- TF-A - lists.trustedfirmware.org

Trusted Firmware v2.14 release announcement

by Olivier Deprez

Hi, We are pleased to announce the formal release of Trusted Firmware-A version 2.14 bundle of project deliverables. This includes Trusted Firmware-A, Trusted Firmware-A Tests, Hafnium, TF-RMM, Trusted Services, and TF-A OpenCI scripts/jobs components. These went live on Nov, 24th 2025. Please find tag references and change logs at the end of this email. Many thanks to the trustedfirmware.org community for the active engagement in delivering this release! Notable features of the release version 2.14 are as follows: TF-A/EL3 * New architectural features support: FEAT_FGWTE3, FEAT_IDTE3, FEAT_RME_GPC2, FEAT_AIE, FEAT_CPA2, FEAT_MPAM_PE_BW_CTRL, FEAT_PFAR, FEAT_RME_GDI. * Live Firmware Activation: base support enabling TF-RMM LFA, added RMM MEM RESERVE ABI. * Armv9 CPU power down abandon support * GICv5 driver permitting normal world kernel boot * GIC720-AE support added * Per-cpu framework supporting NUMA platforms * SMCCC SoC name support (SMCCC v1.6 SMCCC_ARCH_SOC_ID) * SPMD: added FF-A v1.3 FFA_NS_RES_INFO_GET, FFA_ABORT interfaces * EL3 SPMC: add multiple UUIDs support, TPM event log delivered by HOB list, FFA_MEM_RETRIEVE_REQ from hypervisor * RME: FEAT_D128 for realm world, SMCCC_ARCH_FEATURE_AVAILABILITY * Platforms: RD-Aspen added, updates to Arm FVP/Juno, AMD Versal Gen2, Intel, MT8189, MT8196, i.MX94, i.MX95, S32G274A, QTI Kodiak, Renesas R-Car, STM32MP1, STM32MP2, STM32MP21, STM32MP25, Xilinx Versal, ZynqMP Boot flow * Transfer list and event log libraries now offered as shared libraries consumed as submodules by TF-A. * Update to mbedTLS 3.6.5 * Various PSA FWU improvements, namely BL2 in a dedicated FIP, GPT-corruption notifications to BL32, and expanded FWU tests. Errata/Security mitigations (CPU/GIC) * New CPU support: Arm Lumex C1, Dionysus, Caddo/Veymont, Venom. * Added close to 30 new CPU errata across multiple processor families, based on the latest SDEN updates. Hafnium/SPM (S-EL2) * FF-A v1.3 early adoption * FFA_NS_RES_INFO_GET ABI added * Partition lifecycle support: new states, abort handling. Pre-requisite to secure partitions live firmware activation. * Notifications support refactored with per-vCPU notifications removed. * Multi-GIC configuration supporting complex topologies. * Shrinkwrap used at core of Hafnium testing infrastructure. TF-RMM (R-EL2) * RMM v1.1 Planes support * PMU, timer, GIC ownership transfer. * Support for FEAT_S1POE/S1PIE, FEAT_S2POE/S2PIE * RMM v1.1 Memory Encryption Contexts (MEC) support * Realm Device Assignment * RMM v1.1. ALP12 base Device Assignment support * RMI VDEV ABIs, PDEV life cycle, root port IDE key programming, SPDM client as EL0 app. * Improved ID registers trapping leveraging SMCCC ARCH_FEATURE_AVAILABILITY, in light of future FEAT_IDTE3 support. * Additional architectural support: FEAT_TCR2, FEAT_D128, single-copy atomics, TF-A Tests * RME: DA and PCIe, Planes, MEC * SPM/FF-A * Bumped support o FF-A v1.3 * FFA_ABORT ABI * Deprecated per-vCPU notifications. * FWU: added negative testing (invalid image size, corrupted ROTPK) * GICv5 support added * Arm architecture tests * FEAT_TCR2 (for RME) , FEAT_IDTE3, FEAT_MPAM_PE_BW_CTRL, FEAT_EBEP, FEAT_AIE, FEAT_PFAR * SMCCC_ARCH_SOC_ID * SMCCC_ARCH_FEATURE_AVAILABILITY * Fuzzing: added SMC fuzzer documentation * Basic LFA framework tests * Platforms updates: AMD/Xilinx, Arm FVP, Corstone-1000 Trusted Services * RD-Aspen platform support added. * EFI ESRT handling in FWU Proxy (supporting Corstone1000 platform). * Block Storage service threat modelling. Release tags across repositories: https://git.trustedfirmware.org/plugins/gitiles/TF-A/trusted-firmware-a/+/r… https://git.trustedfirmware.org/plugins/gitiles/TF-A/tf-a-tests/+/refs/tags… https://git.trustedfirmware.org/plugins/gitiles/ci/tf-a-ci-scripts/+/refs/t… https://git.trustedfirmware.org/plugins/gitiles/ci/tf-a-job-configs/+/refs/… https://git.trustedfirmware.org/plugins/gitiles/hafnium/hafnium/+/refs/tags… https://git.trustedfirmware.org/plugins/gitiles/ci/hafnium-ci-scripts/+/ref… https://git.trustedfirmware.org/plugins/gitiles/ci/hafnium-job-configs/+/re… https://git.trustedfirmware.org/plugins/gitiles/TF-RMM/tf-rmm/+/refs/tags/t… https://git.trustedfirmware.org/plugins/gitiles/TS/trusted-services/+/refs/… Change logs: https://trustedfirmware-a.readthedocs.io/en/v2.14.0/change-log.html#id1 https://trustedfirmware-a-tests.readthedocs.io/en/v2.14.0/change-log.html#v… https://hafnium.readthedocs.io/en/v2.14.0/change-log.html#id1 https://tf-rmm.readthedocs.io/en/tf-rmm-v0.8.0/about/change-log.html#v0-8-0 https://git.trustedfirmware.org/plugins/gitiles/TS/trusted-services/+/refs/… Regards, Olivier.

