestation secure services

../../_images/readme_tfm_v8.png

FF-M compliant design with TF-M

Applications and Libraries in the Non-secure Processing Environment can utilize these secure services with a standardized set of PSA Functional APIs. Applications running on Cortex-M devices can leverage TF-M services to ensure secure connection with edge gateways and IoT cloud services. It also protects the critical security assets such as sensitive data, keys and certificates on the platform. TF-M is supported on several Cortex-M based Microcontrollers and Real Time Operating Systems (RTOS).

Terms TFM and TF-M are commonly used in documents and code and both refer to Trusted Firmware M. Glossary has the list of terms and abbreviations.

2. License

The software is provided under a BSD-3-Clause License. Contributions to this project are accepted under the same license with developer sign-off as described in the Contributing Guidelines.

This project contains code from other projects as listed below. The code from external projects is limited to app, bl2, lib and platform folders. The original license text is included in those source files.

  • The app folder contains files imported from CMSIS_5 project and the files have Apache 2.0 license.

  • The bl2 folder contains files imported from MCUBoot project and the files have Apache 2.0 license.

  • The lib folder may contain 3rd party files with diverse licenses.

  • The platform folder currently contains platforms support imported from the external project and the files may have different licenses.

3. Release Notes and Process

The Release Cadence and Process provides release cadence and process information.

The Change Log & Release Notes provides details of major features of the release and platforms supported.

4. Getting Started

4.1. Prerequisite

Trusted Firmware M provides a reference implementation of platform security architecture reference implementation aligning with PSA Certified guidelines. It is assumed that the reader is familiar with specifications can be found at Platform Security Architecture Resources.

The current TF-M implementation specifically targets TrustZone for ARMv8-M so a good understanding of the v8-M architecture is also necessary. A good place to get started with ARMv8-M is developer.arm.com.

4.2. Really getting started

Trusted Firmware M source code is available on git.trustedfirmware.org.

To build & run TF-M:

To port TF-M to a another system or OS, follow the OS Integration Guide

Please also see the glossary of terms used in the project.

Contributing Guidelines contains guidance on how to contribute to this project.

Further documents can be found in the docs folder.

6. Feedback and support

For this release, feedback is requested via email to tf-m@lists.trustedfirmware.org.

7. Version history

Version

Date

Description

PSA-arch tag/hash

v1.0-beta

2019-02-15

1.0-beta release

v1.0-RC1

2019-05-31

1.0-RC1 release

v19.06_API0.9

v1.0-RC2

2019-10-09

1.0-RC2 release

v19.06_API0.9

v1.0-RC3

2019-11-29

1.0-RC3 release

v19.06_API0.9

v1.0

2020-03-27

1.0 release

v20.03_API1.0

v1.1 | 2020-07-15 | 1.1 release | 1f960947

v1.2.0 | 2020-11-25 | 1.2.0 release | 90c8e680

Please refer to Release Version Scheme for interpreting version numbers.


Copyright (c) 2017-2020, Arm Limited. All rights reserved.