xref: /optee_os/CHANGELOG.md (revision a0cd5d60beafc282c9016a095b930dc4750f0fb0) 
1# OP-TEE - version 2.0.0
2
3
4## New features
5
6* Generic driver: A new generic TEE driver is in the process of being
7  [upstreamed][gendrv_v9].
8  In this release, [OP-TEE/optee_linuxdriver][optee_linuxdriver] is no more used.
9  Instead, linux v4.5 is being patched using the proposed Generic TEE Driver,
10  as it can be found in [https://github.com/linaro-swg/linux/tree/optee][linux_optee]
11
12* RPMB support: Secure Storage can now use Replay Protected Memory Block (RPMB) partition
13  of an eMMC device. Check the [full documentation][rpmb_doc]
14
15* Hard-float ABI is now available.
16
17* [Link][github_commits_2_0_0] to a list of all commits between this and
18  previous release.
19
20
21## Tested on
22Definitions:
23
24| Type | Meaning |
25| ---- | ------- |
26| Standard tests | The [optee_test][optee_test] project. |
27| Extended tests | optee_test with tests from the GlobalPlatform™ TEE Initial Configuration Test Suite v1.1.0.4. |
28
29*	ARM Juno Board (vexpress-juno), standard.
30*	Foundation Models (vexpress-fvp), standard tests + extended tests,
31	using FVP ARM V8 Foundation Platformr0p0 (platform build 9.5.40)
32*	HiKey (hikey), standard.
33*	MTK8173-EVB (mediatek-mt8173), standard.
34*	QEMU (vexpress-qemu), standard + extended tests.
35*	STM Cannes (stm-cannes), standard + extended tests.
36
37## Known issues
38* Issue(s) open on GitHub
39  * [#40][prld40] BUG_ON() when re-using RPC buffer to tee-supplicant
40  * [#506][pr506]: tee-supplicant panic & ta panic
41
42[github_commits_2_0_0]: https://github.com/OP-TEE/optee_os/compare/1.1.0...2.0.0
43[rpmb_doc]: https://github.com/OP-TEE/optee_os/blob/master/documentation/secure_storage_rpmb.md
44[optee_linuxdriver]: https://github.com/OP-TEE/optee_linuxdriver
45[gendrv_v9]: https://lkml.org/lkml/2016/4/1/205
46[linux_optee]: https://github.com/linaro-swg/linux/tree/optee
47
48
49# OP-TEE - version 1.1.0
50
51
52## New features
53
54* Softfloat library: floating point support is now available in 32bits TA.
55
56* Support running 64-bits TA: on ARMv8-A platform, TA can be compiled in
57  AArch32 and/or in AArch64 in case the core is compiled in AArch64.
58  An example can be found in HiKey configuration file. Using the following
59  excerpt code, the user TA libraries are compiled in both AArch32 and
60  AArch64, and can be found in `out/arm-plat-hikey/export-ta_arm32` and
61  `out/arm-plat-hikey/export-ta_arm64`
62
63```
64    ta-targets = ta_arm32
65    ta-targets += ta_arm64
66```
67
68* Concurrent TA support: multiple TA can run in parallel on
69  several cores.
70
71* New tests added in xtest test suite: concurrent TA (xtest 1013),
72  floating point tests (xtest 1006 and os_test TA) and corruption
73  file storage (xtest 20000)
74
75* [Link][github_commits_1_1_0] to a list of all commits between this and
76  previous release.
77
78
79## Tested on
80Definitions:
81
82| Type | Meaning |
83| ---- | ------- |
84| Standard tests | The [optee_test][optee_test] project. |
85| Extended tests | optee_test with tests from the GlobalPlatform™ TEE Initial Configuration Test Suite v1.1.0.4. |
86| Hello world test | Plain hello world Trusted Application such as [this][hello_world]. |
87
88*	Foundation Models (vexpress-fvp), standard tests + extended tests,
89	using FVP ARM V8 Foundation Platformr0p0 (platform build 9.5.40)
90*	HiKey (hikey), standard + extended tests.
