1##################
2Trusted Firmware M
3##################
4
5Trusted Firmware-M (TF-M) implements the Secure Processing Environment (SPE)
6for Armv8-M, Armv8.1-M architectures (e.g. the `Cortex-M33`_, `Cortex-M23`_,
7`Cortex-M55`_, `Cortex-M85`_ processors) and dual-core platforms.
8It is the platform security architecture reference implementation aligning with
9PSA Certified guidelines, enabling chips, Real Time Operating Systems and
10devices to become PSA Certified.
11
12TF-M relies on an isolation boundary between the Non-secure Processing
13Environment (NSPE) and the Secure Processing Environment (SPE). It can but is
14not limited to using the `Arm TrustZone technology`_ on Armv8-M and Armv8.1-M
15architectures. In pre-Armv8-M architectures physical core isolation is required.
16
17**TF-M consists of:**
18
19- Secure Boot to authenticate NSPE and SPE images
20- TF-M Core for controlling the isolation, communication
21  and execution within SPE and with NSPE
22- Crypto, Internal Trusted Storage (ITS), Protected Storage (PS),
23  Firmware Update and Attestation secure services
24
25TF-M implements `PSA-FF-M`_ defined IPC and SFN mechanisms to allow communication
26between isolated firmware partitions. TF-M is highly configurable allowing users
27to only include the required secure services and features. Project provides
28:ref:`Base_configuration` build with just TF-M core and platform drivers and 4 predefined
29configurations known as :ref:`tf-m_profiles`. TF-M Profiles or TF-M base can
30be configured to include required services and features as described in the
31:ref:`tf-m_configuration` section.
32
33.. figure:: readme_tfm_v8.png
34   :scale: 65 %
35   :align: center
36
37   FF-M compliant design with TF-M
38
39Applications and Libraries in the Non-secure Processing Environment can
40utilize these secure services with a standardized set of PSA Functional APIs.
41Applications running on Cortex-M devices can leverage TF-M services to ensure
42secure connection with edge gateways and IoT cloud services. It also protects
43the critical security assets such as sensitive data, keys and certificates on
44the platform. TF-M is supported on several Cortex-M based
45:doc:`Microcontrollers </platform/index>` and Real Time Operating
46Systems (RTOS).
47
48Terms ``TFM`` and ``TF-M`` are commonly used in documents and code and both
49refer to ``Trusted Firmware M.`` :doc:`Glossary </glossary>` has the list
50of terms and abbreviations.
51
52************
53Repositories
54************
55
56TF-M is comprised of multiple repositories that supplement each other in making the project both customisable and maintainable.
57
58.. list-table:: TF-M Repositories
59    :widths: auto
60    :header-rows: 1
61
62    * - **Repository**
63      - **Description**
64    * - `trusted-firmware-m <https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/>`_
65      - Software implementation of TF-M with documentation and essential tools
66    * - `tf-m-tests <https://git.trustedfirmware.org/TF-M/tf-m-tests.git/tree/>`_
67      - Tests that focus on the functionalities of TF-M components
68    * - `tf-m-tools <https://git.trustedfirmware.org/TF-M/tf-m-tools.git/tree/>`_
69      - Non essential tools used for testing and verification of TF-M
70    * - `tf-m-extras <https://git.trustedfirmware.org/TF-M/tf-m-extras.git/tree/>`_
71      - Extension of the main repository to host examples, demonstrations, third-party modules etc
72
73#######
74License
75#######
76The software is provided under a BSD-3-Clause :doc:`License </contributing/lic>`.
77Contributions to this project are accepted under the same license with developer
78sign-off as described in the :doc:`Contributing Guidelines </contributing/contributing_process>`.
79
80This project contains code from other projects as listed below. The code from
81external projects is limited to ``bl2``, ``lib`` and ``platform``
82folders. The original license text is included in those source files.
83
84- The ``bl2`` folder contains files imported from MCUBoot project and the files
85  have Apache 2.0 license.
86- The ``lib/ext`` folder may contain 3rd party projects and files with
87  diverse licenses. Here are some that are different from the BSD-3-Clause and
88  may be a part of the runtime image. The source code for these projects is
89  fetched from upstream at build time only.
90
91   - ``CMSIS_5``    - Apache 2.0 license
92   - ``mbedcrypto`` - `Apache 2.0 license MbedTLS
93     <https://github.com/Mbed-TLS/mbedtls/blob/development/LICENSE>`_
94   - ``mcuboot``    - `Apache 2.0 license MCUBoot
95     <https://github.com/mcu-tools/mcuboot/blob/main/LICENSE>`_
96   - ``qcbor``      - `Modified BSD-3-Clause license
97     <https://github.com/laurencelundblade/QCBOR#copyright-and-license>`_
98   - ``tf-m-extras`` - Set of additional components. Please check individually in
99     `tf-m-extras repository <https://git.trustedfirmware.org/TF-M/tf-m-extras.git/tree/>`_
100
101- The ``platform`` folder currently contains platforms support imported from
102  the external project and the files may have different licenses.
103
104.. include:: /platform/platform_introduction.rst
105
106The document :doc:`Supported Platforms </platform/index>` lists the details.
107
108#########################
109Release Notes and Process
110#########################
111The :doc:`Release Cadence and Process </releases/release_process>` provides
112release cadence and process information.
113
114The :doc:`Releases </releases/index>` provides details of
115major features of the release and platforms supported.
116
117####################
118Feedback and Support
119####################
120For this release, feedback is requested via email to
121`tf-m@lists.trustedfirmware.org <tf-m@lists.trustedfirmware.org>`__.
122
123A bi-weekly technical forum is available for discussion on any technical topics
124online. Welcome to join `TF-M Forum <https://www.trustedfirmware.org/meetings/tf-m-technical-forum>`__.
125
126.. _Cortex-M33: https://developer.arm.com/Processors/Cortex-M33
127.. _Cortex-M23: https://developer.arm.com/Processors/Cortex-M23
128.. _Cortex-M55: https://developer.arm.com/Processors/Cortex-M55
129.. _Cortex-M85: https://developer.arm.com/Processors/Cortex-M85
130.. _PSA Certified: https://www.psacertified.org/about/developing-psa-certified/
131.. _Arm TrustZone technology: https://developer.arm.com/ip-products/security-ip/trustzone/trustzone-for-cortex-m
132.. _PSA-FF-M: https://www.arm.com/architecture/security-features/platform-security
133
134--------------
135
136*Copyright (c) 2017-2022, Arm Limited. All rights reserved.*
137