Add fTPM documentation
Create documentation for the fTPM deployment and the various TPM related
components implemented in the project.
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
Change-Id: Id06cb26d0cd3f5a1fe3542a08fadea63023ac5fb
diff --git a/docs/deployments/secure-partitions.rst b/docs/deployments/secure-partitions.rst
index 7727de9..a129996 100644
--- a/docs/deployments/secure-partitions.rst
+++ b/docs/deployments/secure-partitions.rst
@@ -113,6 +113,25 @@
- * | Secure storage service instance (e.g. hosted by protected-storage SP)
* | Crypto service instance (e.g. hosted crypto SP)
+ftpm
+----
+The fTPM deployment provides a software TPM 2.0 implementation in an SP, based
+on the `ms-tpm-20-ref` reference implementation. It exposes a TPM CRB interface
+over FF-A, conforming to the `Arm DEN0138` specification. For more information,
+see: :ref:`TPM 2.0 service`.
+
+.. list-table::
+ :widths: 1 2
+ :header-rows: 0
+
+ * - Supported Environments
+ - * *opteesp* (runs as an S-EL0 SP under OP-TEE)
+ * *sp* (SPMC agnostic S-EL0 SP format)
+ * - External Dependencies
+ - * | Secure storage service instance (e.g. hosted by protected-storage SP)
+ * | TRNG (platform specific)
+ * | Carveout for CRB memory regions
+
env-test
--------
An instance of the test runner service provider is built into an SP image to
diff --git a/docs/services/image/tpm-components.svg b/docs/services/image/tpm-components.svg
new file mode 100644
index 0000000..1a0863b
--- /dev/null
+++ b/docs/services/image/tpm-components.svg
@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" style="background: #ffffff; background-color: light-dark(#ffffff, #121212);" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="511px" height="256px" viewBox="-0.5 -0.5 511 256"><defs/><rect fill="#ffffff" width="100%" height="100%" x="0" y="0" style="fill: light-dark(rgb(255, 255, 255), rgb(18, 18, 18));"/><g><g data-cell-id="0"><g data-cell-id="1"><g data-cell-id="S7Y9dz76nA7kSrRkpRBJ-6"><g><rect x="130" y="125" width="120" height="60" fill="#f5f5f5" stroke="#666666" pointer-events="all" style="fill: light-dark(rgb(245, 245, 245), rgb(26, 26, 26)); stroke: light-dark(rgb(102, 102, 102), rgb(149, 149, 149));"/></g></g><g data-cell-id="S7Y9dz76nA7kSrRkpRBJ-5"><g><rect x="120" y="135" width="120" height="60" fill="#f5f5f5" stroke="#666666" pointer-events="all" style="fill: light-dark(rgb(245, 245, 245), rgb(26, 26, 26)); stroke: light-dark(rgb(102, 102, 102), rgb(149, 149, 149));"/></g></g><g data-cell-id="S7Y9dz76nA7kSrRkpRBJ-1"><g><rect x="80" y="25" width="100" height="60" fill="#dae8fc" stroke="#6c8ebf" pointer-events="all" style="fill: light-dark(rgb(218, 232, 252), rgb(29, 41, 59)); stroke: light-dark(rgb(108, 142, 191), rgb(92, 121, 163));"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 98px; height: 1px; padding-top: 55px; margin-left: 81px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; color: #000000; "><div style="display: inline-block; font-size: 12px; font-family: "Helvetica"; color: light-dark(#000000, #ffffff); line-height: 1.2; pointer-events: all; white-space: normal; word-wrap: normal; ">TPM CRB FF-A<div>RPC endpoint</div></div></div></div></foreignObject><text x="130" y="59" fill="light-dark(#000000, #ffffff)" font-family=""Helvetica"" font-size="12px" text-anchor="middle">TPM CRB FF-A...</text></switch></g></g></g><g data-cell-id="S7Y9dz76nA7kSrRkpRBJ-2"><g><rect x="220" y="25" width="90" height="60" fill="#d5e8d4" stroke="#82b366" pointer-events="all" style="fill: light-dark(rgb(213, 232, 212), rgb(31, 47, 30)); stroke: light-dark(rgb(130, 179, 102), rgb(68, 110, 44));"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 88px; height: 1px; padding-top: 55px; margin-left: 221px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; color: #000000; "><div style="display: inline-block; font-size: 12px; font-family: "Helvetica"; color: light-dark(#000000, #ffffff); line-height: 1.2; pointer-events: all; white-space: normal; word-wrap: normal; ">TPM CRB provider</div></div></div></foreignObject><text x="265" y="59" fill="light-dark(#000000, #ffffff)" font-family=""Helvetica"" font-size="12px" text-anchor="middle">TPM CRB provider</text></switch></g></g></g><g data-cell-id="S7Y9dz76nA7kSrRkpRBJ-3"><g><rect x="350" y="10" width="150" height="90" fill="#f8cecc" stroke="#b85450" pointer-events="all" style="fill: light-dark(rgb(248, 206, 204), rgb(81, 45, 43)); stroke: light-dark(rgb(184, 84, 80), rgb(215, 129, 126));"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-start; justify-content: unsafe center; width: 148px; height: 1px; padding-top: 17px; margin-left: 351px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; color: #000000; "><div style="display: inline-block; font-size: 12px; font-family: "Helvetica"; color: light-dark(#000000, #ffffff); line-height: 1.2; pointer-events: all; white-space: normal; word-wrap: normal; ">ms-tpm backend</div></div></div></foreignObject><text x="425" y="29" fill="light-dark(#000000, #ffffff)" font-family=""Helvetica"" font-size="12px" text-anchor="middle">ms-tpm backend</text></switch></g></g></g><g