Hi Suresh,

TF-M threat model against physical attack requires Cryptographic operations to be protected as well.

Since the sensitive operations are performed in crypto library or HW accelerator, it is required the corresponding crypto SW and HW shall implement counter measures.

Regrading Mbed TLS mitigation, please refer to Mbed TLS mailing list for details.

Best regards,

Hu Ziji

From: TF-M <tf-m-bounces@lists.trustedfirmware.org> On Behalf Of Suresh Marisetty via TF-M
Sent: Thursday, September 2, 2021 12:16 AM
To: Anton Komlev <Anton.Komlev@arm.com>; tf-m@lists.trustedfirmware.org
Cc: nd <nd@arm.com>
Subject: Re: [TF-M] TF-M v1.3.0 release - Fault Injection and DPA in line with PSA L3 Certification

Hi,

I have a question related to the PSA L3 certification and the requirement to support Side-channel and fault injection attacks.

I have noted that TFM and MCUBoot does implement some software countermeasures for Fault Injection. However, I am wondering if there is similar implementation support for the Crypto Lib in TFM (or Mbed TLS) with software counter measures for side channel DPA.

Needless to say, there are some known best practices for DPA software countermeasures.

thanks

Suresh Marisetty

Infineon Semiconductor Corporation

From: TF-M <tf-m-bounces@lists.trustedfirmware.org> On Behalf Of Anton Komlev via TF-M
Sent: Friday, April 9, 2021 6:25 AM
To: tf-m@lists.trustedfirmware.org
Cc: nd <nd@arm.com>
Subject: [TF-M] TF-M v1.3.0 release

Caution: This e-mail originated outside Infineon Technologies. Do not click on links or open attachments unless you validate it is safe.

Hello,

TF-M project released version v1.3.0, tagged as TF-Mv1.3.0.

Please take a look into the release notes for the new features and changes:

https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/reference/releases/1.3.0.rst

The major features:

Support stateless RoT Service defined in FF-M 1.1
Support Second-Level Interrupt Handling (SLIH) defined in FF-M 1.1
Add Firmware Update (FWU) secure service, following Platform Security Architecture Firmware Update API
Migrate to Mbed TLS v2.25.0
Update MCUboot version to v1.7.2
Add a TF-M generic threat model
Implement Fault Injection Handling library to mitigate physical attacks
Add Profile Large
Enable code sharing between boot loader and TF-M
Support Armv8.1-M Privileged Execute Never (PXN) attribute and Thread reentrancy disabled (TRD) feature
New platforms added
Add a TF-M security landing page
Enhance dual-cpu non-secure mailbox reference implementation

This is the first release performed in the OpenCI infrastructure with no single issue encountered.

Thanks to everyone who directly and indirectly contributed to this milestone.

Anton Komlev

TF-M technical lead

Arm Ltd.