aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Hu <david.hu@arm.com>2021-07-08 20:48:19 +0800
committerDavid Hu <david.hu@arm.com>2021-07-13 10:16:12 +0200
commit0e6b44e149c9b8de5990f0d942131699db1f47a7 (patch)
tree150754921bcda4c91014c5c7a2941a6f0399d028
parent802f588b98b22d78cc882c74490d33e89835553a (diff)
downloadtrusted-firmware-m-0e6b44e149c9b8de5990f0d942131699db1f47a7.tar.gz
Docs: Move design documents into a dedicated folder
Collect all the design documents under a dedicated design_docs folder. Update the links in other documents. Change-Id: I2da761a11317144185e960c539f2245d3d46fd2a Signed-off-by: David Hu <david.hu@arm.com>
-rw-r--r--docs/contributing/code_review_guide.rst2
-rw-r--r--docs/integration_guide/os_migration_guide_armv8m.rst2
-rw-r--r--docs/integration_guide/services/tfm_ps_integration_guide.rst2
-rw-r--r--docs/integration_guide/services/tfm_psa_proxy_integration_guide.rst2
-rw-r--r--docs/integration_guide/tfm_integration_guide.rst4
-rw-r--r--docs/releases/1.3.0.rst6
-rw-r--r--docs/security/threat_models/generic_threat_model.rst6
-rw-r--r--docs/technical_references/design_docs/code_sharing.rst (renamed from docs/technical_references/code_sharing.rst)0
-rw-r--r--docs/technical_references/design_docs/dual-cpu/booting_a_dual_core_system.rst (renamed from docs/technical_references/dual-cpu/booting_a_dual_core_system.rst)0
-rw-r--r--docs/technical_references/design_docs/dual-cpu/communication_prototype_between_nspe_and_spe_in_dual_core_systems.rst (renamed from docs/technical_references/dual-cpu/communication_prototype_between_nspe_and_spe_in_dual_core_systems.rst)0
-rw-r--r--docs/technical_references/design_docs/dual-cpu/dual_core_mailbox_arch.png (renamed from docs/technical_references/dual-cpu/dual_core_mailbox_arch.png)bin31782 -> 31782 bytes
-rw-r--r--docs/technical_references/design_docs/dual-cpu/index.rst (renamed from docs/technical_references/dual-cpu/index.rst)0
-rw-r--r--docs/technical_references/design_docs/dual-cpu/mailbox_design_on_dual_core_system.rst (renamed from docs/technical_references/dual-cpu/mailbox_design_on_dual_core_system.rst)0
-rw-r--r--docs/technical_references/design_docs/dual-cpu/tfm_multi_core_access_check.rst (renamed from docs/technical_references/dual-cpu/tfm_multi_core_access_check.rst)0
-rw-r--r--docs/technical_references/design_docs/enum_implicit_casting.rst (renamed from docs/technical_references/enum_implicit_casting.rst)0
-rw-r--r--docs/technical_references/design_docs/ff_isolation.rst (renamed from docs/technical_references/ff_isolation.rst)0
-rw-r--r--docs/technical_references/design_docs/hardware_abstraction_layer.rst (renamed from docs/technical_references/hardware_abstraction_layer.rst)2
-rw-r--r--docs/technical_references/design_docs/index.rst13
-rw-r--r--docs/technical_references/design_docs/media/hal_structure.png (renamed from docs/technical_references/media/hal_structure.png)bin32736 -> 32736 bytes
-rw-r--r--docs/technical_references/design_docs/media/symmetric_initial_attest/attest_token_finish.png (renamed from docs/technical_references/media/symmetric_initial_attest/attest_token_finish.png)bin14947 -> 14947 bytes
-rw-r--r--docs/technical_references/design_docs/media/symmetric_initial_attest/attest_token_start.png (renamed from docs/technical_references/media/symmetric_initial_attest/attest_token_start.png)bin30230 -> 30230 bytes
-rw-r--r--docs/technical_references/design_docs/media/symmetric_initial_attest/ia_service_flow.png (renamed from docs/technical_references/media/symmetric_initial_attest/ia_service_flow.png)bin50354 -> 50354 bytes
-rw-r--r--docs/technical_references/design_docs/media/symmetric_initial_attest/iat_decode.png (renamed from docs/technical_references/media/symmetric_initial_attest/iat_decode.png)bin40309 -> 40309 bytes
-rw-r--r--docs/technical_references/design_docs/media/symmetric_initial_attest/overall_diagram.png (renamed from docs/technical_references/media/symmetric_initial_attest/overall_diagram.png)bin14536 -> 14536 bytes
-rw-r--r--docs/technical_references/design_docs/media/tfm_crypto_design.png (renamed from docs/technical_references/media/tfm_crypto_design.png)bin32529 -> 32529 bytes
-rw-r--r--docs/technical_references/design_docs/profiles/index.rst (renamed from docs/technical_references/profiles/index.rst)0
-rw-r--r--docs/technical_references/design_docs/profiles/tfm_profile_large.rst (renamed from docs/technical_references/profiles/tfm_profile_large.rst)8
-rw-r--r--docs/technical_references/design_docs/profiles/tfm_profile_medium.rst (renamed from docs/technical_references/profiles/tfm_profile_medium.rst)4
-rw-r--r--docs/technical_references/design_docs/profiles/tfm_profile_small.rst (renamed from docs/technical_references/profiles/tfm_profile_small.rst)4
-rw-r--r--docs/technical_references/design_docs/ps_key_management.rst (renamed from docs/technical_references/ps_key_management.rst)0
-rw-r--r--docs/technical_references/design_docs/secure_boot_hw_key_integration.rst (renamed from docs/technical_references/secure_boot_hw_key_integration.rst)0
