Trusted Firmware OP TEE: v3.17.0 Release

Introduction

Trusted Firmware OP TEE v3.17.0 was released on the 15th of April, 2022. The release includes support for remote attestation PTA, RTC and TPMv2 driver, Spectre BHB workaround and many more.

Highlights

Here are some of the main additions in OP TEE 3.17.0:

• Spectre BHB workaround
• Armv8 Security Extension Support
  • FEAT_PAUTH (Pointer Authentication) support - Armv8.3-A introduces support of PAUTH to protect against ROP (Return oriented programming) attacks. This can now be enabled for TA’s.
• FF-A Support
  • FF-A with SPMC at EL3
• Remote Attestation PTA
• RTC support
• Driver for TPMv2 (MMIO based)

The release included updates to the following repos:

• optee_os - 202 commits and 71 PR’s
• optee_client - 9 commits and 6 PR’s
• optee_test - 9 commits and 7 PR’s
• build - 8 commits and 6 PR’s

More details can be found here.

Testing of the release has been performed by the committers and can be found here Thirty eight devices were tested for this release using the OP-TEE xtest test suite. Testing results can be found in the pull request itself

The release has been tagged at 3.17.0 using the OP TEE release procedure.

The OP TEE release roadmap can be found here.

Any security fixes prior to the next release will be made available on the Security Advisories page.