xref: /optee_os/CHANGELOG.md (revision a31f13fbe554136fa2314c7daf1af9d8b0b0ad8d) 
1# OP-TEE - version 2.0.0
2
3
4## New features
5
6* Generic driver: A new generic TEE driver is in the process of being
7  [upstreamed][gendrv_v9].
8  In this release, [OP-TEE/optee_linuxdriver][optee_linuxdriver] is no more used.
9  Instead, linux v4.5 is being patched using the proposed Generic TEE Driver,
10  as it can be found in [https://github.com/linaro-swg/linux/tree/optee][linux_optee]
11
12* RPMB support: Secure Storage can now use Replay Protected Memory Block (RPMB) partition
13  of an eMMC device. Check the [full documentation][rpmb_doc]
14
15* Hard-float ABI is now available.
16
17* [Link][github_commits_2_0_0] to a list of all commits between this and
18  previous release.
19
20
21## Tested on
22Definitions:
23
24| Type | Meaning |
25| ---- | ------- |
26| Standard tests | The [optee_test][optee_test] project. |
27| Extended tests | optee_test with tests from the GlobalPlatform™ TEE Initial Configuration Test Suite v1.1.0.4. |
28
29*	ARM Juno Board (vexpress-juno), standard.
30*	Foundation Models (vexpress-fvp), standard tests + extended tests,
31	using FVP ARM V8 Foundation Platformr0p0 (platform build 9.5.40)
32*	FSL ls1021a (ls-ls1021atwr), standard.
33*	HiKey (hikey), standard.
34*	MTK8173-EVB (mediatek-mt8173), standard.
35*	QEMU (vexpress-qemu), standard + extended tests.
36*	STM Cannes (stm-cannes), standard + extended tests.
37
38## Known issues
39* Issue(s) open on GitHub
40  * [#40][prld40] BUG_ON() when re-using RPC buffer to tee-supplicant
41  * [#506][pr506]: tee-supplicant panic & ta panic
42
43[github_commits_2_0_0]: https://github.com/OP-TEE/optee_os/compare/1.1.0...2.0.0
44[rpmb_doc]: https://github.com/OP-TEE/optee_os/blob/master/documentation/secure_storage_rpmb.md
45[optee_linuxdriver]: https://github.com/OP-TEE/optee_linuxdriver
46[gendrv_v9]: https://lkml.org/lkml/2016/4/1/205
47[linux_optee]: https://github.com/linaro-swg/linux/tree/optee
48
49
50# OP-TEE - version 1.1.0
51
52
53## New features
54
55* Softfloat library: floating point support is now available in 32bits TA.
56
57* Support running 64-bits TA: on ARMv8-A platform, TA can be compiled in
58  AArch32 and/or in AArch64 in case the core is compiled in AArch64.
59  An example can be found in HiKey configuration file. Using the following
60  excerpt code, the user TA libraries are compiled in both AArch32 and
61  AArch64, and can be found in `out/arm-plat-hikey/export-ta_arm32` and
62  `out/arm-plat-hikey/export-ta_arm64`
63
64```
65    ta-targets = ta_arm32
66    ta-targets += ta_arm64
67```
68
69* Concurrent TA support: multiple TA can run in parallel on
70  several cores.
71
72* New tests added in xtest test suite: concurrent TA (xtest 1013),
73  floating point tests (xtest 1006 and os_test TA) and corruption
74  file storage (xtest 20000)
75
76* [Link][github_commits_1_1_0] to a list of all commits between this and
77  previous release.
78
79
80## Tested on
81Definitions:
82
83| Type | Meaning |
84| ---- | ------- |
85| Standard tests | The [optee_test][optee_test] project. |
86| Extended tests | optee_test with tests from the GlobalPlatform™ TEE Initial Configuration Test Suite v1.1.0.4. |
87| Hello world test | Plain hello world Trusted Application such as [this][hello_world]. |
88
89*	Foundation Models (vexpress-fvp), standard tests + extended tests,
90	using FVP ARM V8 Foundation Platformr0p0 (platform build 9.5.40)
91*	HiKey (hikey), standard + extended tests.