-rw-r--r--docs/technical_references/design_docs/secure_boot_rollback_protection.rst (renamed from docs/technical_references/secure_boot_rollback_protection.rst)0
-rw-r--r--docs/technical_references/design_docs/secure_enclave_solution.rst (renamed from docs/technical_references/secure_enclave_solution.rst)0
-rw-r--r--docs/technical_references/design_docs/source_structure.rst (renamed from docs/technical_references/source_structure.rst)0
-rw-r--r--docs/technical_references/design_docs/stateless_rot_service.rst (renamed from docs/technical_references/stateless_rot_service.rst)0
-rw-r--r--docs/technical_references/design_docs/symmetric_initial_attest.rst (renamed from docs/technical_references/symmetric_initial_attest.rst)2
-rw-r--r--docs/technical_references/design_docs/tfm_code_generation_with_jinja2.rst (renamed from docs/technical_references/tfm_code_generation_with_jinja2.rst)0
-rw-r--r--docs/technical_references/design_docs/tfm_cooperative_scheduling_rules.rst (renamed from docs/technical_references/tfm_cooperative_scheduling_rules.rst)0
-rw-r--r--docs/technical_references/design_docs/tfm_crypto_design.rst (renamed from docs/technical_references/tfm_crypto_design.rst)0
-rw-r--r--docs/technical_references/design_docs/tfm_fwu_service.rst (renamed from docs/technical_references/tfm_fwu_service.rst)0
-rw-r--r--docs/technical_references/design_docs/tfm_its_512_flash.rst (renamed from docs/technical_references/tfm_its_512_flash.rst)0
-rw-r--r--docs/technical_references/design_docs/tfm_its_service.rst (renamed from docs/technical_references/tfm_its_service.rst)0
-rw-r--r--docs/technical_references/design_docs/tfm_log_system_design_document.rst (renamed from docs/technical_references/tfm_log_system_design_document.rst)0
-rw-r--r--docs/technical_references/design_docs/tfm_non_secure_client_management.rst (renamed from docs/technical_references/tfm_non_secure_client_management.rst)0
-rw-r--r--docs/technical_references/design_docs/tfm_ns_client_identification.rst (renamed from docs/technical_references/tfm_ns_client_identification.rst)0
-rw-r--r--docs/technical_references/design_docs/tfm_partition_and_service_design_document.rst (renamed from docs/technical_references/tfm_partition_and_service_design_document.rst)0
-rw-r--r--docs/technical_references/design_docs/tfm_physical_attack_mitigation.rst (renamed from docs/technical_references/tfm_physical_attack_mitigation.rst)0
-rw-r--r--docs/technical_references/design_docs/tfm_psa_inter_process_communication.rst (renamed from docs/technical_references/tfm_psa_inter_process_communication.rst)0
-rw-r--r--docs/technical_references/design_docs/tfm_secure_boot.rst (renamed from docs/technical_references/tfm_secure_boot.rst)0
-rw-r--r--docs/technical_references/design_docs/tfm_secure_irq_handling.rst (renamed from docs/technical_references/tfm_secure_irq_handling.rst)0
-rw-r--r--docs/technical_references/design_docs/tfm_secure_partition_interrupt_handling.rst (renamed from docs/technical_references/tfm_secure_partition_interrupt_handling.rst)2
-rw-r--r--docs/technical_references/design_docs/tfm_secure_partition_runtime_library.rst (renamed from docs/technical_references/tfm_secure_partition_runtime_library.rst)0
-rw-r--r--docs/technical_references/design_docs/tfm_uniform_secure_service_signature.rst (renamed from docs/technical_references/tfm_uniform_secure_service_signature.rst)0
-rw-r--r--docs/technical_references/index.rst2
-rw-r--r--docs/technical_references/index.rst.in30
-rw-r--r--docs/technical_references/instructions/run_tfm_examples_on_arm_platforms.rst4
-rw-r--r--platform/ext/target/arm/musca_b1/secure_enclave/readme.rst2
57 files changed, 39 insertions, 58 deletions
diff --git a/docs/contributing/code_review_guide.rst b/docs/contributing/code_review_guide.rst
index e9ed9699f4..08d72a2832 100644
--- a/docs/contributing/code_review_guide.rst
+++ b/docs/contributing/code_review_guide.rst
@@ -15,7 +15,7 @@ The prerequisites before going to the review stage:
- Read the :doc:`Contributing Process </docs/contributing/contributing_process>`
to know basic concepts.
-- Read the :doc:`Source Structure </docs/technical_references/source_structure>`
+- Read the :doc:`Source Structure </docs/technical_references/design_docs/source_structure>`
for structure related reference.
The review guidelines consist of these items:
diff --git a/docs/integration_guide/os_migration_guide_armv8m.rst b/docs/integration_guide/os_migration_guide_armv8m.rst
index 1ca4e3df06..a3b5806160 100644
--- a/docs/integration_guide/os_migration_guide_armv8m.rst
+++ b/docs/integration_guide/os_migration_guide_armv8m.rst
@@ -24,7 +24,7 @@ List of requirements
then it also have to use the
``enum tfm_status_e tfm_register_client_id (int32_t ns_client_id)``
API function provided by TF-M, as described in
- :doc:`NS client identification documentation </docs/technical_references/tfm_ns_client_identification>`.