91*	MT8173 (mediatek), standard tests.
92*	QEMU (vexpress-qemu), standard + extended tests.
93*	STM Cannes (stm-cannes), standard + extended tests.
94
95## Known issues
96* Secure Storage is implemented, but note that anti-rollback protection
97  is not implemented yet.
98
99* Issue(s) open on GitHub
100  * [#40][prld40] BUG_ON() when re-using RPC buffer to tee-supplicant
101  * [#296][pr296]: Connecting RPMB to the storage APIs.
102  * [#493][pr493]: setup_juno_optee: unable to find pre-built binaries
103  * [#506][pr506]: tee-supplicant panic & ta panic
104
105[prld40]: https://github.com/OP-TEE/optee_linuxdriver/issues/40
106[pr506]: https://github.com/OP-TEE/optee_os/issues/506
107[github_commits_1_1_0]: https://github.com/OP-TEE/optee_os/compare/1.0.1...1.1.0
108
109
110
111# OP-TEE - version 1.0.0
112
113OP-TEE is now maintained by Linaro. Contributors do not need to
114sign a CLA anymore, but must follow the rules of the [DCO][DCO]
115(Developer Certificate of Origin) instead.
116
117
118## New features
119
120* Add hardware support for Texas Instruments DRA7xx, ARMv7 (plat-ti)
121
122* GlobalPlatform™ TEE Internal Core API Specification v1.1,
123  including ECC algorithms.
124
125* Secure Storage: Files stored by the REE are now encrypted. Operations
126  are made atomic in order to prevent inconsistencies in case of errors
127  during the storage operations. [Slides][LCStorage] describing the
128  Secure Storage have been presented at the Linaro Connect SFO15.
129
130* Change of format of the Trusted Applications: they follow a
131  [signed ELF format][elf]
132
133* Rework thread [synchronization][synchro] in optee_os.
134
135* Use of ARMv8 native cryptographic support.
136
137* [OP-TEE/optee_test][optee_test] test suite is released.
138
139* Introduce [OP-TEE/manifest][manifest] and [OP-TEE/build][build]
140  to setup and build QEMU, FVP, HiKey and Mediatek platforms. Setup scripts
141  that used to be in optee_os have been removed, except for Juno board.
142
143* [Link][github_commits_1_0_0] to a list of all commits between this and
144  previous release.
145
146
147## Tested on
148Definitions:
149
150| Type | Meaning |
151| ---- | ------- |
152| Standard tests | The [optee_test][optee_test] project. |
153| Extended tests | optee_test with tests from the GlobalPlatform™ TEE Initial Configuration Test Suite v1.1.0.4. |
154| Hello world test | Plain hello world Trusted Application such as [this][hello_world]. |
155
156*	ARM Juno Board (vexpress-juno), standard + extended tests.
157*	Foundation Models (vexpress-fvp), standard tests.
158*	HiKey (hikey), standard + extended tests.
159*	MT8173 (mediatek), standard tests.
160*	QEMU (vexpress-qemu), standard + extended tests.
161*	STM Cannes (stm-cannes), standard + extended tests.
162
163## Known issues
164* Secure Storage is implemented, but note that anti-rollback protection
165  is not implemented yet.
166
167* Issue(s) open on GitHub
168  * [#210][pr210]: libteec.so 32-bit does not communicate well
169    with 64-bit kernel module
170  * [#296][pr296]: Connecting RPMB to the storage APIs.
