Trusted Firmware-A and the related Trusted Firmware-A tests v2.2 have now been released! The TF-A change logs and TF-A-Test change logs show the updates, but we’ve shown some of the highlights below:

Important highlights of the TF-A log include:

• Armv8.3 Pointer Authentication use in Secure world (EL3 and lower S-ELs)
• Adds support for ARMv8.3-Pointer Authentication in BL1 SMC calls and BL2U image for firmware updates.
• Armv8.5 Branch Target Identification
• Armv8.5 Memory Tagging Extension (MTE) enabled for the Normal world and Secure world
• MTE support is now enabled by default on systems that support it at EL0.
• GICv3 Driver updates for multi socket GIC redistributor discovery
• RSA - 3072 support as per latest version of TBSA/TBFU
• Speculative Store Bypass Safe (SSBS): Further enhance protection against Spectre variant 4 by disabling speculative loads/stores (SPSR.SSBS bit) by default.

Additionally, Arm CPU support now includes the following features:

• Support introduced for new cores: Hercules, HerculesAE, Cortex- A76AE, Cortex- A65, A65AE
• Various errata workarounds for the cores: N1, Cortex-A76, A55, A35, A9 and for the DSU
• New/enhanced features:
  • Neoverse N1: force cacheable atomic to near atomic and workaround for various errata.
  • Zeus: apply MSR SSBS instruction

Many new partner platform ports have been added to our current lineup. This includes support for:

• Amlogic S905X2 (G12A) and S905x (GXL) platform
• Arm A5 DesignStart and Arm Corestone-700
• Intel Agilex
• MediaTek mt8183
• QEMU SBSA platform
• Renesas R-Car Gen3: New platform support added for D3
• Rockchip px30 and rk3288
• Raspberry Pi 4

The highlights for the TF-A-Tests include:

• Secure partition quark

• New tests:

  • Basic unit tests for xlat table library v2.
  • Tests for validating SVE support in TF-A.
  • Stress tests for dynamic xlat table library.
  • PSCI test to measure latencies when turning ON a cluster.
  • Series of AArch64 tests that stress the secure world to leak sensitive counter values.
  • Test to validate PSCI SYSTEM_RESET call.
  • Basic tests to validate Memory Tagging Extensions are being enabled and ensuring no undesired leak of sensitive data occurs.

• Enhanced tests:

  • Improved tests for Pointer Authentication support. Checks are performed to see if pointer authentication keys are accessible as well as validate if secure keys are being leaked after a PSCI version call or TSP call.
  • Improved AMU test to remove unexecuted code iterating over Group1 counters and fix the conditional check of AMU Group0 counter value.

For more information, please see the TF-A change log and TF-A Tests change log.