Docs: Error Fix
Fixed Sphinx errors and expired links, used Intersphinx where possible.
Change-Id: I0d57fc49fdc5c3704d26a88a8c978f7cb72e2374
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
diff --git a/docs/examples/corstone310_fvp_dma/clcd_example.rst b/docs/examples/corstone310_fvp_dma/clcd_example.rst
index 30b9bd5..ac8dc3e 100644
--- a/docs/examples/corstone310_fvp_dma/clcd_example.rst
+++ b/docs/examples/corstone310_fvp_dma/clcd_example.rst
@@ -8,7 +8,7 @@
a simple 2D example.
For detailed description of how privilege separation can be achieved with
-DMA-350, checkout :doc:`DMA-350 privilege separation </partitions/dma350_unpriv_partition/dma350_privilege_separation>`
+DMA-350, checkout :doc:`DMA-350 privilege separation <../../partitions/dma350_unpriv_partition/dma350_privilege_separation>`
***********
Build steps
diff --git a/docs/examples/example_partition.rst b/docs/examples/example_partition.rst
index ac3f4c3..b423b87 100644
--- a/docs/examples/example_partition.rst
+++ b/docs/examples/example_partition.rst
@@ -11,9 +11,11 @@
and `Firmware Framework for M 1.1 Extensions`_
for details of the attributes of Secure Partitions.
-Please refer to `Adding Secure Partition`_
+Please refer to :doc:`Adding Secure Partition <TF-M:integration_guide/services/tfm_secure_partition_addition>`
for more details of adding a new Secure Partition to TF-M.
+.. file-structure:
+
**************
File structure
**************
@@ -92,7 +94,7 @@
somewhere.
If you want to add comprehensive tests using the TF-M test framework, please
-refer to `Adding TF-M Regression Test Suite`_.
+refer to :doc:`Adding TF-M Regression Test Suite <TF-M-Tests:tfm_test_suites_addition>`.
Testing in NSPE
===============
@@ -122,19 +124,14 @@
| `PSA Firmware Framework 1.0`_
| `Firmware Framework for M 1.1 Extensions`_
-| `Adding Secure Partition`_
| `TF-M Manifest List`_
| `Out-of-tree Secure Partition build`_
-| `Adding TF-M Regression Test Suite`_
.. _PSA Firmware Framework 1.0:
- https://developer.arm.com/-/media/Files/pdf/PlatformSecurityArchitecture/Architect/DEN0063-PSA_Firmware_Framework-1.0.0-2.pdf?revision=2d1429fa-4b5b-461a-a60e-4ef3d8f7f4b4
+ https://developer.arm.com/documentation/den0063/latest/
.. _Firmware Framework for M 1.1 Extensions:
- https://documentation-service.arm.com/static/600067c09b9c2d1bb22cd1c5?token=
-
-.. _Adding Secure Partition:
- https://trustedfirmware-m.readthedocs.io/en/latest/integration_guide/services/tfm_secure_partition_addition.html
+ https://developer.arm.com/documentation/aes0039/latest/
.. _TF-M Manifest List:
https://trustedfirmware-m.readthedocs.io/en/latest/integration_guide/services/tfm_manifest_tool_user_guide.html#manifest-list
@@ -142,9 +139,6 @@
.. _Out-of-tree Secure Partition build:
https://trustedfirmware-m.readthedocs.io/en/latest/integration_guide/services/tfm_secure_partition_addition.html#out-of-tree-secure-partition-build
-.. _Adding TF-M Regression Test Suite:
- https://git.trustedfirmware.org/TF-M/tf-m-tests.git/tree/docs/tfm_test_suites_addition.rst
-
--------------
*Copyright (c) 2020-2022, Arm Limited. All rights reserved.*
diff --git a/docs/examples/examples.rst b/docs/examples/examples.rst
index 2df2ee1..c494b10 100644
--- a/docs/examples/examples.rst
+++ b/docs/examples/examples.rst
@@ -1,62 +1,46 @@
The list and simple introduction of the examples in this folder.