171  * [#493][pr493]: setup_juno_optee: unable to find pre-built binaries
172  * [#494][pr494]: HiKey: xtest 7671 fails (1.0.0-rc2)
173
174[pr210]: https://github.com/OP-TEE/optee_os/issues/210
175[pr296]: https://github.com/OP-TEE/optee_os/issues/296
176[pr493]: https://github.com/OP-TEE/optee_os/issues/493
177[pr494]: https://github.com/OP-TEE/optee_os/issues/494
178[github_commits_1_0_0]: https://github.com/OP-TEE/optee_os/compare/0.3.0...1.0.0
179[DCO]: https://github.com/OP-TEE/optee_os/blob/master/Notice.md#contributions
180[LCStorage]: http://www.slideshare.net/linaroorg/sfo15503-secure-storage-in-optee
181[synchro]: https://github.com/OP-TEE/optee_os/blob/master/documentation/optee_design.md#4-thread-handling
182[elf]: https://github.com/OP-TEE/optee_os/blob/master/documentation/optee_design.md#format
183[optee_test]: https://github.com/OP-TEE/optee_test
184[manifest]: https://github.com/OP-TEE/manifest
185[build]: https://github.com/OP-TEE/build
186
187
188
189# OP-TEE - version 0.3.0
190
191## New features
192
193*   Add hardware support for
194	*   Mediatek MT8173 Board, ARMv8-A (plat-mediatek)
195	*   Hisilicon HiKey Board, ARMv8-A (plat-hikey)
196*   AArch64 build of optee_os is now possible through the configuration `CFG_ARM64_core=y`
197*	Secure Storage: Data can be encrypted prior to their storage in the non-secure.
198	Build is configured using `CFG_ENC_FS=y`
199*	A generic boot scheme can be used. Boot configuration is commonalized. This helps
200	new board support. It is applied on plat-hikey, plat-vexpress, plat-mediatek, plat-stm
201    and plat-vexpress.
202
203## Tested on
204Definitions:
205
206| Type | Meaning |
207| ---- | ------- |
208| Standard tests | The optee_test project. |
209| Extended tests | optee_test with tests from the GlobalPlatform™ TEE Initial Configuration Test Suite v1.1.0.4. |
210| Hello world test | Plain hello world Trusted Application such as [this][hello_world]. |
211
212*	ARM Juno Board (vexpress-juno), standard tests.
213*	Foundation Models (vexpress-fvp), standard tests.
214*	HiKey (hikey), standard tests.
215*	MT8173 (mediatek), standard tests.
216*	QEMU (vexpress-qemu), standard + extended tests.
217*	STM Cannes (stm-cannes), standard + extended tests.
218
219-------------------------------------------
220
221# OP-TEE - version 0.2.0
222
223## New features
224
225### Linux Driver Refactoring
226
227Linux Driver has been refactored. It is now split in two parts:
228*	optee.ko, the generic Linux driver. It contains all functionality
229	common to all backends.
230*	optee_armtz.ko, a specific backend dedicated to the TrustZone optee.
231	It depends on optee.ko.
232
233Loading the TrustZone optee linux driver module is now performed using
234
235    modprobe optee_armtz
236
237Thanks to the dependency between the generic and the backend modules, optee.ko is then automatically loaded.
238
239### Misc new features
240* support PL310 lock down at TEE boot
241* add 64bits support (division / print)
242
243## Tested on
244Definitions:
245
246| Type | Meaning |
247| ---- | ------- |
248| Standard tests | The optee_test project. |
249| Extended tests | optee_test with tests from the GlobalPlatform™ TEE Initial Configuration Test Suite v1.1.0.4. |
250| Hello world test | Plain hello world Trusted Application such as [this][hello_world]. |
251
252*   ARM Juno Board (vexpress-juno), standard tests + extended tests.
253
254*   Foundation Models (vexpress-fvp), standard + extended tests.
255
256*   QEMU (vexpress-qemu), standard + extended tests.
257
258*   STM Cannes (stm-cannes), standard + extended tests.
259
260
261## Issues resolved since last release
262*	Fix user TA trace issue, in order each TA is able to select its own trace level
263
264
265-------------------------------------------
266#OP-TEE - version 0.1.0
267
268## New features
269Below is a summary of the most important features added, but at the end you will
270find a link that present you all commits between the current and previous
271release tag.
