xref: /optee_os/CHANGELOG.md (revision 4aeff29736f99c9bb11e00ae7f93c3ce41b9d092) 
1# OP-TEE - version 1.1.0
2
3
4## New features
5
6* Softfloat library: floating point support is now available in 32bits TA.
7
8* Support running 64-bits TA: on ARMv8-A platform, TA can be compiled in
9  AArch32 and/or in AArch64 in case the core is compiled in AArch64.
10  An example can be found in HiKey configuration file. Using the following
11  excerpt code, the user TA libraries are compiled in both AArch32 and
12  AArch64, and can be found in `out/arm-plat-hikey/export-ta_arm32` and
13  `out/arm-plat-hikey/export-ta_arm64`
14
15```
16    ta-targets = ta_arm32
17    ta-targets += ta_arm64
18```
19
20* Concurrent TA support: multiple TA can run in parallel on
21  several cores.
22
23* New tests added in xtest test suite: concurrent TA (xtest 1013),
24  floating point tests (xtest 1006 and os_test TA) and corruption
25  file storage (xtest 20000)
26
27* [Link][github_commits_1_1_0] to a list of all commits between this and
28  previous release.
29
30
31## Tested on
32Definitions:
33
34| Type | Meaning |
35| ---- | ------- |
36| Standard tests | The [optee_test][optee_test] project. |
37| Extended tests | optee_test with tests from the GlobalPlatform™ TEE Initial Configuration Test Suite v1.1.0.4. |
38| Hello world test | Plain hello world Trusted Application such as [this][hello_world]. |
39
40*	Foundation Models (vexpress-fvp), standard tests + extended tests,
41	using FVP ARM V8 Foundation Platformr0p0 (platform build 9.5.40)
42*	HiKey (hikey), standard + extended tests.
43*	MT8173 (mediatek), standard tests.
44*	QEMU (vexpress-qemu), standard + extended tests.
45*	STM Cannes (stm-cannes), standard + extended tests.
46
47## Known issues
48* Secure Storage is implemented, but note that anti-rollback protection
49  is not implemented yet.
50
51* Issue(s) open on GitHub
52  * [#40][prld40] BUG_ON() when re-using RPC buffer to tee-supplicant
53  * [#296][pr296]: Connecting RPMB to the storage APIs.
54  * [#493][pr493]: setup_juno_optee: unable to find pre-built binaries
55  * [#506][pr506]: tee-supplicant panic & ta panic
56
57[prld40]: https://github.com/OP-TEE/optee_linuxdriver/issues/40
58[pr506]: https://github.com/OP-TEE/optee_os/issues/506
59[github_commits_1_1_0]: https://github.com/OP-TEE/optee_os/compare/1.0.1...1.1.0
60
61
62
63# OP-TEE - version 1.0.0
64
65OP-TEE is now maintained by Linaro. Contributors do not need to
66sign a CLA anymore, but must follow the rules of the [DCO][DCO]
67(Developer Certificate of Origin) instead.
68
69
70## New features
71
72* Add hardware support for Texas Instruments DRA7xx, ARMv7 (plat-ti)
73
74* GlobalPlatform™ TEE Internal Core API Specification v1.1,
75  including ECC algorithms.
76
77* Secure Storage: Files stored by the REE are now encrypted. Operations
78  are made atomic in order to prevent inconsistencies in case of errors
79  during the storage operations. [Slides][LCStorage] describing the
80  Secure Storage have been presented at the Linaro Connect SFO15.
81
82* Change of format of the Trusted Applications: they follow a
83  [signed ELF format][elf]
84
85* Rework thread [synchronization][synchro] in optee_os.
86
87* Use of ARMv8 native cryptographic support.
88
89* [OP-TEE/optee_test][optee_test] test suite is released.
90
91* Introduce [OP-TEE/manifest][manifest] and [OP-TEE/build][build]
92  to setup and build QEMU, FVP, HiKey and Mediatek platforms. Setup scripts
93  that used to be in optee_os have been removed, except for Juno board.
94
95* [Link][github_commits_1_0_0] to a list of all commits between this and
96  previous release.
97
98
99## Tested on
100Definitions:
101
102| Type | Meaning |
103| ---- | ------- |
104| Standard tests | The [optee_test][optee_test] project. |
105| Extended tests | optee_test with tests from the GlobalPlatform™ TEE Initial Configuration Test Suite v1.1.0.4. |
106| Hello world test | Plain hello world Trusted Application such as [this][hello_world]. |
107
108*	ARM Juno Board (vexpress-juno), standard + extended tests.
