TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TS / trusted-services / 7b59462cf66fd03e432b2eaefcc94723b172c01e^! / . / docs / overview / example-usage.rst
commit7b59462cf66fd03e432b2eaefcc94723b172c01e[log] [tgz]
authorJulian Hall <julian.hall@arm.com>Fri Apr 08 14:04:15 2022 +0100
committerGyorgy Szing <Gyorgy.Szing@arm.com>Thu Dec 01 01:14:25 2022 +0100
treef1a173c09e96e8d8774dfe70a8b7d47100d68217
parente31557bbac892300d891cbecb2a9e04054154364 [diff] [blame]
Refactor top-level document structure

In preparation for extending documentation on PSA certified and
secure processing environments, the top-level structure has been
cleaned-up and simplified. PNGs from tf-m for docs home have
been reused for consistency.

Signed-off-by: Julian Hall <julian.hall@arm.com>
Change-Id: Id2b7d9b46dd90f419d00c417a06003e32862ead0

diff --git a/docs/overview/example-usage.rst b/docs/overview/example-usage.rst
new file mode 100644
index 0000000..68422ba
--- /dev/null
+++ b/docs/overview/example-usage.rst

@@ -0,0 +1,45 @@
+Solving Common Security Problems
+================================
+
+The following are examples of how trusted services can solve common device security problems.
+
+
+Protecting IoT device identity
+------------------------------
+
+During the provisioning process, an IoT device is assigned a secure identity that consists of a public/private
+key pair and a CA signed certificate that includes the public key.  The device is also provisioned with the
+public key corresponding to the cloud service that it will operate with.  The provisioned material is used
+whenever a device connects to the cloud during the authentication process.  To prevent the possibility
+of device cloning or unauthorized transfer to a different cloud service, all provisioned material must be
+held in secure storage and access to the private key must be prevented.  To achieve this, the certificate
+verification and nonce signing performed during the TLS handshake is performed by the Crypto trusted service
+that performs the operations without exposing the private key.
+
+
+Protecting Software Updates
+---------------------------
+
+To ensure that software updates applied to a device originate from a legitimate source, update packages are
+signed.  A signed package will include a signature block that includes a hash of the package contents within
+the signed data.  During the update process, a device will verify the signature using a provisioned public key
+that corresponds to the signing key used by the update originator.  By holding the public key in secure storage
+and performing the signature verification using the Crypto service, unauthorized modification of the update
+source is prevented.
+
+
+Secure Logging
+--------------
+
+A managed IoT device will often be configured by an installation engineer who has physical access to the
+device.  To allow a cloud operator to audit configuration changes, it is necessary to keep a log of
+configuration steps performed by the installation engineer.  To avoid the possibility of fraudulent
+modification of the audit log, a device signs log data using a device unique key-pair.  The public key
+corresponding to the signing private key may be retrieved by the cloud operator to allow the log to
+be verified.  To protect the signing key, the Crypto service is used for signing log records.
+
+--------------------
+
+*Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved.*
+
+SPDX-License-Identifier: BSD-3-Clause