-###################
+*******************
corstone310_fvp_dma
-###################
+*******************
-***********
-Description
-***********
* DMA-350 Secure tests
* Non-secure DMA-350 examples for the Corstone-310 FVP platform
-***********
-Maintainers
-***********
+**Maintainers**
+
- Bence Balogh `<bence.balogh@arm.com> <bence.balogh@arm.com>`_
- Mark Horvath `<mark.horvath@arm.com> <mark.horvath@arm.com>`_
-#########################
+*************************
extra_test_suites_example
-#########################
+*************************
-***********
-Description
-***********
An example and template of out-of-tree build of extra regression test suites.
-***********
-Maintainers
-***********
+**Maintainers**
+
Jianliang Shen `<jianliang.shen@arm.com> <jianliang.shen@arm.com>`_
-#################
+*****************
example_partition
-#################
+*****************
-***********
-Description
-***********
A simple secure partition implementation.
-***********
-Maintainers
-***********
+**Maintainers**
+
Jianliang Shen `<jianliang.shen@arm.com> <jianliang.shen@arm.com>`_
-#########
+*********
vad_an552
-#########
+*********
-***********
-Description
-***********
Example application for the AN552 FPGA image, details can be found
`here </examples/vad_an552/readme.rst>`.
-***********
-Maintainers
-***********
+**Maintainers**
+
- Gabor Toth `<gabor.toth@arm.com> <gabor.toth@arm.com>`_
- Mark Horvath `<mark.horvath@arm.com> <mark.horvath@arm.com>`_
diff --git a/docs/examples/vad_an552/threat_model.rst b/docs/examples/vad_an552/threat_model.rst
index 50e1a18..55b37ed 100644
--- a/docs/examples/vad_an552/threat_model.rst
+++ b/docs/examples/vad_an552/threat_model.rst
@@ -52,7 +52,7 @@
Target of Evaluation
********************
-A typical TF-M system diagram can be seen on `Generic Threat Model <Generic-Threat-Model_>`_.
+A typical TF-M system diagram can be seen on :doc:`Generic Threat Model <TF-M:security/threat_models/generic_threat_model>`.
TF-M is running in the Secure Processing Environment (SPE) and NS software is
running in Non-secure Processing Environment (NSPE).
@@ -81,7 +81,7 @@
Data Flow Diagram
*****************
-The list and details of data flows are described in the `Generic Threat Model <Generic-Threat-Model_>`_.
+The list and details of data flows are described in the :doc:`Generic Threat Model <TF-M:security/threat_models/generic_threat_model>`.
In addition to the data flows above, this use-case introduces a new data flow
from a peripheral to the SPE. Although the peripheral resides within the SPE,
the data from it is external so must be considered as data crossing a trust
@@ -90,8 +90,8 @@
.. note::
All the other data flows across the Trusted Boundary besides the valid ones
- mentioned in the `Generic Threat Model <Generic-Threat-Model_>`_ and above
- should be prohibited by default. Proper isolation must be configured to
+ mentioned in the :doc:`Generic Threat Model <TF-M:security/threat_models/generic_threat_model>`
+ and above should be prohibited by default. Proper isolation must be configured to
prevent NSPE directly accessing SPE.
Although the data flows are covered in general in the TF-M Generic Threat
@@ -142,7 +142,7 @@
This threat model document focuses on threats specific to the VAD partition.
Similar threats might exist in the generic threat model with different
consequense or severity. For the details of generic threats in general usage
- scenario, please refer to the `Generic Threat Model <Generic-Threat-Model_>`_ document.
+ scenario, please refer to the :doc:`Generic Threat Model <TF-M:security/threat_models/generic_threat_model>` document.