109*	Foundation Models (vexpress-fvp), standard tests.
110*	HiKey (hikey), standard + extended tests.
111*	MT8173 (mediatek), standard tests.
112*	QEMU (vexpress-qemu), standard + extended tests.
113*	STM Cannes (stm-cannes), standard + extended tests.
114
115## Known issues
116* Secure Storage is implemented, but note that anti-rollback protection
117  is not implemented yet.
118
119* Issue(s) open on GitHub
120  * [#210][pr210]: libteec.so 32-bit does not communicate well
121    with 64-bit kernel module
122  * [#296][pr296]: Connecting RPMB to the storage APIs.
123  * [#493][pr493]: setup_juno_optee: unable to find pre-built binaries
124  * [#494][pr494]: HiKey: xtest 7671 fails (1.0.0-rc2)
125
126[pr210]: https://github.com/OP-TEE/optee_os/issues/210
127[pr296]: https://github.com/OP-TEE/optee_os/issues/296
128[pr493]: https://github.com/OP-TEE/optee_os/issues/493
129[pr494]: https://github.com/OP-TEE/optee_os/issues/494
130[github_commits_1_0_0]: https://github.com/OP-TEE/optee_os/compare/0.3.0...1.0.0
131[DCO]: https://github.com/OP-TEE/optee_os/blob/master/Notice.md#contributions
132[LCStorage]: http://www.slideshare.net/linaroorg/sfo15503-secure-storage-in-optee
133[synchro]: https://github.com/OP-TEE/optee_os/blob/master/documentation/optee_design.md#4-thread-handling
134[elf]: https://github.com/OP-TEE/optee_os/blob/master/documentation/optee_design.md#format
135[optee_test]: https://github.com/OP-TEE/optee_test
136[manifest]: https://github.com/OP-TEE/manifest
137[build]: https://github.com/OP-TEE/build
138
139
140
141# OP-TEE - version 0.3.0
142
143## New features
144
145*   Add hardware support for
146	*   Mediatek MT8173 Board, ARMv8-A (plat-mediatek)
147	*   Hisilicon HiKey Board, ARMv8-A (plat-hikey)
148*   AArch64 build of optee_os is now possible through the configuration `CFG_ARM64_core=y`
149*	Secure Storage: Data can be encrypted prior to their storage in the non-secure.
150	Build is configured using `CFG_ENC_FS=y`
151*	A generic boot scheme can be used. Boot configuration is commonalized. This helps
152	new board support. It is applied on plat-hikey, plat-vexpress, plat-mediatek, plat-stm
153    and plat-vexpress.
154
155## Tested on
156Definitions:
157
158| Type | Meaning |
159| ---- | ------- |
160| Standard tests | The optee_test project. |
161| Extended tests | optee_test with tests from the GlobalPlatform™ TEE Initial Configuration Test Suite v1.1.0.4. |
162| Hello world test | Plain hello world Trusted Application such as [this][hello_world]. |
163
164*	ARM Juno Board (vexpress-juno), standard tests.
165*	Foundation Models (vexpress-fvp), standard tests.
166*	HiKey (hikey), standard tests.
167*	MT8173 (mediatek), standard tests.
168*	QEMU (vexpress-qemu), standard + extended tests.
169*	STM Cannes (stm-cannes), standard + extended tests.
170
171-------------------------------------------
172
173# OP-TEE - version 0.2.0
174
175## New features
176
177### Linux Driver Refactoring
178
179Linux Driver has been refactored. It is now split in two parts:
180*	optee.ko, the generic Linux driver. It contains all functionality
181	common to all backends.
182*	optee_armtz.ko, a specific backend dedicated to the TrustZone optee.
183	It depends on optee.ko.
184
185Loading the TrustZone optee linux driver module is now performed using
186
187    modprobe optee_armtz
188
189Thanks to the dependency between the generic and the backend modules, optee.ko is then automatically loaded.
190
191### Misc new features
192* support PL310 lock down at TEE boot
193* add 64bits support (division / print)
194
195## Tested on
196Definitions:
197
198| Type | Meaning |
199| ---- | ------- |
200| Standard tests | The optee_test project. |
201| Extended tests | optee_test with tests from the GlobalPlatform™ TEE Initial Configuration Test Suite v1.1.0.4. |
202| Hello world test | Plain hello world Trusted Application such as [this][hello_world]. |
203
204*   ARM Juno Board (vexpress-juno), standard tests + extended tests.
