diff --git a/readme.rst b/readme.rst index 1df8637..2ccbbb2 100644 --- a/readme.rst +++ b/readme.rst @@ -1,4 +1,4 @@ -Trusted Firmware-A - version 2.0 +Trusted Firmware-A - version 2.1 ================================ Trusted Firmware-A (TF-A) provides a reference implementation of secure world @@ -15,6 +15,13 @@ Where possible, the code is designed for reuse or porting to other Armv7-A and Armv8-A model and hardware platforms. +This release provides a suitable starting point for productization of secure +world boot and runtime firmware, in either the AArch32 or AArch64 execution +states. + +Users are encouraged to do their own security validation, including penetration +testing, on any secure world code derived from TF-A. + Arm will continue development in collaboration with interested parties to provide a full reference implementation of Secure Monitor code and Arm standards to the benefit of all developers working with Armv7-A and Armv8-A TrustZone @@ -53,18 +60,8 @@ BSD-3-Clause license. Any contributions to this code must be made under the terms of both licenses. -This release ------------- - -This release provides a suitable starting point for productization of secure -world boot and runtime firmware, in either the AArch32 or AArch64 execution -states. - -Users are encouraged to do their own security validation, including penetration -testing, on any secure world code derived from TF-A. - Functionality -~~~~~~~~~~~~~ +------------- - Initialization of the secure world, for example exception vectors, control registers and interrupts for the platform. @@ -136,17 +133,30 @@ - Support for the GCC, LLVM and Arm Compiler 6 toolchains. -- Support for combining several libraries into a self-called "romlib" image - that may be shared across images to reduce memory footprint. The romlib image - is stored in ROM but is accessed through a jump-table that may be stored +- Support for combining several libraries into a "romlib" image that may be + shared across images to reduce memory footprint. The romlib image is stored + in ROM but is accessed through a jump-table that may be stored in read-write memory, allowing for the library code to be patched. +- A prototype implementation of a Secure Partition Manager (SPM) that is based + on the SPCI and SPRT specifications. + +- Support for ARMv8.3 pointer authentication in the normal and secure worlds. + The use of pointer authentication in the normal world is enabled whenever + architectural support is available, without the need for additional build + flags. Use of pointer authentication in the secure world remains an + experimental configuration at this time and requires the ``ENABLE_PAUTH`` + build flag to be set. + +- Position-Independent Executable (PIE) support. Initially for BL31 only, with + further support to be added in a future release. + For a full description of functionality and implementation details, please see the `Firmware Design`_ and supporting documentation. The `Change Log`_ provides details of changes made since the last release. Platforms -~~~~~~~~~ +--------- Various AArch32 and AArch64 builds of this release have been tested on r0, r1 and r2 variants of the `Juno Arm Development Platform`_. @@ -192,18 +202,23 @@ This release also contains the following platform support: -- Allwinner sun50i_64 and sun50i_h6 +- Allwinner sun50i_a64 and sun50i_h6 - Amlogic Meson S905 (GXBB) -- Arm SGI-575, RDN1Edge, RDE1Edge and SGM-775 -- Arm Neoverse N1 System Development Platform +- Arm Juno Software Development Platform +- Arm Neoverse N1 System Development Platform (N1SDP) +- Arm Neoverse Reference Design N1 Edge (RD-N1-Edge) FVP +- Arm Neoverse Reference Design E1 Edge (RD-E1-Edge) FVP +- Arm SGI-575 and SGM-775 +- Arm Versatile Express FVP - HiKey, HiKey960 and Poplar boards +- Intel Stratix 10 SoC FPGA - Marvell Armada 3700 and 8K - MediaTek MT6795 and MT8173 SoCs - NVIDIA T132, T186 and T210 SoCs -- NXP QorIQ LS1043A, i.MX8MQ, i.MX8QX, i.MX8QM and i.MX7Solo WaRP7 +- NXP QorIQ LS1043A, i.MX8MM, i.MX8MQ, i.MX8QX, i.MX8QM and i.MX7Solo WaRP7 - QEMU - Raspberry Pi 3 -- R-Car Generation 3 +- Renesas R-Car Generation 3 - RockChip RK3328, RK3368 and RK3399 SoCs - Socionext UniPhier SoC family and SynQuacer SC2A11 SoCs - STMicroelectronics STM32MP1 @@ -211,11 +226,15 @@ - Xilinx Versal and Zynq UltraScale + MPSoC Still to come -~~~~~~~~~~~~~ +------------- -- More platform support. +- Support for additional platforms. -- Position independent executable (PIE) support. +- Refinements to Position Independent Executable (PIE) support. + +- Refinements to SPCI-compliant SPM implementation. + +- Documentation enhancements. - Ongoing support for new architectural features, CPUs and System IP. @@ -243,6 +262,12 @@ project and the `Acknowledgments`_ file for a list of contributors to the project. +Documentation contents +~~~~~~~~~~~~~~~~~~~~~~ + +The `Trusted Firmware-A Documentation Contents`_ page contains an overview of +the documentation that is available, with links to facilitate easier browsing. + IRC channel ~~~~~~~~~~~ @@ -261,7 +286,7 @@ Arm licensees may contact Arm directly via their partner managers. Security advisories -~~~~~~~~~~~~~~~~~~~ +------------------- - `Security Advisory TFV-1`_ - `Security Advisory TFV-2`_ @@ -313,3 +338,4 @@ .. _Security Advisory TFV-6: ./docs/security_advisories/security-advisory-tfv-6.rst .. _Security Advisory TFV-7: ./docs/security_advisories/security-advisory-tfv-7.rst .. _Security Advisory TFV-8: ./docs/security_advisories/security-advisory-tfv-8.rst +.. _Trusted Firmware-A Documentation Contents: ./docs/contents.rst