NSPE requests TF-M secure service
---------------------------------
@@ -310,17 +310,9 @@
| v1.0 | First version | TF-M v1.6.0 |
+---------+--------------------------------------------------+---------------+
-*********
-Reference
-*********
-
-.. [Security-Incident-Process] `Security Incident Process <https://developer.trustedfirmware.org/w/collaboration/security_center/reporting/>`_
-
-.. [Generic-Threat-Model] `Generic Threat Model <https://tf-m-user-guide.trustedfirmware.org/docs/security/threat_models/generic_threat_model.html>`_
-
-.. [FF-M] `Arm® Platform Security Architecture Firmware Framework 1.0 <https://developer.arm.com/-/media/Files/pdf/PlatformSecurityArchitecture/Architect/DEN0063-PSA_Firmware_Framework-1.0.0-2.pdf?revision=2d1429fa-4b5b-461a-a60e-4ef3d8f7f4b4>`_
-
-.. [DUAL-CPU-BOOT] `Booting a dual core system <https://tf-m-user-guide.trustedfirmware.org/docs/technical_references/design_docs/dual-cpu/booting_a_dual_core_system.html>`_
+**********
+References
+**********
.. [CVSS] `Common Vulnerability Scoring System Version 3.1 Calculator <https://www.first.org/cvss/calculator/3.1>`_
@@ -328,16 +320,6 @@
.. [STRIDE] `The STRIDE Threat Model <https://docs.microsoft.com/en-us/previous-versions/commerce-server/ee823878(v=cs.20)?redirectedfrom=MSDN>`_
-.. [SECURE-BOOT] `Secure boot <https://tf-m-user-guide.trustedfirmware.org/docs/technical_references/design_docs/tfm_secure_boot.html>`_
-
-.. [ROLLBACK-PROTECT] `Rollback protection in TF-M secure boot <https://tf-m-user-guide.trustedfirmware.org/docs/technical_references/design_docs/secure_boot_rollback_protection.html>`_
-
-.. [STACK-SEAL] `Armv8-M processor Secure software Stack Sealing vulnerability <https://developer.arm.com/support/arm-security-updates/armv8-m-stack-sealing>`_
-
-.. [ADVISORY-TFMV-1] `Advisory TFMV-1 <https://tf-m-user-guide.trustedfirmware.org/docs/security/security_advisories/stack_seal_vulnerability.html>`_
-
-.. [ADVISORY-TFMV-2] `Advisory TFMV-2 <https://tf-m-user-guide.trustedfirmware.org/docs/security/security_advisories/svc_caller_sp_fetching_vulnerability.html>`_
-
--------------------
*Copyright (c) 2020-2022 Arm Limited. All Rights Reserved.*
diff --git a/docs/examples/vad_an552/vad_an552.rst b/docs/examples/vad_an552/vad_an552.rst
index b1071bc..ee23426 100644
--- a/docs/examples/vad_an552/vad_an552.rst
+++ b/docs/examples/vad_an552/vad_an552.rst
@@ -183,14 +183,14 @@
times with release GCC build.
You can check TF-M's build instructions
-`here <https://trustedfirmware-m.readthedocs.io/en/latest/building/tfm_build_instruction.html>`__.
+:doc:`here <TF-M:building/tfm_build_instruction>`.
-----------------------
Running the application
-----------------------
It is covered by the generic TF-M run instructions for AN552
-`here <https://trustedfirmware-m.readthedocs.io/en/latest/platform/arm/mps3/corstone300/README.html?highlight=an552#build-instructions-with-platform-name-arm-mps3-corstone300-an547>`__.
+`here <https://trustedfirmware-m.readthedocs.io/en/latest/platform/arm/mps3/corstone300/README.html?highlight=an552#build-instructions-with-platform-name-arm-mps3-corstone300-an547>`_.
---------------------------
Testing the voice algorithm
diff --git a/docs/index.rst b/docs/index.rst
index 3e74f3a..b3534ef 100644
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -2,8 +2,6 @@
Trusted Firmware-M Extras
################################
-.. raw:: html
-
The Trusted Firmware-M (TF-M) Extras repository is the extension of the TF-M
main repository to host the examples, demonstrations, third-party modules,
third-party secure partitions, etc.
@@ -12,7 +10,7 @@
License
*******
-The default license of new source code in this repository is :doc:`BSD 3-clause <license>`.