+ :doc:`NS client identification documentation </docs/technical_references/design_docs/tfm_ns_client_identification>`.
- if the OS doesn't support the API mentioned above, it should set
``TFM_NS_CLIENT_IDENTIFICATION`` to ``OFF`` in the cmake system.
- .. Note::
diff --git a/docs/integration_guide/services/tfm_ps_integration_guide.rst b/docs/integration_guide/services/tfm_ps_integration_guide.rst
index 2c6da7b490..50c83a47ab 100644
--- a/docs/integration_guide/services/tfm_ps_integration_guide.rst
+++ b/docs/integration_guide/services/tfm_ps_integration_guide.rst
@@ -293,7 +293,7 @@ TF-M core tracks the current client IDs running in the secure or non-secure
processing environment. It provides a dedicated API to retrieve the client ID
which performs the service request.
-:doc:`NS client identification documentation </docs/technical_references/tfm_ns_client_identification>`
+:doc:`NS client identification documentation </docs/technical_references/design_docs/tfm_ns_client_identification>`
provides further details on how client identification works.
PS service uses that TF-M core API to retrieve the client ID and associate it
diff --git a/docs/integration_guide/services/tfm_psa_proxy_integration_guide.rst b/docs/integration_guide/services/tfm_psa_proxy_integration_guide.rst
index 9b8ed3d4c5..4fb467f5a9 100644
--- a/docs/integration_guide/services/tfm_psa_proxy_integration_guide.rst
+++ b/docs/integration_guide/services/tfm_psa_proxy_integration_guide.rst
@@ -9,7 +9,7 @@ TF-M PSA Proxy partition is responsible for forwarding all the PSA RoT messages
to a Secure Enclave, this way virtually providing all the PSA RoT services.
Proxy can only be used in IPC model, for context and design details please
check the
-:doc:`Secure Enclave design document </docs/technical_references/secure_enclave_solution>`.
+:doc:`Secure Enclave design document </docs/technical_references/design_docs/secure_enclave_solution>`.
Currently to forward the PSA Client call parameters Proxy must read them with
``psa_read`` into a memory area shared with the Secure Enclave. (Similarily
diff --git a/docs/integration_guide/tfm_integration_guide.rst b/docs/integration_guide/tfm_integration_guide.rst
index a543fd0828..f0f2a1ef55 100644
--- a/docs/integration_guide/tfm_integration_guide.rst
+++ b/docs/integration_guide/tfm_integration_guide.rst
@@ -112,7 +112,7 @@ See ``interface/src/tfm_ns_interface.c.example`` for more details.
TF-M provides a reference implementation of NS mailbox on multi-core platforms,
under folder ``interface/src/multi_core``.
-See :doc:`Mailbox design </docs/technical_references/dual-cpu/mailbox_design_on_dual_core_system>`
+See :doc:`Mailbox design </docs/technical_references/design_docs/dual-cpu/mailbox_design_on_dual_core_system>`
for TF-M multi-core mailbox design.
Interface with non-secure world regression tests
@@ -135,7 +135,7 @@ implementation of these wrappers to be able to run the tests.
NS client Identification
========================
See
-:doc:`ns client identification documentation </docs/technical_references/tfm_ns_client_identification>`.
+:doc:`ns client identification documentation </docs/technical_references/design_docs/tfm_ns_client_identification>`.
*********************
Non-secure interrupts
diff --git a/docs/releases/1.3.0.rst b/docs/releases/1.3.0.rst
index 9e281cb05f..0f4984f911 100644
--- a/docs/releases/1.3.0.rst
+++ b/docs/releases/1.3.0.rst
@@ -160,11 +160,11 @@ Reference
.. [3] :doc:`TF-M generic threat model </docs/security/threat_models/generic_threat_model>`
- .. [4] :doc:`TF-M physical attack mitigation </docs/technical_references/tfm_physical_attack_mitigation>`
+ .. [4] :doc:`TF-M physical attack mitigation </docs/technical_references/design_docs/tfm_physical_attack_mitigation>`
- .. [5] :doc:`TF-M Profile Large design </docs/technical_references/profiles/tfm_profile_large>`
+ .. [5] :doc:`TF-M Profile Large design </docs/technical_references/design_docs/profiles/tfm_profile_large>`
- .. [6] :doc:`Code sharing between independently linked XIP binaries </docs/technical_references/code_sharing>`
+ .. [6] :doc:`Code sharing between independently linked XIP binaries </docs/technical_references/design_docs/code_sharing>`
.. [7] :doc:`Security Handling </docs/security/security>`
diff --git a/docs/security/threat_models/generic_threat_model.rst b/docs/security/threat_models/generic_threat_model.rst
index 63569512f8..94f510b52f 100644
--- a/docs/security/threat_models/generic_threat_model.rst
+++ b/docs/security/threat_models/generic_threat_model.rst
@@ -1107,7 +1107,7 @@ Reference
.. [FF-M] `ArmĀ® Platform Security Architecture Firmware Framework 1.0 <https://developer.arm.com/-/media/Files/pdf/PlatformSecurityArchitecture/Architect/DEN0063-PSA_Firmware_Framework-1.0.0-2.pdf?revision=2d1429fa-4b5b-461a-a60e-4ef3d8f7f4b4>`_
