release_process.rst - OpenGrok cross reference for /trusted-firmware-m-latest/docs/releases/release

Lines Matching +full:created +full:- +full:for
9 `TF-M mailing list <https://lists.trustedfirmware.org/mailman3/lists/tf-m.lists.trustedfirmware.org…
13 issues found, additional candidates may be created to fix and retest the issues.
27     hide time-axis
34         -3 is development
35         @0 <-> @8 : release cadence: ~9 months
39         main -> rel1 : start
42         +1 is {-}
43         rel1 -> main : back port
45         +1 is {-}
46         rel1 -> main : cherry-pick
52         main -> rel2 : start
54         +1 is {-}
56         rel2 -> main : back port
58         @0 <-> @3 : release process
59         @4 <-> @5 : hotfix
66 an adhoc release for specific project requirements.
70   a subject for removal as shown for `v1.1.x` on the diagram above.
75 ----------------------
77 Trusted Firmware-M uses a semantic versioning scheme. A version number is
80 **TF-Mv<MAJOR>.<MINOR>.<HOTFIX>**
82 - <MAJOR>: Major release version for significant feature and API changes.
83 - <MINOR>: Minor release version for incremental features and API changes.
84 - <HOTFIX>: Used only for backporting **critical bug fix/security patches**.
87 -----------------------
89 From v2.1.0, TF-M project will provide LTS branches. Every alternate release
90 will be an LTS release maintained for 3 years.
92 `Mbed TLS <https://www.trustedfirmware.org/projects/mbed-tls>`_
94 default cryptography library by the TF-M Crypto service.
96 The main purpose of TF-M LTS is to offer a maintained and PSA certified TF-M
97 codebase for the whole period of LTS. Without LTS, every TF-M based product
99 fixes) to the codebase. Some changes like fixes for critical bugs or security
101 PSA certificates. The recertification is a time and resource-consuming process,
103 and unscalable to be done on a huge number of PSA Certified TF-M platforms.
105 TF-M intends to centralise PSA certification of the common code and carry it on
106 for an LTS lifetime, ensuring that code is free from known bugs and security
107 vulnerabilities. For this, each LTS branch will be initially PSA certified for
108 a selected reference platform and recertified again on every TF-M release.
109 Please see the process<link> below for the details. All platforms, based on LTS
110 version can hold PSA certification obtained once without a need for
116 On every TF-M release the following items are backported from the **release**
119 - Critical bugs
120 - Security vulnerability fixes
121 - A new platform port with code changes restricted to the relevant platform folder only.
125 unchanged with valid PSA certificate for that version.
130 - A new LTS branch is created on every other TF-M release i.e. every 18 months.
131 - Each LTS branch is maintained for 3 years.
136     hide time-axis
146         -1 is development
147         @0 <-> @6 : release cadence: ~9 months
151         main -> lts21 : start
153         +2 is "v2.1.0-LTS"
154         +2 is {-}
159         main -> rel22 : start
160         +1 is {-}
162         +1 is {-}
163         rel22 -> main : back port
164         rel22 -> lts21 : back port
170         main -> lts23 : start
172         +2 is "v2.3.0-LTS"
173         +2 is {-}
175         @8 <-> @9 : hotfix
179         main -> rel24 : start
180         +1 is {-}
182         +1 is {-}
183         rel24 -> main : back port
184         rel24 -> lts21 : back port
185         rel24 -> lts23 : back port
188         @0 <-> @12 : LTS release every 18 months
192         main -> lts25 : start
194         @0 <-> @24 : LTS lifetime: 3 years
203 - Once released, the code (ex:*TF-MvX.Y.Z*) is submitted for PSA certification
204   using the reference platform :ref:`platform/arm/musca_b1/readme:Musca-B1 Platform Specifics`.
206 - After obtaining PSA certification the release branch is tagged
207   *TF-MvX.Y.Z-LTS* creating a base for PSA certification of downstream projects.
209 - Ad hoc security fixes on the current **release** branch resulting in a new TF-M
211   minor releases on them. Each LTS minor release may be a subject for PSA
214 - Platform independent TF-M fixes are evaluated once & available to PSA Certified
215   platforms on the new LTS release for rebase without the need for individual recertification.
217 - Bug fixes (other than security fixes) are backported from the main branch to active LTS branches
221 ---
223 1. **What if the release (e.g. TF-MvX.Y.Z) fails PSA certification?**
233 3. **What if a security vulnerability is found in platform-specific code?**
235    A vulnerable platform shall provide a fix for it and perform PSA
238 --------------
240 *Copyright (c) 2020-2024, Arm Limited. All rights reserved.*