1#######
2Roadmap
3#######
4
5TF-M has been under active development since it was launched in Q1'18. It is
6being designed to include
7
81. Secure boot ensuring integrity of runtime images and responsible for firmware upgrade.
92. Runtime firmware consisting of TF-M Core is responsible for secure isolation,
10   execution and communication aspects. and a set of Secure Services providing
11   services to the Non-Secure and Secure Applications. The secures services
12   currently supported are Secure Storage, Cryptography, Firmware Update,
13   Attestation and Platform Services
14
15If you are interested in collaborating on any of the roadmap features or other
16features, please mail TF-M mailing list
17
18******************
19Supported Features
20******************
21- PSA Firmware Framework v1.0, 1.1 Extension including IPC and SFN modes.
22- PSA Level1, 2 and 3 Isolation.
23- Secure Boot (mcuboot upstream) including generic fault injection mitigations
24- PSA Protected Storage, Internal Trusted Storage v1.0 and Encrypted ITS
25- PSA Cryptov1.0 (uses Mbed TLS v3.4.0)
26- PSA Initial Attestation Service v1.0
27- PSA Firmware Update v1.0
28- PSA ADAC Specification Implementation
29- Base Config, kconfig based configuration
30- Profile Small, Medium, ARoT-less Medium, Large
31- Secure Partition Interrupt Handling, Pre-emption of SPE execution
32- Dual CPU
33- Open Continuous Integration (CI) System
34- Boot and Runtime Crypto Hardware Integration
35- Fault Injection Handling library to mitigate against physical attacks
36- Threat Model
37- Arm v8.1-M Privileged Execute Never (PXN) attribute and Thread reentrancy disabled (TRD)
38- FPU, MVE Support
39- CC-312 PSA Cryptoprocessor Driver Interface
40- Secure Storage - Key Diversification Enhancements
41- Build System - Separate Secure and Non-Secure builds
42- PSA Crypto layer for mcuboot/BL2
43- Support LLVM Embedded Toolchain for Arm
44- MISRA testing/documentation
45- Switch to using upstream t_cose
46- Remote Test Infrastructure
47
48******
49CQ2'25
50******
51- Supporting multiple clients (Hybrid Platforms) i.e. TF-M supporting multiple on
52  core and off core clients on heterogeneous (e.g. Cortex-A + Cortex-M platforms)
53- TF-M v2.2.0 release
54- Update to Mbed TLS3.6.3
55
56******
57Future
58******
59- Integrate TF-PSACrypto
60- TF-M v2.3.0
61- Image encryption via. PSA Crypto in mcuboot
62- Implement support for multiple clients (Hybrid Platforms) contd.
63- Build System Enhancements - Simplify build scripts
64- TF-M Performance - Further Benchmarking and Optimization
65- Scheduler - Multiple Secure Context Implementation
66- PSA FWU Service Enhancements
67- PSA ADAC Spec - Enhancements and Testing
68- Arm v8.1-M Unprevileged Debug
69- [Secure Storage] Extended PSA APIs
70- [Audit Logs] Secure Storage, Policy Manager
71- PSA FF Lifecycle API
72- Fuzz Testing
73
74--------------
75
76*Copyright (c) 2017-2024, Arm Limited. All rights reserved.*
77