205
206*   Foundation Models (vexpress-fvp), standard + extended tests.
207
208*   QEMU (vexpress-qemu), standard + extended tests.
209
210*   STM Cannes (stm-cannes), standard + extended tests.
211
212
213## Issues resolved since last release
214*	Fix user TA trace issue, in order each TA is able to select its own trace level
215
216
217-------------------------------------------
218#OP-TEE - version 0.1.0
219
220## New features
221Below is a summary of the most important features added, but at the end you will
222find a link that present you all commits between the current and previous
223release tag.
224
225*   GlobalPlatform Client API v1.0 support.
226
227*   GlobalPlatform Internal API v1.0 support.
228
229*   GlobalPlatform Secure Elements v1.0 support.
230
231*   Add hardware support for
232
233    *   Allwinner A80, ARMv7-A.
234
235    *   ARM Juno Board, ARMv8-A.
236
237    *   Foundation Models, ARMv8-A.
238
239    *   Fast Models, ARMv8-A.
240
241    *   QEMU, ARMv7-A.
242
243    *   STM Cannes, ARMv7-A.
244
245    *   STM Orly2, ARMv7-A.
246
247*   Add LibTomCrypt as the default software cryptographic library.
248
249*   Add cryptographic abstraction layer in on secure side to ease the use of
250    other cryptographic software libraries or adding support for hardware
251    acceleration.
252
253*   Extended cryptographic API with support for HKDF, Concat KDF and PBKDF2.
254
255*   SHA-1 and SHA-256 ARMv8-A crypto extension implementation.
256
257*   Enabled paging support in OP-TEE OS.
258
259*   Add support for xtest (both standard and extended) in QEMU and FVP setup
260    scripts.
261
262*   Add documentation for the OS design, cryptographic abstraction layer, secure
263    elements design, the build system, GitHub usage, key derivation extensions,
264    ARM-Trusted Firmware usage within OP-TEE and GlobalPlatform usage within
265    OP-TEE.
266
267*   Integrate support for Travis CI.
268
269*   [Link][github_commits_0_1_0] to a list of all commits between this and
270    previous release.
271
272
273## Tested on
274Definitions:
275
276| Type | Meaning |
277| ---- | ------- |
278| Standard tests | The optee_test project. |
279| Extended tests | optee_test with tests from the GlobalPlatform™ TEE Initial Configuration Test Suite v1.0.0. |
280| Hello world test | Plain hello world Trusted Application such as [this][hello_world]. |
281
282*   Allwinner A80 (plat-sunxi), hello world test.
283
284*   ARM Juno Board (vexpress-juno), standard tests.
285
286*   Foundation Models (plat-vexpress-fvp), standard + extended tests
287
288*   QEMU (plat-vexpress-qemu), standard + extended tests (and Secure Elements
289    tested separately).
290
291*   STM Cannes (plat-stm-cannes), standard + extended tests.
292
293
294## Issues resolved since last release
295N/A since this is the first release tag on OP-TEE.
296
297
298## Known issues
299*   Storage is implemented, but not "Secure storage", meaning that a client
300    needs to do encrypt files on their own before storing the files.
301
302*   Issue(s) open on GitHub
303    *   [#95][pr95]: An error about building the test code of libtomcrypt.
304
305    *   [#149][pr149]: when testing optee os with arm trusted firmware (I
306	utilized optee os tee.bin as bl32 image) on juno platform, I got an
307        error.
308
309    *   [#161][pr161]: tee_svc_cryp.c lacks accessibility checks on
310        user-supplied TEE_Attributes.
311
312[hello_world]: https://github.com/jenswi-linaro/lcu14_optee_hello_world
313[github_commits_0_1_0]: https://github.com/OP-TEE/optee_os/compare/b01047730e77127c23a36591643eeb8bb0487d68...999e4a6c0f64d3177fd3d0db234107b6fb860884
314[pr95]: https://github.com/OP-TEE/optee_os/issues/95
315[pr149]: https://github.com/OP-TEE/optee_os/issues/149
316[pr161]: https://github.com/OP-TEE/optee_os/issues/161
317
318*   Global Platform Device Internal Core API v1.1
319    *   [#230][pr230]: Persistent object corruption support (TEE_ERROR_CORRUPT_OBJECT/_2)
320    *   [#230][pr230]: Persistent object access support (TEE_ERROR_STORAGE_NOT_AVAILABLE/_2)
321