Docs: Remove Library Model documentation
Library Model is deprecated, so remove the related description and
documentations.
Signed-off-by: Summer Qin <summer.qin@arm.com>
Change-Id: I3c9d1bba97c011183bea17bfd5ea7d9ec834802b
diff --git a/docs/building/tfm_build_instruction.rst b/docs/building/tfm_build_instruction.rst
index c20ce3f..ca8fa05 100644
--- a/docs/building/tfm_build_instruction.rst
+++ b/docs/building/tfm_build_instruction.rst
@@ -130,9 +130,6 @@
+---------------------+----------------------------------------+---------------+
| NS | Build NS app. Required for test code. | ON |
+---------------------+----------------------------------------+---------------+
-| TFM_LIB_MODEL | Use secure library model instead of | OFF |
-| | PSA api (IPC model). | |
-+---------------------+----------------------------------------+---------------+
| TFM_ISOLATION_LEVEL | Set TFM isolation level. | 1 |
+---------------------+----------------------------------------+---------------+
| TFM_PROFILE | Set TFM profile. | |
@@ -163,8 +160,6 @@
+---------------------+--------------------------------------------------------------------+
| TEST_NS_QCBOR | Build non-secure regression QCBOR tests. |
+---------------------+--------------------------------------------------------------------+
-| TEST_NS_CORE | Build non-secure regression Core tests. |
-+---------------------+--------------------------------------------------------------------+
| TEST_NS_CRYPTO | Build non-secure regression Crypto tests. |
+---------------------+--------------------------------------------------------------------+
| TEST_NS_ITS | Build non-secure regression ITS tests. |
diff --git a/docs/integration_guide/platform/porting_TFM_to_a_new_hardware.rst b/docs/integration_guide/platform/porting_TFM_to_a_new_hardware.rst
index 2f4b68b..1dc5ebb 100644
--- a/docs/integration_guide/platform/porting_TFM_to_a_new_hardware.rst
+++ b/docs/integration_guide/platform/porting_TFM_to_a_new_hardware.rst
@@ -396,10 +396,6 @@
+----------------------------------+-----------------------------------------------------------------------+-----------------------------------+
|TOTAL_CODE_SRAM_SIZE | Size of the S code | if no XIP on flash |
+----------------------------------+-----------------------------------------------------------------------+-----------------------------------+
- |CMSE_VENEER_REGION_START | Start of the veneer Code | if library mode and not multicore |
- +----------------------------------+-----------------------------------------------------------------------+-----------------------------------+
- |CMSE_VENEER_REGION_SIZE | Size of the veneer Code | if library mode and not multicore |
- +----------------------------------+-----------------------------------------------------------------------+-----------------------------------+
CMSIS_Driver/Config/cmsis_driver_config.h:
------------------------------------------
@@ -446,14 +442,6 @@
Refer to the CMSIS `USART <https://www.keil.com/pack/doc/CMSIS/Driver/html/group__usart__interface__gr.html>`_
documentation.
-spm_hal.c:
-----------
-
- (location as defined in CMakeLists.txt)
-
- This file should contain all the functions required by the SPM component.
- Refer to Functions_ for each of them
-
target_cfg.[ch]:
----------------
@@ -544,33 +532,6 @@
enum tfm_platform_err_t tfm_platform_hal_ioctl(tfm_platform_ioctl_req_t request, psa_invec *in_vec, psa_outvec *out_vec);
-tfm_spm_hal_configure_default_isolation:
-----------------------------------------
-
- This function is called by SPM to setup the isolation level, it's called
- during the partition initialisation but before calling the init of each
- partition.
-
-.. code-block:: c
-
- enum tfm_plat_err_t tfm_spm_hal_configure_default_isolation(bool privileged, const struct platform_data_t *platform_data);
-
-.. Note::
-
- When Fault Injection Hardening (FIH) is enabled this function will return
- fih_int.
-
-tfm_spm_hal_set_secure_irq_priority:
-------------------------------------
-
- This function sets the priority for the IRQ passed in the parameter.
- The precision of the priority value might be adjusted to match the
- available priority bits in the underlying target platform.