-.. [DUAL-CPU-BOOT] :doc:`Booting a dual core system </docs/technical_references/dual-cpu/booting_a_dual_core_system>`
+.. [DUAL-CPU-BOOT] :doc:`Booting a dual core system </docs/technical_references/design_docs/dual-cpu/booting_a_dual_core_system>`
.. [CVSS] `Common Vulnerability Scoring System Version 3.1 Calculator <https://www.first.org/cvss/calculator/3.1>`_
@@ -1115,9 +1115,9 @@ Reference
.. [STRIDE] `The STRIDE Threat Model <https://docs.microsoft.com/en-us/previous-versions/commerce-server/ee823878(v=cs.20)?redirectedfrom=MSDN>`_
-.. [SECURE-BOOT] :doc:`Secure boot </docs/technical_references/tfm_secure_boot>`
+.. [SECURE-BOOT] :doc:`Secure boot </docs/technical_references/design_docs/tfm_secure_boot>`
-.. [ROLLBACK-PROTECT] :doc:`Rollback protection in TF-M secure boot </docs/technical_references/secure_boot_rollback_protection>`
+.. [ROLLBACK-PROTECT] :doc:`Rollback protection in TF-M secure boot </docs/technical_references/design_docs/secure_boot_rollback_protection>`
.. [STACK-SEAL] `Armv8-M processor Secure software Stack Sealing vulnerability <https://developer.arm.com/support/arm-security-updates/armv8-m-stack-sealing>`_
diff --git a/docs/technical_references/code_sharing.rst b/docs/technical_references/design_docs/code_sharing.rst
index 322d7eddcb..322d7eddcb 100644
--- a/docs/technical_references/code_sharing.rst
+++ b/docs/technical_references/design_docs/code_sharing.rst
diff --git a/docs/technical_references/dual-cpu/booting_a_dual_core_system.rst b/docs/technical_references/design_docs/dual-cpu/booting_a_dual_core_system.rst
index 0a88ab3674..0a88ab3674 100644
--- a/docs/technical_references/dual-cpu/booting_a_dual_core_system.rst
+++ b/docs/technical_references/design_docs/dual-cpu/booting_a_dual_core_system.rst
diff --git a/docs/technical_references/dual-cpu/communication_prototype_between_nspe_and_spe_in_dual_core_systems.rst b/docs/technical_references/design_docs/dual-cpu/communication_prototype_between_nspe_and_spe_in_dual_core_systems.rst
index 1ab1413d3b..1ab1413d3b 100644
--- a/docs/technical_references/dual-cpu/communication_prototype_between_nspe_and_spe_in_dual_core_systems.rst
+++ b/docs/technical_references/design_docs/dual-cpu/communication_prototype_between_nspe_and_spe_in_dual_core_systems.rst
diff --git a/docs/technical_references/dual-cpu/dual_core_mailbox_arch.png b/docs/technical_references/design_docs/dual-cpu/dual_core_mailbox_arch.png
index 79f5654465..79f5654465 100644
--- a/docs/technical_references/dual-cpu/dual_core_mailbox_arch.png
+++ b/docs/technical_references/design_docs/dual-cpu/dual_core_mailbox_arch.png
Binary files differ
diff --git a/docs/technical_references/dual-cpu/index.rst b/docs/technical_references/design_docs/dual-cpu/index.rst
index f302748333..f302748333 100644
--- a/docs/technical_references/dual-cpu/index.rst
+++ b/docs/technical_references/design_docs/dual-cpu/index.rst
diff --git a/docs/technical_references/dual-cpu/mailbox_design_on_dual_core_system.rst b/docs/technical_references/design_docs/dual-cpu/mailbox_design_on_dual_core_system.rst
index 60ac467d0f..60ac467d0f 100644
--- a/docs/technical_references/dual-cpu/mailbox_design_on_dual_core_system.rst
+++ b/docs/technical_references/design_docs/dual-cpu/mailbox_design_on_dual_core_system.rst
diff --git a/docs/technical_references/dual-cpu/tfm_multi_core_access_check.rst b/docs/technical_references/design_docs/dual-cpu/tfm_multi_core_access_check.rst
index 9ea9afdfe2..9ea9afdfe2 100644
--- a/docs/technical_references/dual-cpu/tfm_multi_core_access_check.rst
+++ b/docs/technical_references/design_docs/dual-cpu/tfm_multi_core_access_check.rst
diff --git a/docs/technical_references/enum_implicit_casting.rst b/docs/technical_references/design_docs/enum_implicit_casting.rst
index 01c8ce73f0..01c8ce73f0 100644
--- a/docs/technical_references/enum_implicit_casting.rst
+++ b/docs/technical_references/design_docs/enum_implicit_casting.rst
diff --git a/docs/technical_references/ff_isolation.rst b/docs/technical_references/design_docs/ff_isolation.rst
index 41dd4fc0fb..41dd4fc0fb 100644
--- a/docs/technical_references/ff_isolation.rst
+++ b/docs/technical_references/design_docs/ff_isolation.rst
diff --git a/docs/technical_references/hardware_abstraction_layer.rst b/docs/technical_references/design_docs/hardware_abstraction_layer.rst
index 645426f617..b574a3d6ce 100644
--- a/docs/technical_references/hardware_abstraction_layer.rst
+++ b/docs/technical_references/design_docs/hardware_abstraction_layer.rst
@@ -61,7 +61,7 @@ Here lists a minimal set of necessary functionalities:
- There is a non-secure :term:`HAL` that focuses on the mailbox operation API
for Dual-core topology. For more information about it, please refer to
:doc:`Mailbox Design in TF-M on Dual-core System
- </docs/technical_references/dual-cpu/mailbox_design_on_dual_core_system>`.
