Hi,
We are pleased to announce the formal release of Trusted Firmware-A version 2.15 bundle of project deliverables.
This includes Trusted Firmware-A, Trusted Firmware-A Tests, Hafnium, TF-RMM, and TF-A OpenCI scripts/jobs components.
These went live on May, 29th 2026.
Many thanks to the trustedfirmware.org community for the active engagement in delivering this release!
Notable features of the Version 2.15 Release are as follows:
TF-A New features - Architectural features enablement: Armv8.9 FEAT_RASv2, Armv9.5 FEAT_HACDBS / FEAT_HDBSS / FEAT_STEP2, Armv9.6 FEAT_UINJ. - CPU support: LSC25 E-core, P-core, Rosillo libraries support, fixed CVE-2026-0095 and CVE-2025-0647. - Live Firmware Activation: improved EL3 agent, enhanced/added activators for TF-RMM and secure partitions LFA. - Firmware Interface for RME (FIRME): early ALP2 support added (discovery and granule management services). - Measured boot: dynamic hash provisioning, crypto-agile event-log plumbing, TPM support via libtpm, and helper APIs for hash/event metadata. - Release build defaults to LTO enabled, mbed TLS updated to 3.6.6, broader FEATURE_DETECTION coverage, and Armv9.4-Armv9.6 mandatory features enabled by default. - Crypto extensions enabled in BL2. - SMC validation framework adding shadow-copying, type-safe range validation, and overflow checks to reduce PBF/TOCTOU exposure in SiP handlers. Platform support - TI k3low/AM62L: initial SCMI server/protocol support, power and clock management, device-state handling, PSC/PLL/oscillator/clock framework pieces, board PM data, DDR/firewall integration, and boot-time optimizations. - Renesas: initial BL31 support for R-Car Gen5 X5H, new Gen3 M3Le/Geist board support, SCIF/console code rewritten in C, plus Gen3/Gen5 boot, warm-boot, SVE, and AMU fixes. - STM32MP platform added and wired up watchdog support end-to-end, PMIC/clock/power updates and new STM32MP21/23/25 DT and board enablement. - AMD/Xilinx versal2: compile-time topology selection, PM support for new topologies, alternate-primary-core support, and a broad follow-up fix stream for bounds, type, and no-PM configurations. - NXP S32G274ARDB: DDR support, firmware loading, controller setup, PHY training orchestration, and register helpers. -QTI platforms reorganized by SoC family, added Lemans/Kodiak platforms support. - ST: STM32MP1, STM32MP2, STM32MP21, STM32MP23 - Arm: Morello (improved capabilities support), FVP, Juno, RD-V3, TC, Corstone-1000, RD-Aspen (measured boot/RAS handling, FVP secure-partition live activation and image decryption). Detailed change log: https://trustedfirmware-a.readthedocs.io/en/v2.15.0/change-log.html#id1 Tf-a-tests New features - FF-A partition-info handling updated for the v1.3 descriptor format. - Expanded Realm/RME/DA/FIRME coverage: realm support aligned to RMM 2.0-beta0-rc1, new tests and helpers for RMI_RMM_CONFIG_GET, SRO flows, PSMMU APIs, FIRME version/features, DMA via SMMUv3, DA VDEV/PDEV flows, and IDE key refresh/reset paths. - Aligned Realm and DA behaviour with newer specs and ownership rules: fixes covered PN-to-P0 SMC handling, host-side GIC ownership, DA object/VCA caching, VDEV map/unmap behavior for alp17, and plane sysreg test handling. - Added fuzzing capability for PSCI, plus fuzzer status reporting, reserved-bit handling, and a vector container for higher-sanity constraint checking. - Added new architectural tests: FEAT_AIE, FEAT_PFAR, FEAT_HACDBS, FEAT_HDBSS, FEAT_STEP2, AMU world-switch behavior, LS64, FEAT_MOPS in Realms, FWU overflow/invalid-image handling, and NS memory attribute changes. - Mbed TLS dependency bumped to 3.6.6 Platform support - versal2: added build-time console selection, selectable topology variants (4x2 default and 1x4), and moved topology handling into a dedicated module. - corstone1000: added Cortex-A320 support, switched that configuration to GICv3/GIC-600, moved the NVM offset to avoid overlap with TFTF, and introduced an A320-specific skip list. - Platform-specific maintenance also landed for TC, Xilinx, Versal Net, ZynqMP, and FVP to improve topology correctness, interrupt-handler safety, errata validation, and test portability. Detailed change log: https://trustedfirmware-a-tests.readthedocs.io/en/v2.15.0/change-log.html#ve... TF-RMM - RMM v2.0 adoption: EL2/EL3 interface version bump to 2.0, updated RSI/RMI ABIs, range-based granule delegate/ undelegate, RTT_DATA_MAP, RTT_DATA_MAP_INIT, RTT_DATA_UNMAP, and the v2.0-aligned RMI_RTT_INIT_RIPAS behavior, support for Feature Registers 2/3/4. - Stateful RMI Operations (SRO): a new SRO context library landed, along with RMI_OP_CONTINUE, memory donate/reclaim/cancel flows, and integration into REC create/destroy paths. - Device assignment: the DA/VDEV stack was substantially reworked across spec revisions, including RDEV-to-VDEV ABI migration, updated PDEV/VDEV flows, DMA enable/disable, mapping validation, digest/token handling, and host-side DA support. - Live Firmware Activation: added low-VA memory management, added RESERVE_MEMORY EL3 interface support, the new xlat_low_va layer, dynamic VA allocation/map/unmap, runtime granule allocation, and glob_data state used to persist allocation/runtime metadata across LFA hand-off. - SMMUv3 enablement: driver added, extended with per-VMID TLBI helpers, support for PSMMU ABIs, StreamID/SMMU-index derivation for TDI, Multiple SMMU support and optimized TLBI range packing. - FIRME discovery/GPI_SET support, dummy granule-tracking APIs. - Architecture support: FEAT_MOPS enablement for Realms - fake_host enablement: minicoro based fake_host EL0 app simulation - EL0 app framework fixes: Fixes for TTBR/TLBI sequence for app entry and exit - Fuzzing: a full AFL++ host_fuzz variant was added with protocol generation, corpus builders, crash triage, and a GitHub Actions fuzz workflow. Detailed change log: https://tf-rmm.readthedocs.io/en/tf-rmm-v0.9.0/about/change-log.html#v0-9-0 Hafnium - Secure Partition Live Firmware Activation: added lifecycle framework message ABIs plus the full live-activation start & finish flow, global activation tracking, live-state buffer manifest fields, CPU-cycle allocation for the new instance, error reporting back to the LSP, and live-activation properties in FF-A partition discovery. - FF-A v1.3 adoption: extended partition info descriptors, image UUID reporting during discovery, canonical UUID parsing, duplicate UUID validation, v1.1 service modelling, and UUID-specific messaging-method parsing. - Introduced a platform memory allocator abstraction: allocator initialization, per-CPU rollback pools, rollback-aware API and FF-A memory operations, allocator-backed region fragment handling, and supporting arch helpers for current CPU/vCPU lookup. - CI: added shrinkwrap base configs and EL2 SPMC TFTF overlays, a kokoro target for remote-source builds, per-test log isolation, suite/test filtering, and dual-UART log capture in hftest. Detailed change log: https://hafnium.readthedocs.io/en/v2.15.0/change-log.html#id1
Regards, Olivier.