+The default license of new source code in this repository is `BSD 3-clause <https://git.trustedfirmware.org/TF-M/tf-m-extras.git/tree/license.rst>`_.
Some source files are contributed by the third-parties or derived from the
external projects. A license file should be included in the root folder of these
@@ -30,7 +28,7 @@
Contribute to this repository
*****************************
-Refer to `contributing process <https://trustedfirmware-m.readthedocs.io/en/latest/contributing/contributing_process.html>`_
+Refer to :doc:`contributing process <TF-M:contributing/contributing_process>`
for the TF-M general contribution guideline.
Please contact `TF-M development mailing list <https://lists.trustedfirmware.org/mailman3/lists/tf-m.lists.trustedfirmware.org>`_
@@ -50,8 +48,8 @@
mitigate known security vulnerabilities.
- List the example and secure partition in
- :doc:`example readme <examples/examples_readme>` and
- :doc:`secure partition readme <partitions/partitions_readme>` respectively.
+ :doc:`example readme <examples/examples>` and
+ :doc:`secure partition readme <partitions/partitions>` respectively.
- Each example/secure partition shall specify the following information
diff --git a/docs/partitions/dma350_unpriv_partition/dma350_privillege_separation.rst b/docs/partitions/dma350_unpriv_partition/dma350_privilege_separation.rst
similarity index 100%
rename from docs/partitions/dma350_unpriv_partition/dma350_privillege_separation.rst
rename to docs/partitions/dma350_unpriv_partition/dma350_privilege_separation.rst
diff --git a/docs/partitions/dma350_unpriv_partition/dma350_unpriv_partition.rst b/docs/partitions/dma350_unpriv_partition/dma350_unpriv_partition.rst
index 84c2f9d..641b524 100644
--- a/docs/partitions/dma350_unpriv_partition/dma350_unpriv_partition.rst
+++ b/docs/partitions/dma350_unpriv_partition/dma350_unpriv_partition.rst
@@ -9,7 +9,7 @@
as some negative tests for invalid channel access, not allocated channel
access, and accesses for privileged memory.
For detailed description of how privilege separation can be achieved with
-DMA-350, checkout :doc:`DMA-350 privilege separation <dma350_privilege_separation.rst>`
+DMA-350, checkout :doc:`DMA-350 privilege separation <dma350_privilege_separation>`
The partition requires a DMA350 peripheral in the platform with Channel 0 configured as
secure, like for example mps3/corstone310/fvp.
diff --git a/docs/partitions/external_trusted_secure_storage/external_trusted_secure_storage.rst b/docs/partitions/external_trusted_secure_storage/external_trusted_secure_storage.rst
index 716604d..69452b6 100644
--- a/docs/partitions/external_trusted_secure_storage/external_trusted_secure_storage.rst
+++ b/docs/partitions/external_trusted_secure_storage/external_trusted_secure_storage.rst
@@ -146,21 +146,19 @@
four parts: secure Flash API layer, secure Flash common layer, vendor specific
layer and crypto service interface.
-- Secure Flash API layer: This layer mainly manages application's access
-permission based on application identification and pre-provisioned information.
-The implementation of this layer varies accross software platforms and OSes.
-Here integrated with TF-M, this layer manages access permissions based on client
-id, and derives parameters passed to secure Flash common layer.
+- Secure Flash API layer: This layer mainly manages application's access permission based on
+ application identification and pre-provisioned information. The implementation of this layer
+ varies accross software platforms and OSes. Here integrated with TF-M, this layer manages access
+ permissions based on client id, and derives parameters passed to secure Flash common layer.
-- Secure Flash common layer: This layer abstracts secure Flash operations, and
-calls binding vendor specific operations.
+- Secure Flash common layer: This layer abstracts secure Flash operations, and calls binding vendor
+ specific operations.
-- Vendor specific layer: The specific implementation of different secure Flash
-vendors and JEDEC recommended implementation, it depends on upper layer's choice
-to bind with JEDEC recommended implementation or vendor specific implementation.