2 months, 1 week

1
0
0 0

TF-A Tech Forum - Hafnium future looking improvements @ Thu Nov 13, 2025 11am - 12pm (UK)

by Olivier Deprez

Hi, This is a one off session for a partner to present coming improvements related to Hafnium project. Apologies for the meeting time not accommodating people in US timezones. We'll record the session and publish in the TF-A tech forum page as usual. Regards, Olivier. ________________________________ From: Google Calendar <calendar-notification(a)google.com> on behalf of Olivier Deprez via Hafnium <hafnium(a)lists.trustedfirmware.org> Sent: 07 November 2025 09:13 To: hafnium(a)lists.trustedfirmware.org <hafnium(a)lists.trustedfirmware.org> Subject: [Hafnium] Invitation: TF-A Tech Forum - Hafnium future looking improvements @ Thu Nov 13, 2025 12pm - 1pm (GMT+1) (hafnium(a)lists.trustedfirmware.org) TF-A Tech Forum - Hafnium future looking improvements Thursday Nov 13, 2025 ⋅ 12pm – 1pm Central European Time - Paris Location https://linaro-org.zoom.us/j/93557863987?pwd=56a1l8cBnetDTZ6eazHGaE1Ctk4W34… https://www.google.com/url?q=https%3A%2F%2Flinaro-org.zoom.us%2Fj%2F9355786… Hi, This is a one off session for a partner to present coming improvements related to Hafnium project. Apologies for the meeting time not accommodating people in US timezones. We'll record the session and publish in the TF-A tech forum page as usual. Regards,Olivier.Trusted Firmware is inviting you to a scheduled Zoom meeting.Please download and import the following iCalendar (.ics) files to your calendar system.Weekly: https://linaro-org.zoom.us/meeting/tJcocu6gqDgjEtOkyBhSQauR1sUyFwIcNKLa/ics… Zoom Meetinghttps://linaro-org.zoom.us/j/93557863987?pwd=56a1l8cBnetDTZ6eazHGaE1Ctk4W34.1Meeting ID: 935 5786 3987Passcode: 939141---One tap mobile+12532158782,,93557863987# US (Tacoma)+13017158592,,93557863987# US (Washington DC)---Dial by your location• +1 253 215 8782 US (Tacoma)• +1 301 715 8592 US (Washington DC)• +1 305 224 1968 US• +1 309 205 3325 US• +1 312 626 6799 US (Chicago)• +1 346 248 7799 US (Houston)• +1 360 209 5623 US• +1 386 347 5053 US• +1 507 473 4847 US• +1 564 217 2000 US• +1 646 558 8656 US (New York)• +1 646 931 3860 US• +1 669 444 9171 US• +1 669 900 9128 US (San Jose)• +1 689 278 1000 US• +1 719 359 4580 US• +1 253 205 0468 US• 833 548 0276 US Toll-free• 833 548 0282 US Toll-free• 833 928 4608 US Toll-free• 833 928 4609 US Toll-free• 833 928 4610 US Toll-free• 877 853 5247 US Toll-free• 888 788 0099 US Toll-freeMeeting ID: 935 5786 3987Find your local number: https://linaro-org.zoom.us/u/adoz9mILli Reply for hafnium(a)lists.trustedfirmware.org and view more details https://calendar.google.com/calendar/event?action=VIEW&eid=MDdmMGs0NjBkcW5q… Your attendance is optional. ~~//~~ Invitation from Google Calendar: https://calendar.google.com/calendar/ You are receiving this email because you are an attendee on the event. Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more https://support.google.com/calendar/answer/37135#forwarding -- Hafnium mailing list -- hafnium(a)lists.trustedfirmware.org To unsubscribe send an email to hafnium-leave(a)lists.trustedfirmware.org