-
-.. code-block:: c
-
- enum tfm_plat_err_t tfm_spm_hal_set_secure_irq_priority(IRQn_Type irq_line, uint32_t priority);
-
tfm_spm_hal_get_mem_security_attr:
----------------------------------
@@ -628,15 +589,6 @@
void tfm_hal_irq_disable(uint32_t irq_num);
-tfm_spm_hal_set_irq_target_state:
----------------------------------
-
- This function sets the target_state for the IRQ.
-
-.. code-block:: c
-
- enum irq_target_state_t tfm_spm_hal_set_irq_target_state(IRQn_Type irq_line, enum irq_target_state_t target_state);
-
Annex
=====
@@ -735,7 +687,6 @@
)
target_sources(tfm_spm
PRIVATE
- spm_hal.c
target_cfg.c
tfm_hal_isolation.c
tfm_hal_platform.c
diff --git a/docs/integration_guide/services/tfm_attestation_integration_guide.rst b/docs/integration_guide/services/tfm_attestation_integration_guide.rst
index 2be9cf5..f48cec9 100644
--- a/docs/integration_guide/services/tfm_attestation_integration_guide.rst
+++ b/docs/integration_guide/services/tfm_attestation_integration_guide.rst
@@ -242,8 +242,6 @@
partition manager implementation (SPM). Implementations in TF-M project can be
found here:
-- ``interface/src/tfm_initial_attestation_func_api.c``: non-secure interface
- implementation for library model
- ``interface/src/tfm_initial_attestation_ipc_api.c``: non-secure interface
implementation for IPC model
- ``secure_fw/partitions/initial_attestation/tfm_attestation_secure_api.c``:
diff --git a/docs/integration_guide/services/tfm_secure_partition_addition.rst b/docs/integration_guide/services/tfm_secure_partition_addition.rst
index 5137203..b4e1d95 100644
--- a/docs/integration_guide/services/tfm_secure_partition_addition.rst
+++ b/docs/integration_guide/services/tfm_secure_partition_addition.rst
@@ -18,7 +18,6 @@
IPC Interprocess communication
IPC model The secure IPC framework
irqs Interrupt requests
- Library model The secure function call framework
MMIO Memory Mapped I/O
PSA Platform Security Architecture
RoT Root of Trust
@@ -47,8 +46,7 @@
source-level implementation is not included in this document.
.. Note::
- If not otherwise specified, the steps are identical for Library, IPC and SFN
- model.
+ If not otherwise specified, the steps are identical for IPC and SFN model.
The IPC and SFN model conforms to the *PSA Firmware Framework for M (FF-M) v
1.1* changes. Refer to `PSA Firmware Framework specification`_ and
@@ -196,8 +194,6 @@
crypto 0x00000 0x080-0x09F
firmware_update 0x00000 0x0A0-0x0BF
tfm_secure_client 0x0000F 0x000-0x01F
- core_test 0x0000F 0x020-0x03F
- core_test_2 0x0000F 0x040-0x05F
tfm_ipc_client 0x0000F 0x060-0x07F
tfm_ipc_service 0x0000F 0x080-0x09F
tfm_slih_test_service 0x0000F 0x0A0-0x0AF
@@ -289,26 +285,6 @@
#define TFM_PERIPHERAL_A (&tfm_peripheral_A)
-Library model support
----------------------
-For the library model, the user needs to add a ``secure_functions`` item. The
-main difference between ``secure_function`` and ``services`` is the extra
-``signal`` key for secure function entry. This is not required in FF-M v1.0.
-
-The ``signal`` must be the upper case of the secure function name.
-
-.. code-block:: yaml
-
- "secure_functions": [
- {
- "name": "TFM_EXAMPLE_A",
- "signal": "EXAMPLE_A_FUNC",
- "sid": "0x00000000",
- "non_secure_clients": true,
- "version": 1,
- "version_policy": "STRICT"
- },
-
Add configuration
=================
The following configuration tasks are required for the newly added secure
diff --git a/docs/integration_guide/tfm_fpu_support.rst b/docs/integration_guide/tfm_fpu_support.rst
index cde89dd..520146e 100644
--- a/docs/integration_guide/tfm_fpu_support.rst
+++ b/docs/integration_guide/tfm_fpu_support.rst
@@ -15,7 +15,7 @@
2021.10`` and later version shall be used to mitigate VLLDM instruction
security vulnerability [4]_.
* Support Inter-Process Communication (IPC) [5]_ model in TF-M, and doesn't
- support LIBRARY or SFN model.
