overview.rst - OpenGrok cross reference for /Zephyr-latest/doc/services/tfm/overview.rst

Lines Matching refs:M
1 Trusted Firmware-M Overview
4 `Trusted Firmware-M (TF-M) <https://tf-m-user-guide.trustedfirmware.org/>`__
10 Zephyr RTOS has been PSA Certified since Zephyr 2.0.0 with TF-M 1.0, and
11 is currently integrated with TF-M 2.1.0.
13 What Does TF-M Offer?
16 Through a set of secure services and by design, TF-M provides:
29 When using TF-M with a supported platform, TF-M will be automatically built and
31 build process makes a number of assumptions about how TF-M is being used, and
35 * The secure processing environment (secure boot and TF-M) starts first
41 A TF-M application will, generally, have the following three parts, from most
56     | |  Secure  || Trusted Firmware-M  | |    APIs   | |  Zephyr  | |
63 the (TF-M) Secure Processing Environment image happens based on a set of PSA
65 the TF-M build, and implemented in Zephyr
71 TF-M is based upon a **Root of Trust (RoT)** architecture. This allows for
80 The following RoT hierarchy is defined for TF-M, from most to least trusted:
89 system, to which subsequent Roots of Trust are anchored. In TF-M, this is the
97 services and components in TF-M, such as the Secure Partition Manager (SPM),
104 building TF-M, has limited access to the PRoT, or even other ARoT services at
117 At present, there are three distinct **isolation levels** defined in TF-M,
124   usually by means of Arm TrustZone on Armv8-M processors. There is no
145 The default secure bootloader in TF-M is based on
146 `MCUBoot <https://www.mcuboot.com/>`__, and is referred to as ``BL2`` in TF-M
150 All images in TF-M are hashed and signed, with the hash and signature verified
153 Some key features of MCUBoot as used in TF-M are:
184 Once the secure bootloader has finished executing, a TF-M based secure image
192 the board support packages in TF-M, available in the ``platform/ext/target/``
193 folder of the TF-M module (which is in ``modules/tee/tf-m/trusted-firmware-m/``
199 As of TF-M 1.8.0, the following secure services are generally available (although vendor support ma…
213 `TF-M Documentation <https://tf-m-user-guide.trustedfirmware.org/>`__.
223 The **Internal Trusted Storage** service in TF-M is used by the **PSA Crypto**
238 TF-M also makes extensive use of the **Hardware Unique Key (HUK)**, which
239 every TF-M device must provide. This device-unique key is used by the
261 Zephyr is used for the NSPE, using a board that is supported by TF-M where the
266 to run in the NSPE, correctly build and link it with the TF-M secure images,