2 months, 3 weeks

1
1
0 0

Trusted Firmware-A LTS v2.8.40 Release Announcement

by svc_openci_enginfra＠arm.com

Hello, Trusted Firmware-A LTS version 2.8.40 is now available. This release contains the following patches: af828443d fix(spm-mm): prevent excessive racing [1] c1c4d7d5d fix(security): remove CVE_2022_23960 Cortex-A720 [2] 7d6831115 fix(security): remove CVE_2022_23960 Neoverse V3 [3] 373b22562 fix(security): remove CVE_2022_23960 Cortex-X4 [4] [1] https://review.trustedfirmware.org/q/I0861d04ed95437e4ca9f203d9e79a6296b1ea… [2] https://review.trustedfirmware.org/q/I3c68b5f5d85ede37a6a039369de8ed2aa9205… [3] https://review.trustedfirmware.org/q/I13b27c04c3da5ec80fa79422b4ef4fee64738… [4] https://review.trustedfirmware.org/q/I23f5fa748377a920340b3c5a6584ccfadeea9… Alternatively, Change Log is available in the documentation section: https://trustedfirmware-a.readthedocs.io/en/lts-v2.8.40/change-log.html Thanks, TF-A LTS team

2 months, 3 weeks

1
0
0 0

Trusted Firmware-A LTS v2.10.26 Release Announcement

by svc_openci_enginfra＠arm.com

Hello, Trusted Firmware-A LTS version 2.10.26 is now available. This release contains the following patches: abea08e8c fix(spm-mm): prevent excessive racing [1] 91edc92e9 fix(security): fix spectre bhb loop count for Cortex-A720 [2] d12e9ecf2 fix(security): fix Cortex-A715 CVE-2022-23960 [3] f360aa51d fix(security): fix Cortex-X3 CVE-2022-23960 [4] 8ee12c187 fix(security): fix Neoverse V2 CVE-2022-23960 [5] d30e468b3 fix(security): remove CVE_2022_23960 Cortex-X4 [6] 96e666d6b fix(security): remove CVE_2022_23960 Neoverse V3 [7] a483d67c7 fix(security): remove CVE_2022_23960 Cortex-A720 [8] 07a6a7a9c refactor(cpufeat): rework check_feature() [9] 3eaacdf0c fix(security): add clrbhb support [10] f973eca20 fix(cpus): workaround for Cortex-A715 erratum 2409570 [11] f70c757d8 fix(cpus): workaround for Cortex-A715 erratum 2376701 [12] bb5add11c fix(cpus): workaround for Cortex-A715 erratum 3711916 [13] 7486be6bf build(deps): bump js-yaml in the dev-deps group across 1 directory [14] [1] https://review.trustedfirmware.org/q/I0861d04ed95437e4ca9f203d9e79a6296b1ea… [2] https://review.trustedfirmware.org/q/Ib6862dbed55e5ffcd0fcd58b45a88cf925c54… [3] https://review.trustedfirmware.org/q/Ib6b704733e474824772cb27bd048b1e179d90… [4] https://review.trustedfirmware.org/q/I3d46fa70c80129ca0085d8245ee013f11a884… [5] https://review.trustedfirmware.org/q/I859012281fc67243f050d27e364f27434389c… [6] https://review.trustedfirmware.org/q/I23f5fa748377a920340b3c5a6584ccfadeea9… [7] https://review.trustedfirmware.org/q/I13b27c04c3da5ec80fa79422b4ef4fee64738… [8] https://review.trustedfirmware.org/q/I3c68b5f5d85ede37a6a039369de8ed2aa9205… [9] https://review.trustedfirmware.org/q/Idb182b0dd2aa77a0a5c5a349fe79a42fe1256… [10] https://review.trustedfirmware.org/q/Ie6e56e96378503456a1617d5e5d51bc64c2e0… [11] https://review.trustedfirmware.org/q/Id9429831525b842779d7b7e60f103c93be4ac… [12] https://review.trustedfirmware.org/q/Idcd2a07d269d55534dc5faa59c454d37426f2… [13] https://review.trustedfirmware.org/q/Iad149a2c02a804b3f4f0f2f5b89e866675cb4… [14] https://review.trustedfirmware.org/q/Ibec1d8a3c6620daeb0e663cfab929bca7bba8… Alternatively, Change