+ support SFN model.
* Support Armv8-M mainline.
* Support isolation level 1,2,3.
* Does not support use FPU in First-Level Interrupt Handling (FLIH) [6]_ at
diff --git a/docs/platform/nuvoton/m2351/README.rst b/docs/platform/nuvoton/m2351/README.rst
index 0901269..b0776c3 100644
--- a/docs/platform/nuvoton/m2351/README.rst
+++ b/docs/platform/nuvoton/m2351/README.rst
@@ -12,7 +12,6 @@
$ cd build
$ cmake ../ \
-G"Unix Makefiles" \
- -DTFM_LIB_MODEL=ON \
-DTFM_PLATFORM=nuvoton/m2351 \
-DTFM_TOOLCHAIN_FILE=../toolchain_GNUARM.cmake \
-DTEST_NS=ON \
@@ -21,7 +20,7 @@
Define TEST_NS=ON or TEST_S=ON for non-secure or secure regression test.
CMAKE_BUILD_TYPE could be "Release", "RelWithDebInfo" or "Minsizerel"
-TFM_LIB_MODEL=OFF and TFM_ISOLATION_LEVEL=2 can also be set but them cannot be
+TFM_ISOLATION_LEVEL=2 can also be set but it cannot be
defined with TEST_S=ON or TEST_NS=ON at the same time due to limited RAM size
of M2351. Other cmake parameters should not be changed.
diff --git a/docs/security/threat_models/generic_threat_model.rst b/docs/security/threat_models/generic_threat_model.rst
index 671b5ec..6081575 100644
--- a/docs/security/threat_models/generic_threat_model.rst
+++ b/docs/security/threat_models/generic_threat_model.rst
@@ -138,9 +138,8 @@
+-----------+----------------------------------------------------------------+
| ``DF2`` | NSPE requests TF-M RoT services. |
| | |
- | | - In TF-M Library model, NS invokes Secure Function calls |
- | | - In TF-M IPC model, NS invokes PSA Client calls based on IPC |
- | | protocol defined in [FF-M]_. |
+ | | In TF-M IPC model, NS invokes PSA Client calls based on IPC |
+ | | protocol defined in [FF-M]_. |
| | |
| | In single Armv8-M core scenarios, SG instruction is executed |
| | in Non-secure Callable region to trigger a transition from |
@@ -713,9 +712,6 @@
This section identifies threats on ``DF3`` defined in `Data Flow Diagram`_.
-In Library model, RoT services directly read and write NS memory to simplify
-the implementation and decrease latency.
-
In TF-M IPC model, RoT services can either directly access NS memory or rely on
TF-M SPM to obtain NS input data and send response data back to NS memory.
diff --git a/docs/technical_references/design_docs/profiles/tfm_profile_large.rst b/docs/technical_references/design_docs/profiles/tfm_profile_large.rst
index 7079794..d0f1a32 100644
--- a/docs/technical_references/design_docs/profiles/tfm_profile_large.rst
+++ b/docs/technical_references/design_docs/profiles/tfm_profile_large.rst
@@ -220,8 +220,6 @@
+============================================+====================================+====================================================================================================+
| ``TFM_ISOLATION_LEVEL`` | Select level 3 isolation | ``3`` |
+--------------------------------------------+------------------------------------+----------------------------------------------------------------------------------------------------+
- | ``TFM_LIB_MODEL`` | Select IPC model | ``OFF`` |
- +--------------------------------------------+------------------------------------+----------------------------------------------------------------------------------------------------+
| ``TFM_PARTITION_INTERNAL_TRUSTED_STORAGE`` | Enable ITS SP | ``ON`` |
+--------------------------------------------+------------------------------------+----------------------------------------------------------------------------------------------------+
| ``ITS_BUF_SIZE`` | ITS internal transient buffer size | ``64`` |
diff --git a/docs/technical_references/design_docs/profiles/tfm_profile_medium.rst b/docs/technical_references/design_docs/profiles/tfm_profile_medium.rst
index 7528989..634b109 100644
--- a/docs/technical_references/design_docs/profiles/tfm_profile_medium.rst
+++ b/docs/technical_references/design_docs/profiles/tfm_profile_medium.rst
@@ -86,7 +86,7 @@
Profile Medium enables IPC model by default. IPC model can achieve a more
flexible framework and higher levels of isolation, but may require more memory
-footprint and bring in longer latency, compared to Library model.
