TF-M vs SPM Feature Comparison

Question

Hello, 
 
 I am doing some research on building applications for a nRF9160 DK for an evaluation project we working on. One part that I am unclear on is whether to choose to build with SPM or TF-M. I am having difficulty finding information on the features supported by each implementation. I found this discussion on the long term plans for the two components (SPM will eventually be replaced by TF-M), but did not see any details about the current differences between the two other than TF-M support is experimental still. 
 My questions are: 
 Is there a feature comparison somewhere? 
 Are there any current estimates as when SPM might be deprecated in favor of TF-M? 
 If we use SPM for building an application, is it possible to upgrade later on to a TF-M-based one via OTA? 
 
 Thanks, 
 Eric

Hakon · Accepted Answer

Hello, 
 Is there a feature comparison somewhere? 
 I don't think there is one yet. You can basically think of SPM as a subset of TF-M. SPM just sets all peripherals to non-secure before jumping to the non-secure image. TF-M is meant to do a whole lot more. I suggest you read more about it here . 
 Are there any current estimates as when SPM might be deprecated in favor of TF-M? 
 SPM will not be deprecated, at least that's not the plan. But TF-M will be production ready at some point, although I can't tell you when exactly that will happen. 
 If we use SPM for building an application, is it possible to upgrade later on to a TF-M-based one via OTA? 
 In theory it should work, as the SPM/TF-M are merged into one image before DFU is performed. There can be some issues with compatibility between MCUboot and TF-M.

TF-M vs SPM Feature Comparison

Top Replies