-This layer calls tf-m crypto services via crypto service interface to perform
-cryptographic operations, then assemble packets sent to external secure Flash
-and parse packets received from external secure Flash.
+- Vendor specific layer: The specific implementation of different secure Flash vendors and JEDEC
+ recommended implementation, it depends on upper layer's choice to bind with JEDEC recommended
+ implementation or vendor specific implementation. This layer calls tf-m crypto services via
+ crypto service interface to perform cryptographic operations, then assemble packets sent to
+ external secure Flash and parse packets received from external secure Flash.
If vendors tend to contribute projects with hiding some critical source codes,
then these critical parts can be released as library files. These library files
@@ -215,8 +213,8 @@
.. note::
-The ``suites/etss/`` provides ETSS service test suites, this folder can be
-integrated with ``tf-m-tests/test/suites`` for testing.
+ The ``suites/etss/`` provides ETSS service test suites, this folder can be
+ integrated with ``tf-m-tests/test/suites`` for testing.
***********************
@@ -233,13 +231,13 @@
``suites/etss`` folder under ``tf-m-test/test/suites``, add following command to
``tf-m-test/test/suites/CMakeLists.txt``.
-.. code-block:: cmake
+.. code-block:: console
add_subdirectory(suites/etss)
and add the following command to ``tf-m-test/app/CMakeLists.txt``
-.. code-block:: cmake
+.. code-block:: console
$<$<BOOL:${TFM_PARTITION_EXTERNAL_TRUSTED_SECURE_STORAGE}>:${INTERFACE_SRC_DIR}/etss/etss_ipc_api.c>
diff --git a/docs/partitions/partitions.rst b/docs/partitions/partitions.rst
index 1bd240d..203c002 100644
--- a/docs/partitions/partitions.rst
+++ b/docs/partitions/partitions.rst
@@ -1,89 +1,68 @@
The list and simple introduction of 3rd-party Secure Partitions in this folder.
-######################
+**********************
dma350_upriv_partition
-######################
+**********************
-***********
-Description
-***********
DMA-350 Example unprivileged partition
-***********
-Maintainers
-***********
+**Maintainers**
+
- Bence Balogh `<bence.balogh@arm.com> <bence.balogh@arm.com>`_
- Mark Horvath `<mark.horvath@arm.com> <mark.horvath@arm.com>`_
-#############
+*************
measured_boot
-#############
+*************
-***********
-Description
-***********
Measured boot partition for extending and retrieving software component
measurements for RSS platform.
-***********
-Maintainers
-***********
+**Maintainers**
+
- Maulik Patel `<Maulik.Patel@arm.com>`_
- David Vincze `<David.Vincze@arm.com>`_
-###############################
+*******************************
external_trusted_secure_storage
-###############################
+*******************************
-***********
-Description
-***********
ETSS partition for providing external trusted secure storage services
to protect assets stored in external secure Flash from a variety of
security attacks.
-***********
-Maintainers
-***********
+**Maintainers**
+
- Poppy Wu `<poppywu@mxic.com.cn>`_
-************
-TF-M version
-************
+**TF-M version**
+
TF-M V1.4.0
-#####################
+*********************
delegated_attestation
-#####################
+*********************
-***********
-Description
-***********
The aim of the partition is to support platforms/systems using a delegated
attestation model by providing services for delegated key generation and
platform attestation token creation.
-***********
-Maintainers
-***********
+**Maintainers**
+
- David Vincze `<David.Vincze@arm.com>`_
-############
+************
vad_an552_sp
-############
+************
-***********
-Description
-***********
Secure partition for the AN552 FPGA image. It implements voice activity
detection on the microphone input of the MPS3 board, and if voice detected
(which can be any noise) a short sample (~100 ms) is recorded. Then it can be
calculated that which frequency component has the highest energy in the
recorded sample.
-***********
-Maintainers
-***********
+**Maintainers**
+
- Gabor Toth `<gabor.toth@arm.com> <gabor.toth@arm.com>`_
- Mark Horvath `<mark.horvath@arm.com> <mark.horvath@arm.com>`_