+footprint and bring in longer latency, compared to SFN model.
TF-M IPC model implementation follows the PSA Firmware Framework for M
(PSA-FF-M) [PSA-FF-M]_.
@@ -228,8 +228,6 @@
+============================================+=====================================================================================================+=====================================+
| ``TFM_ISOLATION_LEVEL`` | ``2`` | Select level 2 isolation |
+--------------------------------------------+-----------------------------------------------------------------------------------------------------+-------------------------------------+
- | ``TFM_LIB_MODEL`` | ``OFF`` | Select IPC model |
- +--------------------------------------------+------------------------------------+------------------------------------------------------------------------------------------------------+
| ``TFM_PARTITION_INTERNAL_TRUSTED_STORAGE`` | ``ON`` | Enable ITS SP |
+--------------------------------------------+-----------------------------------------------------------------------------------------------------+-------------------------------------+
| ``ITS_BUF_SIZE`` | ``32`` | ITS internal transient buffer size |
diff --git a/docs/technical_references/design_docs/profiles/tfm_profile_small.rst b/docs/technical_references/design_docs/profiles/tfm_profile_small.rst
index dec8a37..432c937 100644
--- a/docs/technical_references/design_docs/profiles/tfm_profile_small.rst
+++ b/docs/technical_references/design_docs/profiles/tfm_profile_small.rst
@@ -48,7 +48,7 @@
- Lightweight framework
- - Library model or Secure Function (SFN) model [2]_
+ - Secure Function (SFN) model [2]_
- Level 1 isolation
- Buffer sharing allowed
- Single secure context
@@ -97,17 +97,7 @@
TF-M framework model
--------------------
-Library model is selected by default in Profile Small implementation.
-Library model implements secure function calls, via which clients directly call
-secure services. It provides a more simple implementation of TF-M framework and
-may reduce memory footprint, compared with Inter-Process Communication (IPC)
-model [3]_.
-
-As Library model is TF-M specific implementation, please check some of its
-dedicated implementation details as described in `Appendix`_, before adopting
-Library model on your platforms.
-
-You can select SFN model instead of Library model in Profile Small.
+SFN model is selected by default in Profile Small implementation.
SFN model is defined in FF-M 1.1 extensions [2]_. It is a more simple
implementation of TF-M framework and may also reduce memory footprint, compared
with Inter-Process Communication (IPC) model [3]_.
@@ -157,7 +147,7 @@
capabilities as defined in TLS-PSK, such as one symmetric cipher algorithm
and one hash function.
-TF-M Profile Small selects TLS-PSK cipher suite TLS_PSK_WITH_AES_128_CCM [6]_
+TF-M Profile Small selects TLS-PSK cipher suite TLS_PSK_WITH_AES_128_CCM [5]_
as reference, which requires:
- AES-128-CCM (AES CCM mode with 128-bit key) as symmetric crypto algorithm
@@ -186,10 +176,10 @@
**Security note**
It is recommended not to use MD5 or SHA-1 for message digests as they are
- subject to collision attacks [7]_ [8]_.
+ subject to collision attacks [6]_ [7]_.
By default, Profile Small only enables multi-part functions defined in PSA
-Cryptography API [14]_ in hash, symmetric ciphers, MAC and AEAD operations.
+Cryptography API [13]_ in hash, symmetric ciphers, MAC and AEAD operations.
Disabling single-part functions optimizes the code size of TF-M crypto service.
Multi-part operations allows the message data to be processed in fragments
instead of all at once. In static memory allocation, single-part operation may
@@ -228,7 +218,7 @@
Internal transient buffer
-------------------------
-ITS implements a internal transient buffer [9]_ to hold the data read
+ITS implements a internal transient buffer [8]_ to hold the data read
from/written to storage, especially for flash, to solve the alignment and
security issues.
@@ -258,7 +248,7 @@
===================
Profile Small requires an Initial Attestation secure service based on symmetric
-key algorithms. Refer to PSA Attestation API document [10]_ for details of
+key algorithms. Refer to PSA Attestation API document [9]_ for details of
Initial Attestation based on symmetric key algorithms.