+ </docs/technical_references/design_docs/dual-cpu/mailbox_design_on_dual_core_system>`.
- The minimal set of :term:`TF-M` :term:`HAL` is sufficient for Secure
Partitions by using customized peripheral interfaces. To provide easier
portability for the Secure Partitions, a Secure Partition :term:`HAL` is
diff --git a/docs/technical_references/design_docs/index.rst b/docs/technical_references/design_docs/index.rst
new file mode 100644
index 0000000000..3566e03dee
--- /dev/null
+++ b/docs/technical_references/design_docs/index.rst
@@ -0,0 +1,13 @@
+Design documents
+================
+
+.. toctree::
+ :maxdepth: 2
+ :glob:
+
+ */index
+ *
+
+--------------
+
+*Copyright (c) 2021, Arm Limited. All rights reserved.*
diff --git a/docs/technical_references/media/hal_structure.png b/docs/technical_references/design_docs/media/hal_structure.png
index 0f4c4c0018..0f4c4c0018 100644
--- a/docs/technical_references/media/hal_structure.png
+++ b/docs/technical_references/design_docs/media/hal_structure.png
Binary files differ
diff --git a/docs/technical_references/media/symmetric_initial_attest/attest_token_finish.png b/docs/technical_references/design_docs/media/symmetric_initial_attest/attest_token_finish.png
index 548e79d3d1..548e79d3d1 100644
--- a/docs/technical_references/media/symmetric_initial_attest/attest_token_finish.png
+++ b/docs/technical_references/design_docs/media/symmetric_initial_attest/attest_token_finish.png
Binary files differ
diff --git a/docs/technical_references/media/symmetric_initial_attest/attest_token_start.png b/docs/technical_references/design_docs/media/symmetric_initial_attest/attest_token_start.png
index ac39cf258e..ac39cf258e 100644
--- a/docs/technical_references/media/symmetric_initial_attest/attest_token_start.png
+++ b/docs/technical_references/design_docs/media/symmetric_initial_attest/attest_token_start.png
Binary files differ
diff --git a/docs/technical_references/media/symmetric_initial_attest/ia_service_flow.png b/docs/technical_references/design_docs/media/symmetric_initial_attest/ia_service_flow.png
index 288bc534fb..288bc534fb 100644
--- a/docs/technical_references/media/symmetric_initial_attest/ia_service_flow.png
+++ b/docs/technical_references/design_docs/media/symmetric_initial_attest/ia_service_flow.png
Binary files differ
diff --git a/docs/technical_references/media/symmetric_initial_attest/iat_decode.png b/docs/technical_references/design_docs/media/symmetric_initial_attest/iat_decode.png
index e35183bacc..e35183bacc 100644
--- a/docs/technical_references/media/symmetric_initial_attest/iat_decode.png
+++ b/docs/technical_references/design_docs/media/symmetric_initial_attest/iat_decode.png
Binary files differ
diff --git a/docs/technical_references/media/symmetric_initial_attest/overall_diagram.png b/docs/technical_references/design_docs/media/symmetric_initial_attest/overall_diagram.png
index 893c62eedf..893c62eedf 100644
--- a/docs/technical_references/media/symmetric_initial_attest/overall_diagram.png
+++ b/docs/technical_references/design_docs/media/symmetric_initial_attest/overall_diagram.png
Binary files differ
diff --git a/docs/technical_references/media/tfm_crypto_design.png b/docs/technical_references/design_docs/media/tfm_crypto_design.png
index 6e8d48b200..6e8d48b200 100644
--- a/docs/technical_references/media/tfm_crypto_design.png
+++ b/docs/technical_references/design_docs/media/tfm_crypto_design.png
Binary files differ
diff --git a/docs/technical_references/profiles/index.rst b/docs/technical_references/design_docs/profiles/index.rst
index e856cf8078..e856cf8078 100644
--- a/docs/technical_references/profiles/index.rst
+++ b/docs/technical_references/design_docs/profiles/index.rst
diff --git a/docs/technical_references/profiles/tfm_profile_large.rst b/docs/technical_references/design_docs/profiles/tfm_profile_large.rst
index 45e51f40a1..d59ae61f04 100644
--- a/docs/technical_references/profiles/tfm_profile_large.rst
+++ b/docs/technical_references/design_docs/profiles/tfm_profile_large.rst
@@ -436,9 +436,9 @@ instruction guide [9]_.