Log is available in the documentation section: https://trustedfirmware-a.readthedocs.io/en/lts-v2.10.26/change-log.html Thanks, TF-A LTS team

2 months, 3 weeks

1
0
0 0

Changelog for v2.14 Release

by Arvind Ram Prakash

Hello Everyone, Please take a look at the changelog for your respective platforms ahead of the TF-A v2.14 release. The changelog is autogenerated from the commit messages of the patches that have been merged since the v2.13 release. Here's your chance to give us guidance on any small manual adjustments you would like to see. Patch: https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/45309 Rendered Version: https://ci.trustedfirmware.org/job/tf-a-builder/890858/artifact/artefacts/r… Thanks, Arvind

2 months, 3 weeks

1
0
0 0

AI Policy - Guidance on AI-assisted contributions

by Shaun Longhorn

All, Please be aware that today we have published our AI policy with Guidance on AI-assisted contributions. See the full details here: https://www.trustedfirmware.org/aipolicy/ Should you have any questions feel free to raise them. Thanks, Shaun Community Manager

2 months, 3 weeks

1
0
0 0

Firmware-A v2.12 release code freeze notification

by Govindraj Raja

Hi All, The next release of the Firmware-A bundle of projects tagged v2.12 has an expected code freeze date of Nov, 8th 2024. Refer to the release cadence section from TF-A documentation (https://trustedfirmware-a.readthedocs.io/en/latest/about/release-informatio…). Closing out the release takes around 6-10 working days after the code freeze. v2.12 release preparation tasks start from now. We want to ensure that planned feature patches for the release are submitted in good time for the review process to conclude. As a kind recommendation and a matter of sharing CI resources, please launch CI jobs with care e.g.: -For simple platform, docs changes, or one liners, use Allow-CI+1 label (no need for a full Allow-CI+2 run). -For large patch stacks use Allow-CI+2 at top of the patch stack (and if required few individual Allow+CI+1 labels in the middle of the patch stack). -Carefully analyze results and fix the change if required, before launching new jobs on the same change. -If after issuing a Allow-CI+1 or Allow-CI+2 label a Build start notice is not added as a gerrit comment on the patch right away please be patient as under heavy load CI jobs can be queued and in extreme conditions it can be over an hour before the Build start notice is issued. Issuing another Allow-CI+1 or Allow-CI+2 label will just result in an additional job being queued. -- Thanks, Govindraj R