92*	MT8173 (mediatek), standard tests.
93*	QEMU (vexpress-qemu), standard + extended tests.
94*	STM Cannes (stm-cannes), standard + extended tests.
95
96## Known issues
97* Secure Storage is implemented, but note that anti-rollback protection
98  is not implemented yet.
99
100* Issue(s) open on GitHub
101  * [#40][prld40] BUG_ON() when re-using RPC buffer to tee-supplicant
102  * [#296][pr296]: Connecting RPMB to the storage APIs.
103  * [#493][pr493]: setup_juno_optee: unable to find pre-built binaries
104  * [#506][pr506]: tee-supplicant panic & ta panic
105
106[prld40]: https://github.com/OP-TEE/optee_linuxdriver/issues/40
107[pr506]: https://github.com/OP-TEE/optee_os/issues/506
108[github_commits_1_1_0]: https://github.com/OP-TEE/optee_os/compare/1.0.1...1.1.0
109
110
111
112# OP-TEE - version 1.0.0
113
114OP-TEE is now maintained by Linaro. Contributors do not need to
115sign a CLA anymore, but must follow the rules of the [DCO][DCO]
116(Developer Certificate of Origin) instead.
117
118
119## New features
120
121* Add hardware support for Texas Instruments DRA7xx, ARMv7 (plat-ti)
122
123* GlobalPlatform™ TEE Internal Core API Specification v1.1,
124  including ECC algorithms.
125
126* Secure Storage: Files stored by the REE are now encrypted. Operations
127  are made atomic in order to prevent inconsistencies in case of errors
128  during the storage operations. [Slides][LCStorage] describing the
129  Secure Storage have been presented at the Linaro Connect SFO15.
130
131* Change of format of the Trusted Applications: they follow a
132  [signed ELF format][elf]
133
134* Rework thread [synchronization][synchro] in optee_os.
135
136* Use of ARMv8 native cryptographic support.
137
138* [OP-TEE/optee_test][optee_test] test suite is released.
139
140* Introduce [OP-TEE/manifest][manifest] and [OP-TEE/build][build]
141  to setup and build QEMU, FVP, HiKey and Mediatek platforms. Setup scripts
142  that used to be in optee_os have been removed, except for Juno board.
143
144* [Link][github_commits_1_0_0] to a list of all commits between this and
145  previous release.
146
147
148## Tested on
149Definitions:
150
151| Type | Meaning |
152| ---- | ------- |
153| Standard tests | The [optee_test][optee_test] project. |
154| Extended tests | optee_test with tests from the GlobalPlatform™ TEE Initial Configuration Test Suite v1.1.0.4. |
155| Hello world test | Plain hello world Trusted Application such as [this][hello_world]. |
156
157*	ARM Juno Board (vexpress-juno), standard + extended tests.
158*	Foundation Models (vexpress-fvp), standard tests.
159*	HiKey (hikey), standard + extended tests.
160*	MT8173 (mediatek), standard tests.
161*	QEMU (vexpress-qemu), standard + extended tests.
162*	STM Cannes (stm-cannes), standard + extended tests.
163
164## Known issues
165* Secure Storage is implemented, but note that anti-rollback protection
166  is not implemented yet.
167
168* Issue(s) open on GitHub
169  * [#210][pr210]: libteec.so 32-bit does not communicate well
170    with 64-bit kernel module
171  * [#296][pr296]: Connecting RPMB to the storage APIs.