Reference
*********
-.. [1] :doc:`Trusted Firmware-M Profile Small Design </docs/technical_references/profiles/tfm_profile_small>`
+.. [1] :doc:`Trusted Firmware-M Profile Small Design </docs/technical_references/design_docs/profiles/tfm_profile_small>`
-.. [2] :doc:`Trusted Firmware-M Profile Medium Design </docs/technical_references/profiles/tfm_profile_medium>`
+.. [2] :doc:`Trusted Firmware-M Profile Medium Design </docs/technical_references/design_docs/profiles/tfm_profile_medium>`
.. [3] `PSA Certified Level 3 Lightweight Protection Profile <https://www.psacertified.org/app/uploads/2020/12/JSADEN009-PSA_Certified_Level_3_LW_PP-1.0-BET02.pdf>`_
@@ -446,9 +446,9 @@ Reference
.. [5] `The Transport Layer Security (TLS) Protocol Version 1.2 <https://tools.ietf.org/html/rfc5246>`_
-.. [6] :doc:`Physical attack mitigation in Trusted Firmware-M </docs/technical_references/tfm_physical_attack_mitigation>`
+.. [6] :doc:`Physical attack mitigation in Trusted Firmware-M </docs/technical_references/design_docs/tfm_physical_attack_mitigation>`
-.. [7] :doc:`Crypto design </docs/technical_references/tfm_crypto_design>`
+.. [7] :doc:`Crypto design </docs/technical_references/design_docs/tfm_crypto_design>`
.. [8] :doc:`ITS integration guide </docs/integration_guide/services/tfm_its_integration_guide>`
diff --git a/docs/technical_references/profiles/tfm_profile_medium.rst b/docs/technical_references/design_docs/profiles/tfm_profile_medium.rst
index 6b384c7414..5bc4d57a35 100644
--- a/docs/technical_references/profiles/tfm_profile_medium.rst
+++ b/docs/technical_references/design_docs/profiles/tfm_profile_medium.rst
@@ -470,7 +470,7 @@ Reference
.. [RFC7925] `Transport Layer Security (TLS) / Datagram Transport Layer Security (DTLS) Profiles for the Internet of Things <https://tools.ietf.org/html/rfc7925>`_
-.. [PROFILE-S] :doc:`Trusted Firmware-M Profile Small Design </docs/technical_references/profiles/tfm_profile_small>`
+.. [PROFILE-S] :doc:`Trusted Firmware-M Profile Small Design </docs/technical_references/design_docs/profiles/tfm_profile_small>`
.. [RFC7252] `The Constrained Application Protocol (CoAP) <https://tools.ietf.org/html/rfc7252>`_
@@ -478,7 +478,7 @@ Reference
.. [RFC7251] `AES-CCM Elliptic Curve Cryptography (ECC) Cipher Suites for TLS <https://tools.ietf.org/html/rfc7251>`_
-.. [CRYPTO-DESIGN] :doc:`Crypto design </docs/technical_references/tfm_crypto_design>`
+.. [CRYPTO-DESIGN] :doc:`Crypto design </docs/technical_references/design_docs/tfm_crypto_design>`
.. [ITS-INTEGRATE] :doc:`ITS integration guide </docs/integration_guide/services/tfm_its_integration_guide>`
diff --git a/docs/technical_references/profiles/tfm_profile_small.rst b/docs/technical_references/design_docs/profiles/tfm_profile_small.rst
index 17f6f496db..51d78f22ee 100644
--- a/docs/technical_references/profiles/tfm_profile_small.rst
+++ b/docs/technical_references/design_docs/profiles/tfm_profile_small.rst
@@ -636,9 +636,9 @@ Reference
.. [8] `PSA Attestation API 1.0 (ARM IHI 0085) <https://developer.arm.com/-/media/Files/pdf/PlatformSecurityArchitecture/Implement/IHI0085-PSA_Attestation_API-1.0.2.pdf?revision=eef78753-c77e-4b24-bcf0-65596213b4c1&la=en&hash=E5E0353D612077AFDCE3F2F3708A50C77A74B2A3>`_
-.. [9] :doc:`Secure boot </docs/technical_references/tfm_secure_boot>`
+.. [9] :doc:`Secure boot </docs/technical_references/design_docs/tfm_secure_boot>`
-.. [10] :doc:`Crypto design </docs/technical_references/tfm_crypto_design>`
+.. [10] :doc:`Crypto design </docs/technical_references/design_docs/tfm_crypto_design>`
.. [11] :doc:`TF-M build instruction </docs/technical_references/instructions/tfm_build_instruction>`
diff --git a/docs/technical_references/ps_key_management.rst b/docs/technical_references/design_docs/ps_key_management.rst
index 80a39be492..80a39be492 100644
--- a/docs/technical_references/ps_key_management.rst
+++ b/docs/technical_references/design_docs/ps_key_management.rst
diff --git a/docs/technical_references/secure_boot_hw_key_integration.rst b/docs/technical_references/design_docs/secure_boot_hw_key_integration.rst
index 186e4a649b..186e4a649b 100644
--- a/docs/technical_references/secure_boot_hw_key_integration.rst
+++ b/docs/technical_references/design_docs/secure_boot_hw_key_integration.rst
diff --git a/docs/technical_references/secure_boot_rollback_protection.rst b/docs/technical_references/design_docs/secure_boot_rollback_protection.rst
index 711fac321e..711fac321e 100644
--- a/docs/technical_references/secure_boot_rollback_protection.rst
+++ b/docs/technical_references/design_docs/secure_boot_rollback_protection.rst
diff --git a/docs/technical_references/secure_enclave_solution.rst b/docs/technical_references/design_docs/secure_enclave_solution.rst
index 1f4ecc6290..1f4ecc6290 100644
--- a/docs/technical_references/secure_enclave_solution.rst
+++ b/docs/technical_references/design_docs/secure_enclave_solution.rst
diff --git a/docs/technical_references/source_structure.rst b/docs/technical_references/design_docs/source_structure.rst
index b2de0dda20..b2de0dda20 100644
--- a/docs/technical_references/source_structure.rst
+++ b/docs/technical_references/design_docs/source_structure.rst
diff --git a/docs/technical_references/stateless_rot_service.rst b/docs/technical_references/design_docs/stateless_rot_service.rst
index 964c18cef0..964c18cef0 100644
--- a/docs/technical_references/stateless_rot_service.rst
+++ b/docs/technical_references/design_docs/stateless_rot_service.rst
diff --git a/docs/technical_references/symmetric_initial_attest.rst b/docs/technical_references/design_docs/symmetric_initial_attest.rst
index b53ab3c87d..c139d6433d 100644
--- a/docs/technical_references/symmetric_initial_attest.rst
+++ b/docs/technical_references/design_docs/symmetric_initial_attest.rst
