docs/project/change-log.rst

Change Log & Release Notes
==========================

This document contains a summary of the new features, changes, fixes and known issues in each release of Trusted
Services.

Version v1.2.0
--------------

Feature Highlights
^^^^^^^^^^^^^^^^^^

- Corstone1000 updates:
    - Integrated PSA-FWU proxy to the proxy SP.
    - Enabled compile-time configuration for MHU and RSE buffer sizes.
    - Aligned psa-crypto size definitions with TF-M v2.1
- rd1-ae:
    - Introduce the new Arm Reference Design-1 AE platform targeting the Automotive segment. It features
      high-performance Arm Neoverse V3AE Application Processor compute system, Arm Cortex-R82AE based Safety Island, and
      a Runtime Security Engine (RSE) for enhanced security. See :doc:`/target-platforms/rd1ae`
    - Added driver support for MHU v3.
- se-proxy:
    - Added support for compile-time configuration of supported services.
    - Client ID value 0 is considered invalid by TF-M (the firmware implementation for RSE and SE) and is rejected
      starting from version v2.1.x. As a workaround, the SE-Proxy replaces value 0 with its own FF-A ID, which is always
      a valid positive integer. This substitution is safe, as the SE-Proxy does not initiate requests on its own behalf.
    - Added support for pointer access protocol.
- Block Storage SP
    - Added encryption support using the new Encrypted Block Store component.
- Test updates:
    - Removed libts-test
    - Merged unit-tests into a single deployment
    - spm-test

        - Fix mem retrieve in SPM test SP
        - Enabled platform-specific configuration of certain manifest entries.

- fTPM SP (experimental)
    - Introduced the fTPM SP deployment, which provides TPM services using the ms-tpm20-ref implementation.
- Documentation:
    - Added a new section covering threat assessments for various SPs.
- Notable generic fixes:
    - PSA FWU M: Load initial image state in PSA FWU M update agent.
    - Fix interrupted FFA_MSG_SEND_DIRECT_REQ handling.

Deprecations
^^^^^^^^^^^^

None.


Updated external components
^^^^^^^^^^^^^^^^^^^^^^^^^^^

None.

Breaking changes
^^^^^^^^^^^^^^^^

None.

Resolved issues
^^^^^^^^^^^^^^^

None.

Known limitations
^^^^^^^^^^^^^^^^^

- fTPM SP:

    - The implementation is experimental. The end-to-end integration is lacking, some
      components are not published yet.
    - Missing support of hardware time source.
    - Missing support for boot measurements (event log) made by earlier boot stages.
    - Locality 4 command handling is not implemented yet.


Version v1.1.0
--------------

- Trustedfirmware.org has deprecated Phabricator, the wiki and issue tracking provider. This functionality has been
  moved to GitHub. See the `Trusted Services organization`_. The project wiki has been moved
  `to here <https://github.com/Trusted-Services/trusted-services/wiki>`_


Feature Highlights
^^^^^^^^^^^^^^^^^^

- Add documentation covering the :ref:`OP-TEE SPMC tests`.
- :ref:`UEFI SMM Services`:

    - Extend the implementation to support Authenticated Variables.
    - Relax the UEFI variable name length limit imposed by the size of the RPC buffer.

- Introduce a work in progress RPMB implementation and integrate it to the Block Storage service. The current
  configuration uses an SWd RAM buffer for data storage, and is not connected to the RPMB provider running in the NWd.
  This is the first baseline to implement a scenario where the RPMB owner is an S-EL0 SP.
- Introduce the :ref:`Logging Service`.
- Add crypto key store partitioning support to the Crypto Service. This feature allows isolating clients running in
  different SPs.
- Add the "RSE Com" protocol. RSE Com is a new protocol used between secure partitions and security subsystems like the
  Secure Enclave on Corstone-1000 or Runtime Security Engine on `RD-1 AE`_.
- libsp learnt to support FF-A v1.1 and all SPs are updated to use this version.
- tstee Linux driver was merged upstream and the LinuxFfaTEEDriver external component is removed.
- All SP and arm-linux deployments are updated to support Armv8.5-A Branch Protection feature.
  See: :ref:`branch_protection`
- A new FWU agent implementation is introduced, which implements a `PSA Certified Firmware Update API 1.0`_ client. This
  component can be used to implement an FWU proxy on A+M systems like Corstone1000 and RD-1 AE. For more details see:
  :ref:`Firmware update on A+M systems`
- A new shared library called ``libpsats`` is introduced to help integration of PSA clients to 3rd party linux
  user-space projects. For details see: :ref:`libs-libpsats`
- The following new tests and enhancements have been added to :ref:`OP-TEE SPMC tests`:

    - FFA_MEM_PERM_GET/SET tests.
    - Memory sharing test updated to cover invalid requests.
    - VM availability message tests.
    - Endpoint ID checking is fixed.