172  * [#493][pr493]: setup_juno_optee: unable to find pre-built binaries
173  * [#494][pr494]: HiKey: xtest 7671 fails (1.0.0-rc2)
174
175[pr210]: https://github.com/OP-TEE/optee_os/issues/210
176[pr296]: https://github.com/OP-TEE/optee_os/issues/296
177[pr493]: https://github.com/OP-TEE/optee_os/issues/493
178[pr494]: https://github.com/OP-TEE/optee_os/issues/494
179[github_commits_1_0_0]: https://github.com/OP-TEE/optee_os/compare/0.3.0...1.0.0
180[DCO]: https://github.com/OP-TEE/optee_os/blob/master/Notice.md#contributions
181[LCStorage]: http://www.slideshare.net/linaroorg/sfo15503-secure-storage-in-optee
182[synchro]: https://github.com/OP-TEE/optee_os/blob/master/documentation/optee_design.md#4-thread-handling
183[elf]: https://github.com/OP-TEE/optee_os/blob/master/documentation/optee_design.md#format
184[optee_test]: https://github.com/OP-TEE/optee_test
185[manifest]: https://github.com/OP-TEE/manifest
186[build]: https://github.com/OP-TEE/build
187
188
189
190# OP-TEE - version 0.3.0
191
192## New features
193
194*   Add hardware support for
195	*   Mediatek MT8173 Board, ARMv8-A (plat-mediatek)
196	*   Hisilicon HiKey Board, ARMv8-A (plat-hikey)
197*   AArch64 build of optee_os is now possible through the configuration `CFG_ARM64_core=y`
198*	Secure Storage: Data can be encrypted prior to their storage in the non-secure.
199	Build is configured using `CFG_ENC_FS=y`
200*	A generic boot scheme can be used. Boot configuration is commonalized. This helps
201	new board support. It is applied on plat-hikey, plat-vexpress, plat-mediatek, plat-stm
202    and plat-vexpress.
203
204## Tested on
205Definitions:
206
207| Type | Meaning |
208| ---- | ------- |
209| Standard tests | The optee_test project. |
210| Extended tests | optee_test with tests from the GlobalPlatform™ TEE Initial Configuration Test Suite v1.1.0.4. |
211| Hello world test | Plain hello world Trusted Application such as [this][hello_world]. |
212
213*	ARM Juno Board (vexpress-juno), standard tests.
214*	Foundation Models (vexpress-fvp), standard tests.
215*	HiKey (hikey), standard tests.
216*	MT8173 (mediatek), standard tests.
217*	QEMU (vexpress-qemu), standard + extended tests.
218*	STM Cannes (stm-cannes), standard + extended tests.
219
220-------------------------------------------
221
222# OP-TEE - version 0.2.0
223
224## New features
225
226### Linux Driver Refactoring
227
228Linux Driver has been refactored. It is now split in two parts:
229*	optee.ko, the generic Linux driver. It contains all functionality
230	common to all backends.
231*	optee_armtz.ko, a specific backend dedicated to the TrustZone optee.
232	It depends on optee.ko.
233
234Loading the TrustZone optee linux driver module is now performed using
235
236    modprobe optee_armtz
237
238Thanks to the dependency between the generic and the backend modules, optee.ko is then automatically loaded.
239
240### Misc new features
241* support PL310 lock down at TEE boot
242* add 64bits support (division / print)
243
244## Tested on
245Definitions:
246
247| Type | Meaning |
248| ---- | ------- |
249| Standard tests | The optee_test project. |
250| Extended tests | optee_test with tests from the GlobalPlatform™ TEE Initial Configuration Test Suite v1.1.0.4. |
251| Hello world test | Plain hello world Trusted Application such as [this][hello_world]. |
252
253*   ARM Juno Board (vexpress-juno), standard tests + extended tests.
254
255*   Foundation Models (vexpress-fvp), standard + extended tests.
256
257*   QEMU (vexpress-qemu), standard + extended tests.
258
259*   STM Cannes (stm-cannes), standard + extended tests.
260
261
262## Issues resolved since last release
263*	Fix user TA trace issue, in order each TA is able to select its own trace level
264
265
266-------------------------------------------
267#OP-TEE - version 0.1.0
268
269## New features
270Below is a summary of the most important features added, but at the end you will
271find a link that present you all commits between the current and previous
272release tag.
