xref: /optee_os/CHANGELOG.md (revision 8a7ee79d77ed3df82bbbc659499a80474c40b072) 
1# OP-TEE - version 1.0.0
2
3OP-TEE is now maintained by Linaro. Contributors do not need to
4sign a CLA anymore, but must follow the rules of the [DCO][DCO]
5(Developer Certificate of Origin) instead.
6
7
8## New features
9
10* Add hardware support for Texas Instruments DRA7xx, ARMv7 (plat-ti)
11
12* GlobalPlatform™ TEE Internal Core API Specification v1.1,
13  including ECC algorithms.
14
15* Secure Storage: Files stored by the REE are now encrypted. Operations
16  are made atomic in order to prevent inconsistencies in case of errors
17  during the storage operations. [Slides][LCStorage] describing the
18  Secure Storage have been presented at the Linaro Connect SFO15.
19
20* Change of format of the Trusted Applications: they follow a
21  [signed ELF format][elf]
22
23* Rework thread [synchronization][synchro] in optee_os.
24
25* Use of ARMv8 native cryptographic support.
26
27* [OP-TEE/optee_test][optee_test] test suite is released.
28
29* Introduce [OP-TEE/manifest][manifest] and [OP-TEE/build][build]
30  to setup and build QEMU, FVP, HiKey and Mediatek platforms. Setup scripts
31  that used to be in optee_os have been removed, except for Juno board.
32
33
34## Tested on
35Definitions:
36
37| Type | Meaning |
38| ---- | ------- |
39| Standard tests | The [optee_test][optee_test] project. |
40| Extended tests | optee_test with tests from the GlobalPlatform™ TEE Initial Configuration Test Suite v1.1.0.4. |
41| Hello world test | Plain hello world Trusted Application such as [this][hello_world]. |
42
43*	ARM Juno Board (vexpress-juno), standard + extended tests.
44*	Foundation Models (vexpress-fvp), standard tests.
45*	HiKey (hikey), standard + extended tests.
46*	MT8173 (mediatek), standard tests.
47*	QEMU (vexpress-qemu), standard + extended tests.
48*	STM Cannes (stm-cannes), standard + extended tests.
49
50[DCO]: https://github.com/OP-TEE/optee_os/blob/master/Notice.md#contributions
51[LCStorage]: http://www.slideshare.net/linaroorg/sfo15503-secure-storage-in-optee
52[synchro]: https://github.com/OP-TEE/optee_os/blob/master/documentation/optee_design.md#4-thread-handling
53[elf]: https://github.com/OP-TEE/optee_os/blob/master/documentation/optee_design.md#format
54[optee_test]: https://github.com/OP-TEE/optee_test
55[manifest]: https://github.com/OP-TEE/manifest
56[build]: https://github.com/OP-TEE/build
57
58# OP-TEE - version 0.3.0
59
60## New features
61
62*   Add hardware support for
63	*   Mediatek MT8173 Board, ARMv8-A (plat-mediatek)
64	*   Hisilicon HiKey Board, ARMv8-A (plat-hikey)
65*   AArch64 build of optee_os is now possible through the configuration `CFG_ARM64_core=y`
66*	Secure Storage: Data can be encrypted prior to their storage in the non-secure.
67	Build is configured using `CFG_ENC_FS=y`
68*	A generic boot scheme can be used. Boot configuration is commonalized. This helps
69	new board support. It is applied on plat-hikey, plat-vexpress, plat-mediatek, plat-stm
70    and plat-vexpress.
71
72## Tested on
73Definitions:
74
75| Type | Meaning |
76| ---- | ------- |
77| Standard tests | The optee_test project. |
78| Extended tests | optee_test with tests from the GlobalPlatform™ TEE Initial Configuration Test Suite v1.1.0.4. |
79| Hello world test | Plain hello world Trusted Application such as [this][hello_world]. |
80
81*	ARM Juno Board (vexpress-juno), standard tests.
82*	Foundation Models (vexpress-fvp), standard tests.
83*	HiKey (hikey), standard tests.
84*	MT8173 (mediatek), standard tests.
85*	QEMU (vexpress-qemu), standard + extended tests.
86*	STM Cannes (stm-cannes), standard + extended tests.
87
88-------------------------------------------
89
90# OP-TEE - version 0.2.0
91
92## New features
93
94### Linux Driver Refactoring
95
96Linux Driver has been refactored. It is now split in two parts:
97*	optee.ko, the generic Linux driver. It contains all functionality
98	common to all backends.
99*	optee_armtz.ko, a specific backend dedicated to the TrustZone optee.
100	It depends on optee.ko.
101
102Loading the TrustZone optee linux driver module is now performed using
103
104    modprobe optee_armtz
105
106Thanks to the dependency between the generic and the backend modules, optee.ko is then automatically loaded.