2 months, 3 weeks

2
2
0 0

Re: Question about SPM-MM SMC function ids

by Olivier Deprez

Hi, This issue was raised long time ago but unfortunately never got fixed/merged. It may be ok restoring the change and progress it: Https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/11002<https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/11002> Https://lists.trustedfirmware.org/archives/list/tf-a@lists.trustedfirmware.…<https://lists.trustedfirmware.org/archives/list/tf-a@lists.trustedfirmware.…> https://lists.trustedfirmware.org/archives/list/tf-a@lists.trustedfirmware.… On a related note, I hope you saw the deprecation notice: https://lists.trustedfirmware.org/archives/list/tf-a@lists.trustedfirmware.… Regards, Olivier. ________________________________ From: Sureshkumar Ponnusamy <sponnusamy(a)microsoft.com> Sent: 11 November 2025 05:46 To: David Daney <daviddaney(a)microsoft.com>; tf-a-owner(a)lists.trustedfirmware.org <tf-a-owner(a)lists.trustedfirmware.org> Cc: Giri Mudusuru <girimudusuru(a)microsoft.com>; Kun Qin <Kun.Qin(a)microsoft.com> Subject: RE: Question about SPM-MM SMC function ids Yes, the problem is in comparing logic and masks used. From: David Daney <daviddaney(a)microsoft.com> Sent: Monday, November 10, 2025 7:38 PM To: Sureshkumar Ponnusamy <sponnusamy(a)microsoft.com>; tf-a-owner(a)lists.trustedfirmware.org Cc: Giri Mudusuru <girimudusuru(a)microsoft.com>; Kun Qin <Kun.Qin(a)microsoft.com> Subject: Re: Question about SPM-MM SMC function ids According to the DEN0060A specification the only values used are: MM_VERSION: 0x8400 0040 MM_COMMUNICATE: 0x8400 0041/0xC400 0041 These don't overlap with the TRNG function IDs defined in DEN0098 David. ________________________________ From: Sureshkumar Ponnusamy <sponnusamy(a)microsoft.com<mailto:sponnusamy@microsoft.com>> Sent: Monday, November 10, 2025 7:32 PM To: tf-a-owner(a)lists.trustedfirmware.org<mailto:tf-a-owner@lists.trustedfirmware.org> <tf-a-owner(a)lists.trustedfirmware.org<mailto:tf-a-owner@lists.trustedfirmware.org>> Cc: Giri Mudusuru <girimudusuru(a)microsoft.com<mailto:girimudusuru@microsoft.com>>; David Daney <daviddaney(a)microsoft.com<mailto:daviddaney@microsoft.com>>; Kun Qin <Kun.Qin(a)microsoft.com<mailto:Kun.Qin@microsoft.com>> Subject: Question about SPM-MM SMC function ids Hi Manish, Levi Yun , TF-A community , I am facing an issue when enabling SPM-MM feature and it looks like there is a minor issue with the SMC ID range check. When SPM-MM is enabled, I cannot use the TRNG SMC services. /* These macros are used to identify SPM-MM calls using the SMC function ID */ #define SPM_MM_FID_MASK U(0xffff) #define SPM_MM_FID_MIN_VALUE U(0x40) #define SPM_MM_FID_MAX_VALUE U(0x7f) #define is_spm_mm_fid(_fid) \ ((((_fid) & SPM_MM_FID_MASK) >= SPM_MM_FID_MIN_VALUE) && \ (((_fid) & SPM_MM_FID_MASK) <= SPM_MM_FID_MAX_VALUE)) Here, the SPM-MM SMC ID range spans from 0x40 to 0x7F, which overlaps with the TRNG SMC service IDs: /* SMC function IDs for TRNG queries */ #define ARM_TRNG_VERSION U(0x84000050) #define ARM_TRNG_FEATURES U(0x84000051) #define ARM_TRNG_GET_UUID U(0x84000052) #define ARM_TRNG_RND32 U(0x84000053) #define ARM_TRNG_RND64 U(0xC4000053) Could you please clarify the rationale behind including the TRNG SMC IDs within the SPM-MM ID range? If this overlap was unintentional, we have to fix it. Looking forward to your insights and feedback on this matter. Thanks Suresh

