1*************
2Version 2.1.0
3*************
4
5New major features
6==================
7
8  - TF-M aligns the Crypto service to the same PSA Crypto headers used by the Mbed TLS 3.6.0 reference implementation
9
10    - Refer to the :doc:`TF-M Crypto service design document </design_docs/services/tfm_crypto_design>` for a detailed
11      description of the firmware architecture of the service.
12
13  - Initial support for on-core and off-core clients on Hybrid platforms (A-profile + M-profile or M-profile + M-profile)
14    using solution 1 as described in [1]_, [2]_. The functionality is still under active development.
15  - P256-M [3]_ component is enabled on the BL2 stage for image signature verification based on ECDSA.
16  - MCUboot upgrade to v2.1.0.
17  - Mbed TLS upgrade to v3.6.0.
18  - BL2 now provides a `thin` PSA Crypto core layer when ``MCUBOOT_USE_PSA_CRYPTO=ON`` and can use builtin
19    keys when ECDSA based signature verification is selected with ``MCUBOOT_SIGNATURE_TYPE="EC-P256"``.
20
21New security advisories
22=======================
23
24A new security vulnerability has been fixed in v2.1.0.
25Refer to :doc:`TFMV-7 </security/security_advisories/debug_log_vulnerability>` for more details.
26The mitigation is included in this release.
27
28New platforms supported
29=======================
30
31 - :doc:`Alcor (AN557). </platform/armchina/mps3/alcor/README>`
32 - :doc:`Corstone-315. </platform/arm/mps4/corstone315/README>`
33
34Tested platforms
35================
36
37The following platforms are successfully tested in this release.
38
39- **Arm**
40
41  - AN519
42  - AN521
43  - AN555
44  - Corstone-300
45  - Corstone-310
46  - Corstone-315
47  - Corstone-1000
48  - Musca-B1
49  - Musca-S1
50
51- **ArmChina**
52
53  - Alcor (AN557)
54
55- **STM**
56
57  - NUCLEO-L552ZE-Q
58  - STM32H573idk
59
60- **Infineon/Cypress**
61
62  - PSoC 64
63
64- **NXP**
65
66  - LPCXpresso55S69
67
68Reference memory footprint
69==========================
70
71All measurements below are made for *AN521* platform, built `TF-Mv2.1.0-RC2
72<https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tag/?h=TF-Mv2.1.0-RC2>`_
73on Windows 10 using Armclang v6.18 and build type MinSizeRel.
74
75All modules are measured in bytes. Some minor modules are not shown in the table below.
76
77.. note::
78
79  Profile `Medium-ARoT-less` built with disabled Firmware Update service to align with other
80  TF-M Profiles.
81
82+----------------------+---------------+---------------+---------------+---------------+---------------+
83| Module               |      Base     |     Small     |   ARoT-less   |    Medium     |    Large      |
84+                      +-------+-------+-------+-------+-------+-------+-------+-------+-------+-------+
85|                      | Flash |  RAM  | Flash |  RAM  | Flash |  RAM  | Flash |  RAM  | Flash |  RAM  |
86+======================+=======+=======+=======+=======+=======+=======+=======+=======+=======+=======+
87|Generated             |112    |3184   |160    |3184   |160    |3184   |208    |3184   |272    |3184   |
88+----------------------+-------+-------+-------+-------+-------+-------+-------+-------+-------+-------+
89|Objects               |972    |1056   |1282   |5444   |1379   |6128   |1517   |1468   |1588   |1468   |
90+----------------------+-------+-------+-------+-------+-------+-------+-------+-------+-------+-------+
91|c_w.l                 |190    |0      |568    |0      |568    |0      |568    |0      |808    |0      |
92+----------------------+-------+-------+-------+-------+-------+-------+-------+-------+-------+-------+
93|platform_s.a          |5142   |288    |5474   |288    |5826   |288    |6198   |288    |6328   |288    |
94+----------------------+-------+-------+-------+-------+-------+-------+-------+-------+-------+-------+
95|spm.a                 |3640   |173    |4522   |173    |4012   |173    |6616   |1385   |6782   |1390   |