272
273*   GlobalPlatform Client API v1.0 support.
274
275*   GlobalPlatform Internal API v1.0 support.
276
277*   GlobalPlatform Secure Elements v1.0 support.
278
279*   Add hardware support for
280
281    *   Allwinner A80, ARMv7-A.
282
283    *   ARM Juno Board, ARMv8-A.
284
285    *   Foundation Models, ARMv8-A.
286
287    *   Fast Models, ARMv8-A.
288
289    *   QEMU, ARMv7-A.
290
291    *   STM Cannes, ARMv7-A.
292
293    *   STM Orly2, ARMv7-A.
294
295*   Add LibTomCrypt as the default software cryptographic library.
296
297*   Add cryptographic abstraction layer in on secure side to ease the use of
298    other cryptographic software libraries or adding support for hardware
299    acceleration.
300
301*   Extended cryptographic API with support for HKDF, Concat KDF and PBKDF2.
302
303*   SHA-1 and SHA-256 ARMv8-A crypto extension implementation.
304
305*   Enabled paging support in OP-TEE OS.
306
307*   Add support for xtest (both standard and extended) in QEMU and FVP setup
308    scripts.
309
310*   Add documentation for the OS design, cryptographic abstraction layer, secure
311    elements design, the build system, GitHub usage, key derivation extensions,
312    ARM-Trusted Firmware usage within OP-TEE and GlobalPlatform usage within
313    OP-TEE.
314
315*   Integrate support for Travis CI.
316
317*   [Link][github_commits_0_1_0] to a list of all commits between this and
318    previous release.
319
320
321## Tested on
322Definitions:
323
324| Type | Meaning |
325| ---- | ------- |
326| Standard tests | The optee_test project. |
327| Extended tests | optee_test with tests from the GlobalPlatform™ TEE Initial Configuration Test Suite v1.0.0. |
328| Hello world test | Plain hello world Trusted Application such as [this][hello_world]. |
329
330*   Allwinner A80 (plat-sunxi), hello world test.
331
332*   ARM Juno Board (vexpress-juno), standard tests.
333
334*   Foundation Models (plat-vexpress-fvp), standard + extended tests
335
336*   QEMU (plat-vexpress-qemu), standard + extended tests (and Secure Elements
337    tested separately).
338
339*   STM Cannes (plat-stm-cannes), standard + extended tests.
340
341
342## Issues resolved since last release
343N/A since this is the first release tag on OP-TEE.
344
345
346## Known issues
347*   Storage is implemented, but not "Secure storage", meaning that a client
348    needs to do encrypt files on their own before storing the files.
349
350*   Issue(s) open on GitHub
351    *   [#95][pr95]: An error about building the test code of libtomcrypt.
352
353    *   [#149][pr149]: when testing optee os with arm trusted firmware (I
354	utilized optee os tee.bin as bl32 image) on juno platform, I got an
355        error.
356
357    *   [#161][pr161]: tee_svc_cryp.c lacks accessibility checks on
358        user-supplied TEE_Attributes.
359
360[hello_world]: https://github.com/jenswi-linaro/lcu14_optee_hello_world
361[github_commits_0_1_0]: https://github.com/OP-TEE/optee_os/compare/b01047730e77127c23a36591643eeb8bb0487d68...999e4a6c0f64d3177fd3d0db234107b6fb860884
362[pr95]: https://github.com/OP-TEE/optee_os/issues/95
363[pr149]: https://github.com/OP-TEE/optee_os/issues/149
364[pr161]: https://github.com/OP-TEE/optee_os/issues/161
365
366*   Global Platform Device Internal Core API v1.1
367    *   [#230][pr230]: Persistent object corruption support (TEE_ERROR_CORRUPT_OBJECT/_2)
368    *   [#230][pr230]: Persistent object access support (TEE_ERROR_STORAGE_NOT_AVAILABLE/_2)
369