• State Verified Answer
  • Replies 4 replies
  • Subscribers 68 subscribers
  • Views 200 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 333460
Options

Software Maturity for TF-M PSA Template

vytautas.virvicius

In Software Maturity Levels under Trusted Firmware-M, it is stated that only the minimal build is supported, while the full build is still considered experimental.

In Running applications with Trusted Firmware-M under Minimal build it is mentioned that the minimal build can be disabled by setting the CONFIG_TFM_PROFILE_TYPE_NOT_SET option.

The official Nordic sample template for TF-M (tfm_psa_template) provides a template for following Arm Platform Security Architecture (PSA) best practices on NRF devices, according to the README.md.

However, the tfm_psa_template explicitly sets CONFIG_TFM_PROFILE_TYPE_NOT_SET, thereby not utilizing the officially supported minimal build.

Could Nordic please clarify whether the TF-M setup used in the sample is officially supported, as defined in the Software Maturity Levels under Software maturity categories?

If it is not currently supported, could Nordic also clarify when such support is expected to be implemented?

Parents
  • 0

    So I agree with your line of thinking here, but there are apparently a few features that are ironically not available in the minimal image, that are needed in order to show the full extent of the 'best practices'. For example Attestation and Secure Storage. I guess the main confusion lies in us using the term 'best practices' for this. Because good practice in safety can refer to both using the top of the line security features, and using what is tried and tested.

    You could alternatively think of this as "showing the full power of TF-M". We could've not included these features in a sample meant to show the 'best practices' of TF-M, but one would not then see the full-power and great features TF-M has to offer. Showing the cutting edge / full power of various things is something we like to do in NCS, so that you can look into how it works and get ready for it to be less 'experimental'.

    Regards,

    Elfving

  • 0 in reply to Elfving

    Is it recommended to use TF-M as configured in the sample for production?

    If not, will it be possible to upgrade our firmware to include these features at a later date?

  • +1 in reply to vytautas.virvicius

    For production I would recommend using the minimal version. 

    vytautas.virvicius said:
    If not, will it be possible to upgrade our firmware to include these features at a later date?

    If by upgrade you mean FOTA, then yeah. You can update the entire TF-M image (or the lack of it) to something newer and better at a later date.

    Regards,

    Elfving

Reply Children
No Data
Related