96+----------------------+-------+-------+-------+-------+-------+-------+-------+-------+-------+-------+
97|sprt.a                |274    |0      |1438   |0      |1284   |0      |2438   |4      |2418   |4      |
98+----------------------+-------+-------+-------+-------+-------+-------+-------+-------+-------+-------+
99|mbedcrypto.a          |0      |0      |25588  |2108   |30104  |2104   |30104  |2104   |78012  |1988   |
100+----------------------+-------+-------+-------+-------+-------+-------+-------+-------+-------+-------+
101|PROT_attestation.a    |0      |0      |2341   |557    |2571   |1218   |2571   |3010   |2687   |3010   |
102+----------------------+-------+-------+-------+-------+-------+-------+-------+-------+-------+-------+
103|PROT_crypto.a         |0      |0      |3336   |2046   |3846   |16002  |3846   |22914  |4318   |25794  |
104+----------------------+-------+-------+-------+-------+-------+-------+-------+-------+-------+-------+
105|PROT_its.a            |0      |0      |4830   |80     |4894   |112    |5064   |1988   |5068   |2468   |
106+----------------------+-------+-------+-------+-------+-------+-------+-------+-------+-------+-------+
107|PROT_platform.a       |0      |0      |0      |0      |486    |0      |526    |1280   |526    |1280   |
108+----------------------+-------+-------+-------+-------+-------+-------+-------+-------+-------+-------+
109|AROT_ps.a             |0      |0      |0      |0      |0      |0      |3280   |4364   |3280   |4364   |
110+----------------------+-------+-------+-------+-------+-------+-------+-------+-------+-------+-------+
111|Padding               |34     |35     |113    |44     |114    |15     |120    |47     |171    |38     |
112+----------------------+-------+-------+-------+-------+-------+-------+-------+-------+-------+-------+
113|platform_crypto_keys.a|0      |0      |246    |0      |252    |0      |252    |0      |252    |0      |
114+----------------------+-------+-------+-------+-------+-------+-------+-------+-------+-------+-------+
115|qcbor.a               |0      |0      |854    |0      |854    |0      |854    |0      |854    |0      |
116+----------------------+-------+-------+-------+-------+-------+-------+-------+-------+-------+-------+
117|crypto_service_p256m.a|0      |0      |0      |0      |3534   |0      |3534   |0      |0      |0      |
118+----------------------+-------+-------+-------+-------+-------+-------+-------+-------+-------+-------+
119|Total inc. Padding    |10364  |4736   |50752  |13924  |59884  |29224  |67696  |42036  |113364 |45276  |
120+----------------------+-------+-------+-------+-------+-------+-------+-------+-------+-------+-------+
121
122Known issues
123============
124
125Some open issues are not fixed in this release.
126
127.. list-table::
128  :header-rows: 1
129
130  * - Descriptions
131    - Issue links
132  * - TF-M Kconfig is broken due to build split. It will be recovered in a future release.
133    - Not tracked
134  * - The message rhandle is overridden in the backend for ns_agent_mailbox. PSA ACK tests in IPC mode on platforms
135      using ns_agent_mailbox fail for this reason.
136    - Not tracked
137
138Issues fixed since v2.0.0
139-------------------------
140
141The following issues have been fixed since the v2.0.0 release.
142
143.. list-table::
144  :header-rows: 1
145
146  * - Descriptions
147    - Issue links
148  * - <None>
149    - <None>
150
151Reference
152=========
153
154.. [1] `TF-M Hybrid Platform Demo, TF-M tech forum 11-04-2024 <https://www.trustedfirmware.org/docs/hybrid_platform_demo.pdf>`_
155.. [2] `Trusted Firmware-M and Hybrid platforms, TF-M tech forum 14-09-2023 <https://www.trustedfirmware.org/docs/tech_forum_20230914_non_seucure_clients.pdf>`_
156.. [3] `P256-M <https://github.com/mpg/p256-m>`_
157
158--------------
159
160*Copyright (c) 2024, Arm Limited. All rights reserved.*
161