107
108### Misc new features
109* support PL310 lock down at TEE boot
110* add 64bits support (division / print)
111
112## Tested on
113Definitions:
114
115| Type | Meaning |
116| ---- | ------- |
117| Standard tests | The optee_test project. |
118| Extended tests | optee_test with tests from the GlobalPlatform™ TEE Initial Configuration Test Suite v1.1.0.4. |
119| Hello world test | Plain hello world Trusted Application such as [this][hello_world]. |
120
121*   ARM Juno Board (vexpress-juno), standard tests + extended tests.
122
123*   Foundation Models (vexpress-fvp), standard + extended tests.
124
125*   QEMU (vexpress-qemu), standard + extended tests.
126
127*   STM Cannes (stm-cannes), standard + extended tests.
128
129
130## Issues resolved since last release
131*	Fix user TA trace issue, in order each TA is able to select its own trace level
132
133
134-------------------------------------------
135#OP-TEE - version 0.1.0
136
137## New features
138Below is a summary of the most important features added, but at the end you will
139find a link that present you all commits between the current and previous
140release tag.
141
142*   GlobalPlatform Client API v1.0 support.
143
144*   GlobalPlatform Internal API v1.0 support.
145
146*   GlobalPlatform Secure Elements v1.0 support.
147
148*   Add hardware support for
149
150    *   Allwinner A80, ARMv7-A.
151
152    *   ARM Juno Board, ARMv8-A.
153
154    *   Foundation Models, ARMv8-A.
155
156    *   Fast Models, ARMv8-A.
157
158    *   QEMU, ARMv7-A.
159
160    *   STM Cannes, ARMv7-A.
161
162    *   STM Orly2, ARMv7-A.
163
164*   Add LibTomCrypt as the default software cryptographic library.
165
166*   Add cryptographic abstraction layer in on secure side to ease the use of
167    other cryptographic software libraries or adding support for hardware
168    acceleration.
169
170*   Extended cryptographic API with support for HKDF, Concat KDF and PBKDF2.
171
172*   SHA-1 and SHA-256 ARMv8-A crypto extension implementation.
173
174*   Enabled paging support in OP-TEE OS.
175
176*   Add support for xtest (both standard and extended) in QEMU and FVP setup
177    scripts.
178
179*   Add documentation for the OS design, cryptographic abstraction layer, secure
180    elements design, the build system, GitHub usage, key derivation extensions,
181    ARM-Trusted Firmware usage within OP-TEE and GlobalPlatform usage within
182    OP-TEE.
183
184*   Integrate support for Travis CI.
185
186*   [Link][github_commits_0_1_0] to a list of all commits between this and
187    previous release.
188
189
190## Tested on
191Definitions:
192
193| Type | Meaning |
194| ---- | ------- |
195| Standard tests | The optee_test project. |
196| Extended tests | optee_test with tests from the GlobalPlatform™ TEE Initial Configuration Test Suite v1.0.0. |
197| Hello world test | Plain hello world Trusted Application such as [this][hello_world]. |
198
199*   Allwinner A80 (plat-sunxi), hello world test.
200
201*   ARM Juno Board (vexpress-juno), standard tests.
202
203*   Foundation Models (plat-vexpress-fvp), standard + extended tests
204
205*   QEMU (plat-vexpress-qemu), standard + extended tests (and Secure Elements
206    tested separately).
207
208*   STM Cannes (plat-stm-cannes), standard + extended tests.
209
210
211## Issues resolved since last release
212N/A since this is the first release tag on OP-TEE.
213
214
215## Known issues
216*   Storage is implemented, but not "Secure storage", meaning that a client
217    needs to do encrypt files on their own before storing the files.
218
219*   Issue(s) open on GitHub
220    *   [#95][pr95]: An error about building the test code of libtomcrypt.
221
222    *   [#149][pr149]: when testing optee os with arm trusted firmware (I
223	utilized optee os tee.bin as bl32 image) on juno platform, I got an
224        error.
225
226    *   [#161][pr161]: tee_svc_cryp.c lacks accessibility checks on
227        user-supplied TEE_Attributes.
228
229[hello_world]: https://github.com/jenswi-linaro/lcu14_optee_hello_world
230[github_commits_0_1_0]: https://github.com/OP-TEE/optee_os/compare/b01047730e77127c23a36591643eeb8bb0487d68...999e4a6c0f64d3177fd3d0db234107b6fb860884
231[pr95]: https://github.com/OP-TEE/optee_os/issues/95
232[pr149]: https://github.com/OP-TEE/optee_os/issues/149
233[pr161]: https://github.com/OP-TEE/optee_os/issues/161
234
235*   Global Platform Device Internal Core API v1.1
236    *   [#230][pr230]: Persistent object corruption support (TEE_ERROR_CORRUPT_OBJECT/_2)
237    *   [#230][pr230]: Persistent object access support (TEE_ERROR_STORAGE_NOT_AVAILABLE/_2)
238