Deprecations
^^^^^^^^^^^^

- This OpenAMP based psa_ipc implementation is deprecated and will be removed in the future.


Updated external components
^^^^^^^^^^^^^^^^^^^^^^^^^^^

- MbedTLS version in the Crypto service is updated to v3.6.0.
- NanoPB has been upgraded to v0.4.8.
- Newlib is no longer required and the newlib external component is removed.

Breaking changes
^^^^^^^^^^^^^^^^

None.

Resolved issues
^^^^^^^^^^^^^^^

- Fix psa-ps-api-test test case 414.
- Crypto key store partitioning has been implemented, and clients accessing the crypto service from different FF-A
  endpoints can not access each other's assets anymore.

Known limitations
^^^^^^^^^^^^^^^^^

None.

Version 1.0.0
-------------

The first stabilised release of the project from previously prototype releases ready for product use.

Feature Highlights
^^^^^^^^^^^^^^^^^^

- Introduce the :doc:`Block Storage Service </services/block-storage/block-storage-service-description>`. The Block Storage service
  can be used to share a block-oriented storage device such as a QSPI flash between a set of independent secure world
  clients.

- Introduce the :doc:`Firmware Update Service </services/fwu/index>`. The FWU service implements the Update Agent
  defined in the `Arm FWU-A specification`_ and allows replacing FW components with newer versions.

- Refactor FF-A UUID policy. Reinterpret the FF-A UUID to identify the protocol supported by TS SP instead of the
  service. This removes the maintenance burden of keeping an up to date UUID list in the service locator. All SPs start
  using the same protocol UUID, and implement a new discovery service (see the next point).

- Overhaul the RPC protocol. The main driver is to remove the single shared memory region limitation, which does not
  allow separating shared regions of clients running over Linux in the user-space. The second driver is to add
  versioning support to the RPC layer.

    - Allow multiple shared memory regions between endpoints.
    - Implement the discovery service in the RPC layer.
    - Allow assigning a UUID to interfaces. This mechanism replaces the protocol identifier used earlier. Each protocol
      of a service is represented as a dedicated interface.
    - Add versioning support to the RPC layer.

- Refactor the discovery service. The is removing the runtime overhead of memory sharing during the discovery and
  decreases code size and duplication using the same code for service discovery.

    - Implement the discovery service in the RPC layer for efficiency reasons.
    - Implement service identity discovery for all services.
    - Remove the encoding type entity and use service UUIDs to represent the serialization type.
    - Service property discovery is to be implemented in the future.

- Add support for the Corstone-1000 platform. For more information about this platform please see:
  `Corstone-1000 product homepage`_

- SPs now indicate support of :term:`Normal World` interrupt preemption capability in their SP manifest and allow the
  SPMC to enable preemption if possible. This removes NWd interrupts being disabled for long periods due to long service
  calls.

- Add support for the Armv8-A CRC32 feature for :term:`Secure World` and :term:`Normal World` components.

- Extend FF-A support with:

    - FF-A v1.1 boot protocol between the SPM and SPs.
    - FF-A v1.2 FFA_CONSOLE_LOG call. This allows SPs to emit log messages in an SPMC agonistic way.

- Improve the build system to allow setting the build steps of external components to be verbose.

- Add support for runtime (dynamic) psa-acs test case configuration.

Updated external components
^^^^^^^^^^^^^^^^^^^^^^^^^^^

- MbedTLS version integration into the Crypto service is updated to v3.4.0.
- The PSA Arch test is updated to version `74dc6646ff594e131a726a5305aba77bac30eceb`.

Breaking changes
^^^^^^^^^^^^^^^^

- The new RPC ABI is not backwards compatible and needs recent version of all depending components.

