Hi All,
We are pleased to announce the formal release of Trusted Firmware-A version 2.13 bundle of project deliverables.
This includes Trusted Firmware-A, Trusted Firmware-A Tests, Hafnium, TF-RMM, Trusted Services, and TF-A OpenCI scripts/jobs components.
These went live on May, 22nd 2025.
Please find references to tags and change logs at the end of this email.
Many thanks to the trustedfirmware.org community for the active engagement in delivering this release!
Notable features of the release version 2.13 are as follows:
TF-A/EL3
* Alto CPU support * Architecture feature support for PMUv3p9. PAUTH_LR and SPE_FDS. * Refactor PSCI to let each CPU core initialise its own context, allowing TF-A to natively handle asymmetric configurations * PSCI Powerdown abandon feature support * SMCCC_FEATURE_AVAILABILITY support based on SMCCC v1.5 specification * Firmware Handoff * Library enhancements to add more TE types in library * All BL interfaces for FVP are now migrated to use Transfer List along in different boot scenarios (RESET_TO_BL1/BL2/BL31) * TC platform is now using Transfer List for booting * HOB creation Library (from edk2) is now hosted in TF-A * New Platforms: mt8189, mt8196, qcs615, RK3576, AM62L
Boot flow
* Feature Additions * Added discrete TPM support in BL1/BL2 for the RPi3 platform. * Support for MbedTLS PSA Crypto with ROMLIB on FVP. * Redesigned PSA Crypto Key ID management to avoid repeated key creation/destruction. * Test Additions * Support for MbedTLS PSA Crypto with ROMLIB on FVP. * Added basic boot test for TF-RMM with TF-A and TFTF (Realm Payload) in Jenkins CI. * Integrated DRTM ACS test suite into TF-A Jenkins CI. * Added missing test configuration for ROTPK in register on FVP platform. * Build System * Refactored ROTPK key/hash generation to auto-generate required files during build. * mbedTLS Improvements * Migrated to mbedTLS version 3.6.3.
Errata/Security mitigations (CPU/GIC)
* CVE-2024-5660, CVE-2024-7881 * Cortex-A510, Cortex-A715, Cortex-X4, Cortex-X925, Neoverse V3
Hafnium/SPM (S-EL2)
* FF-A v1.2 completed: indirect messaging with service UUIDs. * FF-A v1.3 early adoption: Update to FFA_MEM_PERM_GET ABIs. * StMM integration: provide HOB structure as boot information. * Power management update: * Bootstrapped secondary vCPUs on secondary cores power on flows. * SP's subscription to the power off event. * SP loading: SP artefacts can be bundled in a TL format. I.e SP binary and SP manifest (DTB). * Resuming ECs for interrupt handling assisted by NWd Scheduler when the SP is in waiting state, with sri-interrupts-policy field in the SP manifest.
TF-RMM (R-EL2)
* Deprivileging RMM code via EL0 App support * Added some support for some RMMv1.1 APIs - "RMI_DEV_MEM_(UN)MAP", support for device granules in "RMI_GRANULE_DELEGATE" and "RMI_GRANULE_UNDELEGATE". * Additional hardening of RMM via compiler flags `-fstack-protector-strong`, '-Wextra', '-Wstrict-overflow', '-D_FORTIFY_SOURCE=2' and '-Wnull-dereference'. * New platform support for RD-V3-R1 and RD-V3-R1-Cfg1 FVPs. * Dynamic discovery of PCIE Root complex topology and device memory from the Boot manifest.
Trusted Services (v1.2.0)
* Introduced the fTPM SP. The implementation is experimental. * Introduce the new Arm Reference Design-1 AE platform targeting the Automotive segment. It features high-performance Arm Neoverse V3AE Application Processor compute system, Arm Cortex-R82AE based Safety Island, and a Runtime Security Engine (RSE) for enhanced security. * Updated the se-proxy deployment and added support for the Firmware Update Proxy service. The FWU Proxy implements a Platform Security Firmware Update for the A-profile Arm Architecturehttps://developer.arm.com/documentation/den0118/latest/ compliant FWU Agent which runs a PSA Certified Firmware Update API 1.0https://arm-software.github.io/psa-api/fwu/1.0/ compliant client as its backend.
TF-A Tests
* Enhancements to fuzzing tests (EL3 vendor specific SMC, SDEI, FF-A interface, capability for randomized fuzzing inputs) * Functionality test * Firmware Handoff : AArch32 tests and event log testing * SMCCC_ARCH_FEATURE_AVAILABILITY * RAS system registers, FPMR, SCTLR2, THE and D128 * validate psci_is_last_cpu_to_idle_at_pwrlvl * SPM/FF-A : HOB generation, PPI timer interrupts, v1.2 RXTX headers * RMM: Tests introduced for majority of features developed in RMM * Platform Support * Versal NET * Versal * Neoverse-RD
Release tags across repositories:
https://git.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/re...
https://git.trustedfirmware.org/plugins/gitiles/TF-A/tf-a-tests/+/refs/tags/...
https://git.trustedfirmware.org/plugins/gitiles/ci/tf-a-ci-scripts/+/refs/ta... https://git.trustedfirmware.org/plugins/gitiles/ci/tf-a-job-configs/+/refs/t... https://git.trustedfirmware.org/plugins/gitiles/hafnium/hafnium.git/+/refs/t... https://git.trustedfirmware.org/plugins/gitiles/ci/hafnium-ci-scripts/+/refs... https://git.trustedfirmware.org/plugins/gitiles/ci/hafnium-job-configs/+/ref... https://git.trustedfirmware.org/plugins/gitiles/TF-RMM/tf-rmm/+/refs/tags/tf... https://git.trustedfirmware.org/plugins/gitiles/TS/trusted-services/+/refs/t...
Change logs: https://trustedfirmware-a.readthedocs.io/en/v2.13.0/change-log.html#id1 https://trustedfirmware-a-tests.readthedocs.io/en/v2.13.0/change-log.html#ve... https://hafnium.readthedocs.io/en/v2.13.0/change-log.html#v2-13 https://tf-rmm.readthedocs.io/en/latest/about/change-log.html#v0-7-0 https://trusted-services.readthedocs.io/en/stable/project/change-log.html#ve...
Regards,
Olivier.
hafnium@lists.trustedfirmware.org
-
Olivier Deprez