2 months, 3 weeks

2
1
0 0

New Defects reported by Coverity Scan for ARM-software/arm-trusted-firmware

by scan-admin＠coverity.com

Hi, Please find the latest report on new defect(s) introduced to ARM-software/arm-trusted-firmware found with Coverity Scan. 2 new defect(s) introduced to ARM-software/arm-trusted-firmware found with Coverity Scan. 6 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 2 of 2 defect(s) ** CID 493664: Control flow issues (DEADCODE) /lib/libc/strtoull.c: 106 in strtoull() _____________________________________________________________________________________________ *** CID 493664: Control flow issues (DEADCODE) /lib/libc/strtoull.c: 106 in strtoull() 100 else { 101 #ifdef __aarch64__ 102 uint128_t extended = (uint128_t)acc * (unsigned)base; 103 extended += (unsigned)c; 104 105 if (extended > ULLONG_MAX) { >>> CID 493664: Control flow issues (DEADCODE) >>> Execution cannot reach this statement: "any = -1;". 106 any = -1; 107 } else { 108 acc = (unsigned long long)extended; 109 any = 1; 110 } 111 #else ** CID 493663: Control flow issues (DEADCODE) /lib/libc/strtoul.c: 105 in strtoul() _____________________________________________________________________________________________ *** CID 493663: Control flow issues (DEADCODE) /lib/libc/strtoul.c: 105 in strtoul() 99 any = -1; 100 else { 101 extended = (unsigned long long)acc * (unsigned)base; 102 extended += (unsigned)c; 103 104 if (extended > (unsigned long long)ULONG_MAX) { >>> CID 493663: Control flow issues (DEADCODE) >>> Execution cannot reach this statement: "any = -1;". 105 any = -1; 106 } else { 107 acc = (unsigned long)extended; 108 any = 1; 109 } 110 } ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/arm-software-arm-trusted-firmware?tab=ov…

2 months, 3 weeks

1
0
0 0

New Defects reported by Coverity Scan for ARM-software/arm-trusted-firmware

by scan-admin＠coverity.com

Hi, Please find the latest report on new defect(s) introduced to ARM-software/arm-trusted-firmware found with Coverity Scan. 1 new defect(s) introduced to ARM-software/arm-trusted-firmware found with Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 1 of 1 defect(s) ** CID 493457: Control flow issues (UNREACHABLE) /plat/arm/board/fvp/fvp_spmd_logical_sp.c: 37 in fvp_get_partition_info() _____________________________________________________________________________________________ *** CID 493457: Control flow issues (UNREACHABLE) /plat/arm/board/fvp/fvp_spmd_logical_sp.c: 37 in fvp_get_partition_info() 31 * SPM. 32 * 33 * TODO: Integrate this helper function for a new anticipated feature. 34 */ 35 return; 36 >>> CID 493457: Control flow issues (UNREACHABLE) >>> This code cannot be reached: "struct ffa_value ret = {0UL};". 37 struct ffa_value ret = { 0 }; 38 uint32_t target_uuid[4] = { 0 }; 39 static struct ffa_partition_info_v1_1 40 part_info[SPMD_LP_MAX_SUPPORTED_SP] = { 0 }; 41 42 uint16_t num_partitions = 0; ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/arm-software-arm-trusted-firmware?tab=ov…

3 months

1
0
0 0

2026

2025

2024

2023

2022

2021

2020

2019

2018

TF-A