273
274*   GlobalPlatform Client API v1.0 support.
275
276*   GlobalPlatform Internal API v1.0 support.
277
278*   GlobalPlatform Secure Elements v1.0 support.
279
280*   Add hardware support for
281
282    *   Allwinner A80, ARMv7-A.
283
284    *   ARM Juno Board, ARMv8-A.
285
286    *   Foundation Models, ARMv8-A.
287
288    *   Fast Models, ARMv8-A.
289
290    *   QEMU, ARMv7-A.
291
292    *   STM Cannes, ARMv7-A.
293
294    *   STM Orly2, ARMv7-A.
295
296*   Add LibTomCrypt as the default software cryptographic library.
297
298*   Add cryptographic abstraction layer in on secure side to ease the use of
299    other cryptographic software libraries or adding support for hardware
300    acceleration.
301
302*   Extended cryptographic API with support for HKDF, Concat KDF and PBKDF2.
303
304*   SHA-1 and SHA-256 ARMv8-A crypto extension implementation.
305
306*   Enabled paging support in OP-TEE OS.
307
308*   Add support for xtest (both standard and extended) in QEMU and FVP setup
309    scripts.
310
311*   Add documentation for the OS design, cryptographic abstraction layer, secure
312    elements design, the build system, GitHub usage, key derivation extensions,
313    ARM-Trusted Firmware usage within OP-TEE and GlobalPlatform usage within
314    OP-TEE.
315
316*   Integrate support for Travis CI.
317
318*   [Link][github_commits_0_1_0] to a list of all commits between this and
319    previous release.
320
321
322## Tested on
323Definitions:
324
325| Type | Meaning |
326| ---- | ------- |
327| Standard tests | The optee_test project. |
328| Extended tests | optee_test with tests from the GlobalPlatform™ TEE Initial Configuration Test Suite v1.0.0. |
329| Hello world test | Plain hello world Trusted Application such as [this][hello_world]. |
330
331*   Allwinner A80 (plat-sunxi), hello world test.
332
333*   ARM Juno Board (vexpress-juno), standard tests.
334
335*   Foundation Models (plat-vexpress-fvp), standard + extended tests
336
337*   QEMU (plat-vexpress-qemu), standard + extended tests (and Secure Elements
338    tested separately).
339
340*   STM Cannes (plat-stm-cannes), standard + extended tests.
341
342
343## Issues resolved since last release
344N/A since this is the first release tag on OP-TEE.
345
346
347## Known issues
348*   Storage is implemented, but not "Secure storage", meaning that a client
349    needs to do encrypt files on their own before storing the files.
350
351*   Issue(s) open on GitHub
352    *   [#95][pr95]: An error about building the test code of libtomcrypt.
353
354    *   [#149][pr149]: when testing optee os with arm trusted firmware (I
355	utilized optee os tee.bin as bl32 image) on juno platform, I got an
356        error.
357
358    *   [#161][pr161]: tee_svc_cryp.c lacks accessibility checks on
359        user-supplied TEE_Attributes.
360
361[hello_world]: https://github.com/jenswi-linaro/lcu14_optee_hello_world
362[github_commits_0_1_0]: https://github.com/OP-TEE/optee_os/compare/b01047730e77127c23a36591643eeb8bb0487d68...999e4a6c0f64d3177fd3d0db234107b6fb860884
363[pr95]: https://github.com/OP-TEE/optee_os/issues/95
364[pr149]: https://github.com/OP-TEE/optee_os/issues/149
365[pr161]: https://github.com/OP-TEE/optee_os/issues/161
366
367*   Global Platform Device Internal Core API v1.1
368    *   [#230][pr230]: Persistent object corruption support (TEE_ERROR_CORRUPT_OBJECT/_2)
369    *   [#230][pr230]: Persistent object access support (TEE_ERROR_STORAGE_NOT_AVAILABLE/_2)
370