Billboard archive

May 2023

• Released v0.3

• Enable chain of trust past BL1

  • On boards that use TF-A, BL2 authenticates BL31, BL32 and BL33

  • On boards that use SPL, FIT images are used for authenticating up to BL33

  • On Xilinx boards the Xilinx FSBL performs the authentication for all firmware components

  • On all boards BL33 with authenticate the next payload using UEFI Secure boot

• Added initial support for zcu102. Only UEFI secure boot is currently supported

April 2023

• Enable the ethernet interface in zynqmp kria starter

• Update OP-TEE to 3.20

March 2023

• Add support for QEMU aarch32

• Enabled UEFI Secure Boot, Measured Boot and OP-TEE xtests in LAVA

February 2023

• Switched zyqmp kria starter kit to FSBL instead of U-Boot SPL as the first stage bootloader

• Fixed ethernet speed issues on rockpi4b

• Add OP-TEE support on zyqmp kria starter builds

January 2023

• Update U-Boot to 2023.01

December 2022

• New MACHINE_FEATURES support on meta-ts

  • silence-console will disable console output

  • disable-console will replace U-Boots console with an interactive menu

November 2022

• meta-ts v0.2 released! Link

• A/B updates merged in U-Boot

• SR-IR 1.0 certification for stmp32mp1 boards using meta-ts

October 2022

• Added LAVA self tests for UEFI secure and measured boot

• PAC enabled in OP-TEE core

September 2022

• Integrated Socionext Synquacer in LAVA

• Created TS documentation available at https://trs.readthedocs.io/en/latest/firmware/index.html

August 2022

• Sr-IR for Rockpi4b using meta-ts

July 2022

• Removed SHA1 support from UEFI certificates for U-Boot

• Fixed TPM provided RNG in U-Boot

June 2022

• meta-ts 0.1 released

• Updated documentation at https://trusted-substrate.readthedocs.io/en/latest/

• CI for QEMU is running on daily builds

April 2022

• Reworked capsule updates for U-Boot. The previous implementation wasn’t adhering to the EFI spec

• Bumped all meta-ts supported boards to the latest stable U-Boot 2022.04

• Fixed all the remaining SystemReady Interface Extensions failures in U-Boot

March 2022

• U-Boot fixes in EFI. The Arm security ACS should pass all tests now

• Fault mitigation patterns investigation for OP-TEE TAs

• Blogposts on FF-A support within OP-TEE

• Basic TPM2 support added into OP-TEE

February 2022

• Created patches for SystemReady-ACS for arm7 (stm32mp1 tested)

• Fixed UEFI Secure boot with intermediate certificates

• Updated meta-ts, consumers can now define their own set of keys to create
  the EFI security database

• Menu driven boot device selection for U-Boot posted in ML. Patches are under review

• Added support for Xilinx kv260 AI vision starter kit

January 2022

• Major cleanup and bug fixes on UEFI secure boot

• A/B update support merged in TF-A

• v3 of A/B updates in U-Boot under review

• ARM secure side virtualization FFA-1.0: patches for optee-os and optee linux driver based on FF-A have been merged

December 2021

• FF-A Firmware Update specifications update forwarded to U-Boot mailing list

• BTI patches for OP-TEE

• Linux kernel OP-TEE runtime check PoC released

November 2021

• OP-TEE release 3.15, asynchronous notifications of secure world in progress

• Xen mediator for OP-TEE PoC ready (DRM for automotive for instance)

• EFI TCG2 compliance in U-Boot.  All patches have been merged upstream

• Fixed PE/COFF alignment in U-Boot.