xref: /optee_os/CHANGELOG.md (revision bf50df8bd4328cdc8731cfef4b7b3cc5818cf0cc) 
1# OP-TEE - version 1.0.0
2
3OP-TEE is now maintained by Linaro. Contributors do not need to
4sign a CLA anymore, but must follow the rules of the [DCO][DCO]
5(Developer Certificate of Origin) instead.
6
7
8## New features
9
10* Add hardware support for Texas Instruments DRA7xx, ARMv7 (plat-ti)
11
12* GlobalPlatform™ TEE Internal Core API Specification v1.1,
13  including ECC algorithms.
14
15* Secure Storage: Files stored by the REE are now encrypted. Operations
16  are made atomic in order to prevent inconsistencies in case of errors
17  during the storage operations. [Slides][LCStorage] describing the
18  Secure Storage have been presented at the Linaro Connect SFO15.
19
20* Change of format of the Trusted Applications: they follow a
21  [signed ELF format][elf]
22
23* Rework thread [synchronization][synchro] in optee_os.
24
25* Use of ARMv8 native cryptographic support.
26
27* [OP-TEE/optee_test][optee_test] test suite is released.
28
29* Introduce [OP-TEE/manifest][manifest] and [OP-TEE/build][build]
30  to setup and build QEMU, FVP, HiKey and Mediatek platforms. Setup scripts
31  that used to be in optee_os have been removed, except for Juno board.
32
33* [Link][github_commits_1_0_0] to a list of all commits between this and
34  previous release.
35
36
37## Tested on
38Definitions:
39
40| Type | Meaning |
41| ---- | ------- |
42| Standard tests | The [optee_test][optee_test] project. |
43| Extended tests | optee_test with tests from the GlobalPlatform™ TEE Initial Configuration Test Suite v1.1.0.4. |
44| Hello world test | Plain hello world Trusted Application such as [this][hello_world]. |
45
46*	ARM Juno Board (vexpress-juno), standard + extended tests.
47*	Foundation Models (vexpress-fvp), standard tests.
48*	HiKey (hikey), standard + extended tests.
49*	MT8173 (mediatek), standard tests.
50*	QEMU (vexpress-qemu), standard + extended tests.
51*	STM Cannes (stm-cannes), standard + extended tests.
52
53## Known issues
54* Secure Storage is implemented, but note that anti-rollback protection
55  is not implemented yet.
56
57* Issue(s) open on GitHub
58  * [#210][pr210]: libteec.so 32-bit does not communicate well
59    with 64-bit kernel module
60  * [#296][pr296]: Connecting RPMB to the storage APIs.
61  * [#493][pr493]: setup_juno_optee: unable to find pre-built binaries
62  * [#494][pr494]: HiKey: xtest 7671 fails (1.0.0-rc2)
63
64[pr210]: https://github.com/OP-TEE/optee_os/issues/210
65[pr296]: https://github.com/OP-TEE/optee_os/issues/296
66[pr493]: https://github.com/OP-TEE/optee_os/issues/493
67[pr494]: https://github.com/OP-TEE/optee_os/issues/494
68[github_commits_1_0_0]: https://github.com/OP-TEE/optee_os/compare/0.3.0...1.0.0
69[DCO]: https://github.com/OP-TEE/optee_os/blob/master/Notice.md#contributions
70[LCStorage]: http://www.slideshare.net/linaroorg/sfo15503-secure-storage-in-optee
71[synchro]: https://github.com/OP-TEE/optee_os/blob/master/documentation/optee_design.md#4-thread-handling
72[elf]: https://github.com/OP-TEE/optee_os/blob/master/documentation/optee_design.md#format
73[optee_test]: https://github.com/OP-TEE/optee_test
74[manifest]: https://github.com/OP-TEE/manifest
75[build]: https://github.com/OP-TEE/build
76
77
78
79# OP-TEE - version 0.3.0
80
81## New features
82
83*   Add hardware support for
84	*   Mediatek MT8173 Board, ARMv8-A (plat-mediatek)
85	*   Hisilicon HiKey Board, ARMv8-A (plat-hikey)
86*   AArch64 build of optee_os is now possible through the configuration `CFG_ARM64_core=y`
87*	Secure Storage: Data can be encrypted prior to their storage in the non-secure.
88	Build is configured using `CFG_ENC_FS=y`
89*	A generic boot scheme can be used. Boot configuration is commonalized. This helps
90	new board support. It is applied on plat-hikey, plat-vexpress, plat-mediatek, plat-stm
91    and plat-vexpress.
92
93## Tested on
94Definitions:
95
96| Type | Meaning |
97| ---- | ------- |
98| Standard tests | The optee_test project. |
99| Extended tests | optee_test with tests from the GlobalPlatform™ TEE Initial Configuration Test Suite v1.1.0.4. |
100| Hello world test | Plain hello world Trusted Application such as [this][hello_world]. |
101
102*	ARM Juno Board (vexpress-juno), standard tests.
103*	Foundation Models (vexpress-fvp), standard tests.
104*	HiKey (hikey), standard tests.
105*	MT8173 (mediatek), standard tests.
106*	QEMU (vexpress-qemu), standard + extended tests.
107*	STM Cannes (stm-cannes), standard + extended tests.
108
109-------------------------------------------
110
111# OP-TEE - version 0.2.0
112
113## New features
114
115### Linux Driver Refactoring
116
117Linux Driver has been refactored. It is now split in two parts:
118*	optee.ko, the generic Linux driver. It contains all functionality
119	common to all backends.