It can heavily increase memory footprint to support Initial Attestation based on
@@ -268,7 +258,7 @@
**Implementation note**
- As pointed out by PSA Attestation API document [10]_, the use cases of
+ As pointed out by PSA Attestation API document [9]_, the use cases of
Initial Attestation based on symmetric key algorithms can be limited due to
the associated infrastructure costs for key management and operational
complexities. It may also restrict the ability to interoperate with
@@ -289,7 +279,7 @@
Lightweight boot
================
-If MCUBoot provided by TF-M is enabled, single image boot [11]_ is selected by
+If MCUBoot provided by TF-M is enabled, single image boot [10]_ is selected by
default in Profile Small.
In case of single image boot, secure and non-secure images are handled as a
single blob and signed together during image generation.
@@ -353,8 +343,6 @@
+============================================+=====================================================================================================+=====================================+
| ``TFM_ISOLATION_LEVEL`` | ``1`` | Select level 2 isolation |
+--------------------------------------------+-----------------------------------------------------------------------------------------------------+-------------------------------------+
- | ``TFM_LIB_MODEL`` | ``ON`` | Select Library model |
- +--------------------------------------------+-----------------------------------------------------------------------------------------------------+-------------------------------------+
| ``TFM_PARTITION_INTERNAL_TRUSTED_STORAGE`` | ``ON`` | Enable ITS SP |
+--------------------------------------------+-----------------------------------------------------------------------------------------------------+-------------------------------------+
| ``ITS_BUF_SIZE`` | ``32`` | ITS internal transient buffer size |
@@ -396,12 +384,11 @@
TF-M framework setting
----------------------
-The top-level Profile Small CMake config file selects Library model and level 1
+The top-level Profile Small CMake config file selects SFN model and level 1
isolation.
-Users can set ``-DCONFIG_TFM_SPM_BACKEND=SFN`` in build command to select SFN
-model instead. In SFN model, ``-DPSA_FRAMEWORK_HAS_MM_IOVEC`` is enabled by
-default. It reduces memory footprint by avoiding the transient copy from input
+In SFN model, ``-DPSA_FRAMEWORK_HAS_MM_IOVEC`` is enabled by default.
+It reduces memory footprint by avoiding the transient copy from input
vectors and copy to output vectors.
Crypto service configuration
@@ -418,7 +405,7 @@
- Disable single-part operations in Hash, MAC, AEAD and symmetric ciphers
via selecting ``CRYPTO_SINGLE_PART_FUNCS_DISABLED``
-Other modules and configurations [12]_ are kept as default values.
+Other modules and configurations [11]_ are kept as default values.
Additional configuration flags with more fine granularity can be added to
control building of specific crypto algorithms and corresponding test cases.
@@ -430,7 +417,7 @@
``tfm_mbedcrypto_config_profile_small.h`` and Mbed Crypto PSA config file
``crypto_config_profile_small.h`` at ``/lib/ext/mbedcrypto/mbedcrypto_config``
folder, instead of the common one ``tfm_mbedcrypto_config_default.h`` and
-``crypto_config_default.h`` [12]_.
+``crypto_config_default.h`` [11]_.
Major Mbed Crypto configurations are set as listed below:
@@ -457,13 +444,13 @@
ITS service is enabled in top-level Profile Small CMake config file.
-The internal transient buffer size ``ITS_BUF_SIZE`` [9]_ is set to 32 bytes by
+The internal transient buffer size ``ITS_BUF_SIZE`` [8]_ is set to 32 bytes by
default. A platform/use case can overwrite the buffer size in its specific
configuration extension according to its actual requirement of assets and Flash
attributes.
Profile Small CMake config file won't touch the configurations of device
-specific Flash hardware attributes [9]_.
+specific Flash hardware attributes [8]_.
Initial Attestation secure service
----------------------------------
@@ -471,7 +458,7 @@
TF-M Profile Small provides a reference implementation of symmetric key
algorithms based Initial Attestation, using HMAC SHA-256 as MAC algorithm in
``COSE_Mac0`` structure. The implementation follows PSA Attestation API document
-[10]_.
+[9]_.
Profile Small top-level config file enables Initial Attestation secure service
and selects symmetric key algorithms based Initial Attestation by default.
@@ -576,7 +563,7 @@
The following commands build Profile Small without test cases on **AN521** with
build type **MinSizeRel**, built by **Armclang**.
-Library model is selected by default.
+SFN model is selected by default.