@@ -588,7 +588,7 @@ Reference
.. [1] `PSA Attestation API 1.0 (ARM IHI 0085) <https://developer.arm.com/-/media/Files/pdf/PlatformSecurityArchitecture/Implement/IHI0085-PSA_Attestation_API-1.0.2.pdf?revision=eef78753-c77e-4b24-bcf0-65596213b4c1&la=en&hash=E5E0353D612077AFDCE3F2F3708A50C77A74B2A3>`_
-.. [2] :doc:`Trusted Firmware-M Profile Small Design </docs/technical_references/profiles/tfm_profile_small>`
+.. [2] :doc:`Trusted Firmware-M Profile Small Design </docs/technical_references/design_docs/profiles/tfm_profile_small>`
.. [3] :doc:`Initial Attestation Service Integration Guide </docs/integration_guide/services/tfm_attestation_integration_guide>`
diff --git a/docs/technical_references/tfm_code_generation_with_jinja2.rst b/docs/technical_references/design_docs/tfm_code_generation_with_jinja2.rst
index f16fc29fe7..f16fc29fe7 100644
--- a/docs/technical_references/tfm_code_generation_with_jinja2.rst
+++ b/docs/technical_references/design_docs/tfm_code_generation_with_jinja2.rst
diff --git a/docs/technical_references/tfm_cooperative_scheduling_rules.rst b/docs/technical_references/design_docs/tfm_cooperative_scheduling_rules.rst
index b1c4e768b3..b1c4e768b3 100644
--- a/docs/technical_references/tfm_cooperative_scheduling_rules.rst
+++ b/docs/technical_references/design_docs/tfm_cooperative_scheduling_rules.rst
diff --git a/docs/technical_references/tfm_crypto_design.rst b/docs/technical_references/design_docs/tfm_crypto_design.rst
index e2785a5dfa..e2785a5dfa 100644
--- a/docs/technical_references/tfm_crypto_design.rst
+++ b/docs/technical_references/design_docs/tfm_crypto_design.rst
diff --git a/docs/technical_references/tfm_fwu_service.rst b/docs/technical_references/design_docs/tfm_fwu_service.rst
index 46c98f32fa..46c98f32fa 100644
--- a/docs/technical_references/tfm_fwu_service.rst
+++ b/docs/technical_references/design_docs/tfm_fwu_service.rst
diff --git a/docs/technical_references/tfm_its_512_flash.rst b/docs/technical_references/design_docs/tfm_its_512_flash.rst
index 00f60f8acf..00f60f8acf 100644
--- a/docs/technical_references/tfm_its_512_flash.rst
+++ b/docs/technical_references/design_docs/tfm_its_512_flash.rst
diff --git a/docs/technical_references/tfm_its_service.rst b/docs/technical_references/design_docs/tfm_its_service.rst
index a9c71b7ac6..a9c71b7ac6 100644
--- a/docs/technical_references/tfm_its_service.rst
+++ b/docs/technical_references/design_docs/tfm_its_service.rst
diff --git a/docs/technical_references/tfm_log_system_design_document.rst b/docs/technical_references/design_docs/tfm_log_system_design_document.rst
index 269bcfc69d..269bcfc69d 100644
--- a/docs/technical_references/tfm_log_system_design_document.rst
+++ b/docs/technical_references/design_docs/tfm_log_system_design_document.rst
diff --git a/docs/technical_references/tfm_non_secure_client_management.rst b/docs/technical_references/design_docs/tfm_non_secure_client_management.rst
index 133ae92e40..133ae92e40 100644
--- a/docs/technical_references/tfm_non_secure_client_management.rst
+++ b/docs/technical_references/design_docs/tfm_non_secure_client_management.rst
diff --git a/docs/technical_references/tfm_ns_client_identification.rst b/docs/technical_references/design_docs/tfm_ns_client_identification.rst
index 4ef8e90d0a..4ef8e90d0a 100644
--- a/docs/technical_references/tfm_ns_client_identification.rst
+++ b/docs/technical_references/design_docs/tfm_ns_client_identification.rst
diff --git a/docs/technical_references/tfm_partition_and_service_design_document.rst b/docs/technical_references/design_docs/tfm_partition_and_service_design_document.rst
index 223e212cf4..223e212cf4 100644
--- a/docs/technical_references/tfm_partition_and_service_design_document.rst
+++ b/docs/technical_references/design_docs/tfm_partition_and_service_design_document.rst
diff --git a/docs/technical_references/tfm_physical_attack_mitigation.rst b/docs/technical_references/design_docs/tfm_physical_attack_mitigation.rst
index ee0734eb85..ee0734eb85 100644
--- a/docs/technical_references/tfm_physical_attack_mitigation.rst
+++ b/docs/technical_references/design_docs/tfm_physical_attack_mitigation.rst
diff --git a/docs/technical_references/tfm_psa_inter_process_communication.rst b/docs/technical_references/design_docs/tfm_psa_inter_process_communication.rst
index 19691711bc..19691711bc 100644
--- a/docs/technical_references/tfm_psa_inter_process_communication.rst
+++ b/docs/technical_references/design_docs/tfm_psa_inter_process_communication.rst
diff --git a/docs/technical_references/tfm_secure_boot.rst b/docs/technical_references/design_docs/tfm_secure_boot.rst
index 61bdcb55f4..61bdcb55f4 100644
--- a/docs/technical_references/tfm_secure_boot.rst
+++ b/docs/technical_references/design_docs/tfm_secure_boot.rst
diff --git a/docs/technical_references/tfm_secure_irq_handling.rst b/docs/technical_references/design_docs/tfm_secure_irq_handling.rst
index b9baae912a..b9baae912a 100644
--- a/docs/technical_references/tfm_secure_irq_handling.rst
+++ b/docs/technical_references/design_docs/tfm_secure_irq_handling.rst
diff --git a/docs/technical_references/tfm_secure_partition_interrupt_handling.rst b/docs/technical_references/design_docs/tfm_secure_partition_interrupt_handling.rst
index 79dea0c012..f58fb96492 100644
--- a/docs/technical_references/tfm_secure_partition_interrupt_handling.rst
+++ b/docs/technical_references/design_docs/tfm_secure_partition_interrupt_handling.rst
@@ -40,7 +40,7 @@ manifest file IRQ declaration example
]}
See
-:doc:`secure IRQ handling </docs/technical_references/tfm_secure_irq_handling>`
+:doc:`secure IRQ handling </docs/technical_references/design_docs/tfm_secure_irq_handling>`
for further information on IRQ source and signal.