Resolved issues
^^^^^^^^^^^^^^^

- The new RPC version allows having multiple shared memory regions between endpoints. This allows each NWd client
  running in Linux user-space to use a dedicated buffer.

Known limitations
^^^^^^^^^^^^^^^^^

  - Crypto key store partitioning by client is not yet supported. This means multiple clients running at the same FF-A
    endpoint use a shared key space.
  - The full firmware update process implementation and testing is work-in-progress. The FWU process relies on the
    cooperation of multiple FW components owned by multiple FW projects. Some 3rd party components do not implement the
    needed features yet and thus, the FWU service was validated in "isolation" and exercised by TS test on the FVP
    platform and on the host PC only.
  - Service property discovery is not implemented yet.
  - Discovering the maximum payload size of a service is not supported yet and buffer sizes are hardcoded.

Version 1.0.0-Beta
------------------

The first tagged release of the project.

Feature Highlights
^^^^^^^^^^^^^^^^^^

The project supports the following services:

  - Secure Storage
  - Crypto
  - Initial Attestation
  - Smm Variable

Services may be accessed using client components that implement "`Psacertified v1.0 APIs`_". The project includes
deployments that integrate `PSA API certification tests`_ with API clients to facilitate end-to-end PSA certification
testing.

Known limitations
'''''''''''''''''

  - Crypto key store partitioning by client is not yet supported.
  - Discovery support is only currently integrated into the Crypto service provider. In case of services not supporting
    this feature yet, communication parameters (e.g. maximum buffer size) and supported feature set needs to be hardcode
    to the service provider and service client.

Supported Trusted Environments
''''''''''''''''''''''''''''''

In the default configuration each service is deployed to a dedicated FF-A Secure Partition and executes isolated.
Service implementations are platform, trusted environment and service deployment agonistic. With appropriate enablement
work services can be enabled to work in any combination of these.

The reference integration uses the SPMC implemented in OP-TEE OS to manage TS SPs. This release supports `OP-TEE v3.19`_.

Supported Integration Systems
'''''''''''''''''''''''''''''

The reference solution uses the OP-TEE integration methodology. This relies on the google repo tool for high-level
dependency management and a set of makefiles to capture the build configuration information. For details please refer to
`OP-TEE git repo documentation`_.

The project is officially enabled in `Yocto meta-arm`_.

Supported Target Platforms
''''''''''''''''''''''''''

The only reference platform supported by this release is the `AEM FVP`_ build using the OP-TEE integration method.

Known limitations:

  - Non-volatile backend secure storage is not currently provided.

Test Report
^^^^^^^^^^^

Please find the Test Report covering this release in the `project wiki`_.


--------------

.. _`FF-A Specification v1.1`: https://developer.arm.com/documentation/den0077/e
.. _`Psacertified v1.0 APIs`: https://www.psacertified.org/development-resources/building-in-security/specifications-implementations/
.. _`OP-TEE v3.19`: https://github.com/OP-TEE/optee_os/tree/3.19.0
.. _`Yocto meta-arm` : https://gitlab.oss.arm.com/engineering/yocto/meta-arm/-/tree/master/meta-arm/recipes-security/trusted-services
.. _`project wiki`: https://github.com/Trusted-Services/trusted-services/wiki/Trusted-Services-test-reports
.. _`AEM FVP`: https://developer.arm.com/-/media/Files/downloads/ecosystem-models/FVP_Base_RevC-2xAEMvA_11.22_14_Linux64.tgz
.. _`PSA API certification tests`: https://github.com/ARM-software/psa-arch-tests
.. _`OP-TEE git repo documentation`: https://optee.readthedocs.io/en/latest/building/gits/build.html
.. _`Corstone-1000 product homepage`: https://developer.arm.com/Processors/Corstone-1000
.. _`Arm FWU-A specification`: https://developer.arm.com/documentation/den0118
.. _`Trusted Services organization`: https://github.com/Trusted-Services
.. _`RD-1 AE`: https://developer.arm.com/Tools%20and%20Software/Arm%20Reference%20Design-1%20AE
.. _`PSA Certified Firmware Update API 1.0`: https://arm-software.github.io/psa-api/fwu/1.0/

*Copyright (c) 2020-2024, Arm Limited and Contributors. All rights reserved.*

SPDX-License-Identifier: BSD-3-Clause