.. code-block:: bash
@@ -591,7 +578,7 @@
The following commands build Profile Small with regression test cases on
**AN521** with build type **MinSizeRel**, built by **Armclang**.
-Library model is selected by default.
+SFN model is selected by default.
.. code-block:: bash
@@ -612,78 +599,8 @@
This will decrease the size of the test images. Note that both test suites
must still be run to ensure correct operation.
-The following commands build Profile Small with SFN model on **AN521** with
-build type **MinSizeRel**, built by **GNU Arm compiler**.
-
-.. code-block:: bash
-
- cd <TFM root dir>
- mkdir build && cd build
- cmake -DTFM_PLATFORM=arm/mps2/an521 \
- -DTFM_PROFILE=profile_small \
- -DCMAKE_BUILD_TYPE=MinSizeRel \
- -DCONFIG_TFM_SPM_BACKEND=SFN \
- ../
- cmake --build ./ -- install
-
More details of building instructions and parameters can be found TF-M build
-instruction guide [13]_.
-
-********
-Appendix
-********
-
-TF-M Library model implementation details
-=========================================
-
-.. note ::
-
- **Implementation note**
-
- Please note that there is no public dedicated specification for Library
- model.
- The design, interfaces and implementation of Library model in TF-M may
- change.
-
-Buffer sharing allowed
-----------------------
-
-To simplify interface and reduce memory footprint, TF-M Library model directly
-handles client call input vectors from non-secure client buffers and later
-writes results back to those buffers, without keeping a copy in a transient
-buffer inside TF-M.
-
-.. note ::
-
- **Security note**
-
- There can be security vulnerabilities if non-secure client buffers are
- directly shared between NSPE and SPE, such as Time-of-check to time-of-use
- (TOCTOU) attack.
-
- Developers need to check if this can meet the Security Functional
- Requirements (SFR) of the integration of their devices.
- Some SFRs are listed in a set of example Threat Models and Security Analyses
- (TMSA) offered by PSA for common IoT use cases. [5]_
-
-Single secure context
----------------------
-
-TF-M Library model only supports single secure context.
-
-It cannot support multiple contexts or the scheduling implemented in IPC model.
-It neither can support multiple outstanding PSA client calls.
-
-But correspondingly, it can save memory footprint and runtime complexity in
-context management and scheduling.
-
-.. note ::
-
- **Security note**
-
- Non-secure software should prevent triggering multiple outstanding PSA
- client calls concurrently. Otherwise, it may crash current running secure
- context.
+instruction guide [12]_.
*********
Reference
@@ -697,25 +614,23 @@
.. [4] `Platform Security Model 1.1 <https://developer.arm.com/documentation/den0128/latest>`_
-.. [5] `PSA analyze stage <https://www.arm.com/architecture/security-features#analyze>`_
+.. [5] `AES-CCM Cipher Suites for Transport Layer Security (TLS) <https://tools.ietf.org/html/rfc6655>`_
-.. [6] `AES-CCM Cipher Suites for Transport Layer Security (TLS) <https://tools.ietf.org/html/rfc6655>`_
+.. [6] `Updated Security Considerations for the MD5 Message-Digest and the HMAC-MD5 Algorithms <https://tools.ietf.org/html/rfc6151>`_
-.. [7] `Updated Security Considerations for the MD5 Message-Digest and the HMAC-MD5 Algorithms <https://tools.ietf.org/html/rfc6151>`_
+.. [7] `Transitioning the Use of Cryptographic Algorithms and Key Lengths <https://www.nist.gov/publications/transitioning-use-cryptographic-algorithms-and-key-lengths>`_
-.. [8] `Transitioning the Use of Cryptographic Algorithms and Key Lengths <https://www.nist.gov/publications/transitioning-use-cryptographic-algorithms-and-key-lengths>`_
+.. [8] :doc:`ITS integration guide </integration_guide/services/tfm_its_integration_guide>`
-.. [9] :doc:`ITS integration guide </integration_guide/services/tfm_its_integration_guide>`
+.. [9] `PSA Attestation API 1.0 (ARM IHI 0085) <https://developer.arm.com/-/media/Files/pdf/PlatformSecurityArchitecture/Implement/IHI0085-PSA_Attestation_API-1.0.2.pdf?revision=eef78753-c77e-4b24-bcf0-65596213b4c1&la=en&hash=E5E0353D612077AFDCE3F2F3708A50C77A74B2A3>`_
-.. [10] `PSA Attestation API 1.0 (ARM IHI 0085) <https://developer.arm.com/-/media/Files/pdf/PlatformSecurityArchitecture/Implement/IHI0085-PSA_Attestation_API-1.0.2.pdf?revision=eef78753-c77e-4b24-bcf0-65596213b4c1&la=en&hash=E5E0353D612077AFDCE3F2F3708A50C77A74B2A3>`_
