Arm® Trusted Firmware-M (Tf-M) Introduction; Figure 1. Tf-M Overview - ST STM32CubeU5 TFM User Manual

4 ®
Arm Trusted Firmware‑M (TF‑M) introduction
TF‑M (refer to [TF-M]) is an Arm Limited driven open-source software framework providing a reference
implementation of the PSA standard on the Arm
• PSA immutable RoT (root of trust): immutable "Secure Boot and Secure Firmware Update" application
executed after any reset. This application is based on the MCUboot open-source software (refer to
[MCUboot]).
• PSA updatable RoT: "secure" application implementing a set of secure services isolated in the secure/
privileged environment that can be called by the nonsecure application at a nonsecure application runtime
via the PSA APIs (refer to [mbed-crypto]):
– Firmware update service: TF‑M firmware update (FWU) service implements PSA firmware update
APIs that allow an application to install a new firmware.
– Internal trusted storage service: TF‑M internal trusted storage (ITS) service implements PSA internal
trusted storage APIs allowing the writing of data in a microcontroller built-in flash memory region that
is isolated from nonsecure or from unprivileged applications by means of the hardware security
protection mechanisms.
– Cryptography service: the TF‑M cryptography service implements the PSA Crypto APIs that allow an
application to use cryptography primitives such as symmetric and asymmetric ciphers, hash,
message authentication codes (MACs), authenticated encryption with associated data (AEAD),
randomization, and key derivation. It comes with a PSA cryptography driver interface to make use of
dedicated hardware. It is based on the Mbed Crypto open-source software (refer to [mbed-crypto]).
– Initial attestation service: the TF‑M initial attestation service allows the application to prove the device
identity during an authentication process to a verification entity. The initial attestation service can
create a token on request, which contains a fix set of device-specific data.
• Application updatable RoT: secure services that are isolated in the secure/unprivileged environment and
that can be called by the nonsecure application at a nonsecure application runtime.
– Protected storage service: The TF‑M protected storage (PS) service implements PSA protected
storage APIs allowing data encryption and writing the result in a possibly untrusted storage. The PS
service implements an AES-GCM-based AEAD encryption policy, as a reference, to protect data
integrity and authenticity.
– Third-party: RoT applications that implement additional product-specific secure services.
Isolation: secure / nonsecure
Nonsecure
Apps
Network middleware
OS PSA API
UM2851 - Rev 4
®
Cortex
Figure 1. TF-M overview
Isolation: privileged / unprivileged
Secure
TF-M core (IPC, SPM, interrupt handling)
TBSA-M Hardware (SoC)
Arm® Trusted Firmware‑M (TF‑M) introduction
‑M33 (TrustZone
® ®
) processor:
MCU boot
UM2851
Isolation
boundary
TF-M
Application
updatable RoT
PSA
updatable RoT
PSA
immutable RoT
page 6/117