Partition ISR function
diff --git a/docs/technical_references/tfm_secure_partition_runtime_library.rst b/docs/technical_references/design_docs/tfm_secure_partition_runtime_library.rst
index 97e8444174..97e8444174 100644
--- a/docs/technical_references/tfm_secure_partition_runtime_library.rst
+++ b/docs/technical_references/design_docs/tfm_secure_partition_runtime_library.rst
diff --git a/docs/technical_references/tfm_uniform_secure_service_signature.rst b/docs/technical_references/design_docs/tfm_uniform_secure_service_signature.rst
index 70c6c6031a..70c6c6031a 100644
--- a/docs/technical_references/tfm_uniform_secure_service_signature.rst
+++ b/docs/technical_references/design_docs/tfm_uniform_secure_service_signature.rst
diff --git a/docs/technical_references/index.rst b/docs/technical_references/index.rst
index b98df2338a..eabc0e1d91 100644
--- a/docs/technical_references/index.rst
+++ b/docs/technical_references/index.rst
@@ -5,11 +5,9 @@ Technical References
:maxdepth: 2
:titlesonly:
:glob:
- :numbered:
*/index
/tools/index
- *
--------------
diff --git a/docs/technical_references/index.rst.in b/docs/technical_references/index.rst.in
deleted file mode 100644
index b5cf149af8..0000000000
--- a/docs/technical_references/index.rst.in
+++ /dev/null
@@ -1,30 +0,0 @@
-Design Documents
-================
-
-.. toctree::
- :maxdepth: 1
- :caption: Accepted design documents
- :glob:
- :numbered:
-
- @ACCEPTED_DD_LIST@
-
-.. toctree::
- :maxdepth: 1
- :caption: Draft design documents
- :glob:
- :numbered:
-
- @DRAFT_DD_LIST@
-
-.. toctree::
- :maxdepth: 1
- :caption: Rejected design documents
- :glob:
- :numbered:
-
- @REJECTED_DD_LIST@
-
---------------
-
-*Copyright (c) 2019, Arm Limited. All rights reserved.*
diff --git a/docs/technical_references/instructions/run_tfm_examples_on_arm_platforms.rst b/docs/technical_references/instructions/run_tfm_examples_on_arm_platforms.rst
index 965d3e9ead..256147f911 100644
--- a/docs/technical_references/instructions/run_tfm_examples_on_arm_platforms.rst
+++ b/docs/technical_references/instructions/run_tfm_examples_on_arm_platforms.rst
@@ -4,7 +4,7 @@ Run TF-M examples on Arm platforms
Instructions for how to run TF-M and example test application on Arm platforms.
Follow :doc:`build instruction <tfm_build_instruction>` to build the binaries.
-Follow :doc:`secure boot </docs/technical_references/tfm_secure_boot>` to build the
+Follow :doc:`secure boot </docs/technical_references/design_docs/tfm_secure_boot>` to build the
binaries with or without BL2 bootloader.
****************************************************************
@@ -562,7 +562,7 @@ port (baud 115200 8n1) the following messages::
Firmware upgrade and image validation with BL2 bootloader
=========================================================
High level operation of BL2 bootloader and instructions for testing firmware
-upgrade is described in :doc:`secure boot </docs/technical_references/tfm_secure_boot>`.
+upgrade is described in :doc:`secure boot </docs/technical_references/design_docs/tfm_secure_boot>`.
--------------
diff --git a/platform/ext/target/arm/musca_b1/secure_enclave/readme.rst b/platform/ext/target/arm/musca_b1/secure_enclave/readme.rst
index c878a0d6c8..37f45e4700 100644
--- a/platform/ext/target/arm/musca_b1/secure_enclave/readme.rst
+++ b/platform/ext/target/arm/musca_b1/secure_enclave/readme.rst
@@ -17,7 +17,7 @@ SSE-200 subsystem used. But if the ``FORWARD_PROT_MSG`` cmake flag is turned
on, the TF-M instance running on SSE-200 will communicate with the SE.
For more information you can check the
-:doc:`Secure Enclave design document </docs/technical_references/secure_enclave_solution>`.
+:doc:`Secure Enclave design document </docs/technical_references/design_docs/secure_enclave_solution>`.
***********
System boot