+.. [10] :doc:`Secure boot </technical_references/design_docs/tfm_secure_boot>`
-.. [11] :doc:`Secure boot </technical_references/design_docs/tfm_secure_boot>`
+.. [11] :doc:`Crypto design </technical_references/design_docs/tfm_crypto_design>`
-.. [12] :doc:`Crypto design </technical_references/design_docs/tfm_crypto_design>`
+.. [12] :doc:`TF-M build instruction </building/tfm_build_instruction>`
-.. [13] :doc:`TF-M build instruction </building/tfm_build_instruction>`
-
-.. [14] `PSA Cryptography API 1.0 <https://developer.arm.com/documentation/ihi0086/a/?lang=en>`_
+.. [13] `PSA Cryptography API 1.0 <https://developer.arm.com/documentation/ihi0086/a/?lang=en>`_
--------------
diff --git a/docs/technical_references/design_docs/source_structure.rst b/docs/technical_references/design_docs/source_structure.rst
index a42529e..89d7205 100644
--- a/docs/technical_references/design_docs/source_structure.rst
+++ b/docs/technical_references/design_docs/source_structure.rst
@@ -150,7 +150,6 @@
such as the runtime API and the thread
operation, etc.
cmsis_psa/\* CMSIS implementation for PSA-FF-M SPM. [1]
-cmsis_func/\* The library model implementation. [2]
\* Implementation sources.
=================================== ===========================================
@@ -162,4 +161,4 @@
--------------
-*Copyright (c) 2020-2021, Arm Limited. All rights reserved.*
+*Copyright (c) 2020-2022, Arm Limited. All rights reserved.*
diff --git a/docs/technical_references/design_docs/tfm_crypto_design.rst b/docs/technical_references/design_docs/tfm_crypto_design.rst
index a532c76..5932234d 100644
--- a/docs/technical_references/design_docs/tfm_crypto_design.rst
+++ b/docs/technical_references/design_docs/tfm_crypto_design.rst
@@ -68,8 +68,7 @@
| | functionality. | ``./secure_fw/partitions/crypto/crypto_mac.c`` |
| | | ''./secure_fw/partitions/crypto/crypto_key_management.c'' |
+-----------------------------+---------------------------------------------------------------+----------------------------------------------------------------------+
- | Manifest | The manifest file is a description of the service components | ``./secure_fw/partitions/crypto/manifest.yaml`` |
- | | for both library model and IPC model. | |
+ | Manifest | The manifest file is a description of the service components. | ``./secure_fw/partitions/crypto/manifest.yaml`` |
+-----------------------------+---------------------------------------------------------------+----------------------------------------------------------------------+
| CMake files and headers | The CMake files are used by the TF-M CMake build system to | ``./secure_fw/partitions/crypto/CMakeLists.inc`` |
| | build the service as part of the Secure FW build. The service | ``./secure_fw/partitions/crypto/CMakeLists.txt`` |
diff --git a/docs/technical_references/design_docs/tfm_fwu_service.rst b/docs/technical_references/design_docs/tfm_fwu_service.rst
index 39abf0e..b48d5e6 100644
--- a/docs/technical_references/design_docs/tfm_fwu_service.rst
+++ b/docs/technical_references/design_docs/tfm_fwu_service.rst
@@ -35,17 +35,12 @@
+-----------------------------+---------------------------------------------------------------+---------------------------------------------------------------------------------------+
| **Component name** | **Description** | **Location** |
+=============================+===============================================================+=======================================================================================+
- | SPE client API interface | This module exports the client API of PSA Firmware Update to | ``./secure_fw/partitions/firmware_update/tfm_fwu_secure_api.c`` |
- | | the other services available in TF-M. | |
+ | Client API interface | This module exports the client API of PSA Firmware Update to | ``./interface/src/tfm_fwu_api.c`` |
+ | | the users. | |
+-----------------------------+---------------------------------------------------------------+---------------------------------------------------------------------------------------+
- | NSPE client API interface | This module exports the client API of PSA Firmware Update to | ``./interface/src/tfm_firmware_update_func_api.c`` |
- | | the NSPE(i.e. to the applications). | ``./interface/src/tfm_firmware_update_ipc_api.c`` |