120*	optee_armtz.ko, a specific backend dedicated to the TrustZone optee.
121	It depends on optee.ko.
122
123Loading the TrustZone optee linux driver module is now performed using
124
125    modprobe optee_armtz
126
127Thanks to the dependency between the generic and the backend modules, optee.ko is then automatically loaded.
128
129### Misc new features
130* support PL310 lock down at TEE boot
131* add 64bits support (division / print)
132
133## Tested on
134Definitions:
135
136| Type | Meaning |
137| ---- | ------- |
138| Standard tests | The optee_test project. |
139| Extended tests | optee_test with tests from the GlobalPlatform™ TEE Initial Configuration Test Suite v1.1.0.4. |
140| Hello world test | Plain hello world Trusted Application such as [this][hello_world]. |
141
142*   ARM Juno Board (vexpress-juno), standard tests + extended tests.
143
144*   Foundation Models (vexpress-fvp), standard + extended tests.
145
146*   QEMU (vexpress-qemu), standard + extended tests.
147
148*   STM Cannes (stm-cannes), standard + extended tests.
149
150
151## Issues resolved since last release
152*	Fix user TA trace issue, in order each TA is able to select its own trace level
153
154
155-------------------------------------------
156#OP-TEE - version 0.1.0
157
158## New features
159Below is a summary of the most important features added, but at the end you will
160find a link that present you all commits between the current and previous
161release tag.
162
163*   GlobalPlatform Client API v1.0 support.
164
165*   GlobalPlatform Internal API v1.0 support.
166
167*   GlobalPlatform Secure Elements v1.0 support.
168
169*   Add hardware support for
170
171    *   Allwinner A80, ARMv7-A.
172
173    *   ARM Juno Board, ARMv8-A.
174
175    *   Foundation Models, ARMv8-A.
176
177    *   Fast Models, ARMv8-A.
178
179    *   QEMU, ARMv7-A.
180
181    *   STM Cannes, ARMv7-A.
182
183    *   STM Orly2, ARMv7-A.
184
185*   Add LibTomCrypt as the default software cryptographic library.
186
187*   Add cryptographic abstraction layer in on secure side to ease the use of
188    other cryptographic software libraries or adding support for hardware
189    acceleration.
190
191*   Extended cryptographic API with support for HKDF, Concat KDF and PBKDF2.
192
193*   SHA-1 and SHA-256 ARMv8-A crypto extension implementation.
194
195*   Enabled paging support in OP-TEE OS.
196
197*   Add support for xtest (both standard and extended) in QEMU and FVP setup
198    scripts.
199
200*   Add documentation for the OS design, cryptographic abstraction layer, secure
201    elements design, the build system, GitHub usage, key derivation extensions,
202    ARM-Trusted Firmware usage within OP-TEE and GlobalPlatform usage within
203    OP-TEE.
204
205*   Integrate support for Travis CI.
206
207*   [Link][github_commits_0_1_0] to a list of all commits between this and
208    previous release.
209
210
211## Tested on
212Definitions:
213
214| Type | Meaning |
215| ---- | ------- |
216| Standard tests | The optee_test project. |
217| Extended tests | optee_test with tests from the GlobalPlatform™ TEE Initial Configuration Test Suite v1.0.0. |
218| Hello world test | Plain hello world Trusted Application such as [this][hello_world]. |
219
220*   Allwinner A80 (plat-sunxi), hello world test.
221
222*   ARM Juno Board (vexpress-juno), standard tests.
223
224*   Foundation Models (plat-vexpress-fvp), standard + extended tests
225
226*   QEMU (plat-vexpress-qemu), standard + extended tests (and Secure Elements
227    tested separately).
228
229*   STM Cannes (plat-stm-cannes), standard + extended tests.
230
231
232## Issues resolved since last release
233N/A since this is the first release tag on OP-TEE.
234
235
236## Known issues
237*   Storage is implemented, but not "Secure storage", meaning that a client
238    needs to do encrypt files on their own before storing the files.
239
240*   Issue(s) open on GitHub
241    *   [#95][pr95]: An error about building the test code of libtomcrypt.
242
243    *   [#149][pr149]: when testing optee os with arm trusted firmware (I
244	utilized optee os tee.bin as bl32 image) on juno platform, I got an
245        error.
246
247    *   [#161][pr161]: tee_svc_cryp.c lacks accessibility checks on
248        user-supplied TEE_Attributes.
249
250[hello_world]: https://github.com/jenswi-linaro/lcu14_optee_hello_world
251[github_commits_0_1_0]: https://github.com/OP-TEE/optee_os/compare/b01047730e77127c23a36591643eeb8bb0487d68...999e4a6c0f64d3177fd3d0db234107b6fb860884
252[pr95]: https://github.com/OP-TEE/optee_os/issues/95
253[pr149]: https://github.com/OP-TEE/optee_os/issues/149
254[pr161]: https://github.com/OP-TEE/optee_os/issues/161
255
256*   Global Platform Device Internal Core API v1.1
257    *   [#230][pr230]: Persistent object corruption support (TEE_ERROR_CORRUPT_OBJECT/_2)
258    *   [#230][pr230]: Persistent object access support (TEE_ERROR_STORAGE_NOT_AVAILABLE/_2)
259