+ | Manifest | The manifest file is a description of the service components. | ``./secure_fw/partitions/firmware_update/tfm_firmware_update.yaml`` |
+-----------------------------+---------------------------------------------------------------+---------------------------------------------------------------------------------------+
- | Manifest | The manifest file is a description of the service components | ``./secure_fw/partitions/firmware_update/tfm_firmware_update.yaml`` |
- | | for both library mode and IPC model. | |
- +-----------------------------+---------------------------------------------------------------+---------------------------------------------------------------------------------------+
- | Secure functions and IPC | This module handles all the secure function requests in | ``./secure_fw/partitions/firmware_update/tfm_fwu_req_mngr.c`` |
- | request handlers | library model and all the service requests in IPC model. | |
+ | IPC request handlers | This module handles all the secure requests in IPC model. | ``./secure_fw/partitions/firmware_update/tfm_fwu_req_mngr.c`` |
| | It maitains the image state context and calls the image ID | |
| | converter to achieve the firmware update functionalities. | |
+-----------------------------+---------------------------------------------------------------+---------------------------------------------------------------------------------------+
@@ -268,8 +263,7 @@
Implement the FWU functionality in the non-secure side
======================================================
The APIs listed in PSA Firmware Update API spec [1]_ can also be implemented in
-the non-secure side. The library model implementation can be referred to for the
-non-secure side implementation.
+the non-secure side.
Pros and Cons for Implementing FWU APIs in Secure Side
======================================================
@@ -314,4 +308,4 @@
--------------
-*Copyright (c) 2021, Arm Limited. All rights reserved.*
+*Copyright (c) 2021-2022, Arm Limited. All rights reserved.*
diff --git a/docs/technical_references/design_docs/tfm_its_service.rst b/docs/technical_references/design_docs/tfm_its_service.rst
index 7c81565..06c2ceb 100644
--- a/docs/technical_references/design_docs/tfm_its_service.rst
+++ b/docs/technical_references/design_docs/tfm_its_service.rst
@@ -265,8 +265,8 @@
- Divide up the UIDs, so certain UIDs from Protected Storage refer to assets in
internal storage, and others to ones in external storage.
-- Use the ``type`` field of ``psa_call`` in IPC model and extra veneers in
- library model to distinguish between internal and external storage requests.
+- Use the ``type`` field of ``psa_call`` in IPC model to distinguish between
+ internal and external storage requests.
The other option for code sharing would be for Protected Storage and ITS to
directly share filesystem code, which would be placed in a shared code region.
diff --git a/docs/technical_references/design_docs/tfm_psa_inter_process_communication.rst b/docs/technical_references/design_docs/tfm_psa_inter_process_communication.rst
index 4107666..312d6ae 100644
--- a/docs/technical_references/design_docs/tfm_psa_inter_process_communication.rst
+++ b/docs/technical_references/design_docs/tfm_psa_inter_process_communication.rst
@@ -17,13 +17,10 @@
***************
Design Overview
***************
-IPC re-uses existed components in library model:
+Components for implementing IPC:
- SPM – for partition information and isolation actions
- Core – for exception handling
-
-Extra components for implementing IPC:
-
- Memory pool
- Message manager
- Thread
@@ -43,9 +40,7 @@
SPM manages Secure Partition information. Enhancements need to be done in SPM
data structure for Secure Partition for IPC due to:
-- IPC model requires each Secure Partition has its own stack area while
- isolation level 1 of library model makes all partition shares same stack
- pointer. This needs to be changed while implementing IPC.
+- IPC model requires each Secure Partition has its own stack area.
- Multiple services are holding in same Secure Partition and each service
has its own information like message queue, SID and priority.
- Changed information related manifest items need to be changed, too.
@@ -230,4 +225,4 @@
--------------
-*Copyright (c) 2019, Arm Limited. All rights reserved.*
+*Copyright (c) 2019-2022, Arm Limited. All rights reserved.*