data-cell-id="S7Y9dz76nA7kSrRkpRBJ-4"><g><rect x="110" y="145" width="120" height="60" fill="#f5f5f5" stroke="#666666" pointer-events="all" style="fill: light-dark(rgb(245, 245, 245), rgb(26, 26, 26)); stroke: light-dark(rgb(102, 102, 102), rgb(149, 149, 149));"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 118px; height: 1px; padding-top: 175px; margin-left: 111px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; color: #333333; "><div style="display: inline-block; font-size: 12px; font-family: "Helvetica"; color: light-dark(#333333, #c1c1c1); line-height: 1.2; pointer-events: all; white-space: normal; word-wrap: normal; ">Locality 0 CRB</div></div></div></foreignObject><text x="170" y="179" fill="#333333" font-family=""Helvetica"" font-size="12px" text-anchor="middle">Locality 0 CRB</text></switch></g></g></g><g data-cell-id="S7Y9dz76nA7kSrRkpRBJ-7"><g><rect x="110" y="215" width="130" height="30" fill="none" stroke="none" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 128px; height: 1px; padding-top: 230px; margin-left: 111px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; color: #000000; "><div style="display: inline-block; font-size: 12px; font-family: "Helvetica"; color: light-dark(#000000, #ffffff); line-height: 1.2; pointer-events: all; white-space: normal; word-wrap: normal; ">CRB for Locality 0-3 in non-secure memory</div></div></div></foreignObject><text x="175" y="234" fill="light-dark(#000000, #ffffff)" font-family=""Helvetica"" font-size="12px" text-anchor="middle">CRB for Locality 0-3...</text></switch></g></g></g><g data-cell-id="S7Y9dz76nA7kSrRkpRBJ-8"><g><rect x="280" y="135" width="120" height="60" fill="#f5f5f5" stroke="#666666" pointer-events="all" style="fill: light-dark(rgb(245, 245, 245), rgb(26, 26, 26)); stroke: light-dark(rgb(102, 102, 102), rgb(149, 149, 149));"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 118px; height: 1px; padding-top: 165px; margin-left: 281px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; color: #333333; "><div style="display: inline-block; font-size: 12px; font-family: "Helvetica"; color: light-dark(#333333, #c1c1c1); line-height: 1.2; pointer-events: all; white-space: normal; word-wrap: normal; ">Locality 4 CRB</div></div></div></foreignObject><text x="340" y="169" fill="#333333" font-family=""Helvetica"" font-size="12px" text-anchor="middle">Locality 4 CRB</text></switch></g></g></g><g data-cell-id="S7Y9dz76nA7kSrRkpRBJ-9"><g><rect x="280" y="215" width="120" height="30" fill="none" stroke="none" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 118px; height: 1px; padding-top: 230px; margin-left: 281px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; color: #000000; "><div style="display: inline-block; font-size: 12px; font-family: "Helvetica"; color: light-dark(#000000, #ffffff); line-height: 1.2; pointer-events: all; white-space: normal; word-wrap: normal; ">CRB for Locality 4 in secure memory</div></div></div></foreignObject><text x="340" y="234" fill="light-dark(#000000, #ffffff)" font-family=""Helvetica"" font-size="12px" text-anchor="middle">CRB for Locality 4 i...</text></switch></g></g></g><g data-cell-id="S7Y9dz76nA7kSrRkpRBJ-10"><g><path d="M 20 55 L 71.76 55" fill="none" stroke="#000000" stroke-width="2" stroke-miterlimit="10" pointer-events="stroke" style="stroke: light-dark(rgb(0, 0, 0), rgb(255, 255, 255));"/><path d="M 77.76 55 L 69.76 59 L 71.76 55 L 69.76 51 Z" fill="#000000" stroke="#000000" stroke-width="2" stroke-miterlimit="10" pointer-events="all" style="fill: light-dark(rgb(0, 0, 0), rgb(255, 255, 255)); stroke: light-dark(rgb(0, 0, 0), rgb(255, 255, 255));"/></g></g><g data-cell-id="S7Y9dz76nA7kSrRkpRBJ-12"><g><rect x="10" y="60" width="70" height="30" fill="none" stroke="none" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 68px; height: 1px; padding-top: 75px; margin-left: 11px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; color: #000000; "><div style="display: inline-block; font-size: 12px; font-family: "Helvetica"; color: light-dark(#000000, #ffffff); line-height: 1.2; pointer-events: all; white-space: normal; word-wrap: normal; ">FF-A direct request</div></div></div></foreignObject><text x="45" y="79" fill="light-dark(#000000, #ffffff)" font-family=""Helvetica"" font-size="12px" text-anchor="middle">FF-A direct...</text></switch></g></g></g><g data-cell-id="S7Y9dz76nA7kSrRkpRBJ-15"><g><path d="M 180 55 L 211.76 55" fill="none" stroke="#000000" stroke-width="2" stroke-miterlimit="10" pointer-events="stroke" style="stroke: light-dark(rgb(0, 0, 0), rgb(255, 255, 255));"/><path d="M 217.76 55 L 209.76 59 L 211.76 55 L 209.76 51 Z" fill="#000000" stroke="#000000" stroke-width="2" stroke-miterlimit="10" pointer-events="all" style="fill: light-dark(rgb(0, 0, 0), rgb(255, 255, 255)); stroke: light-dark(rgb(0, 0, 0), rgb(255, 255, 255));"/></g></g><g data-cell-id="S7Y9dz76nA7kSrRkpRBJ-16"><g><path d="M 196.55 120.01 L 235.95 89.99" fill="none" stroke="#000000" stroke-width="2" stroke-miterlimit="10" pointer-events="stroke" style="stroke: light-dark(rgb(0, 0, 0), rgb(255, 255, 255));"/><path d="M 191.78 123.64 L 195.72 115.61 L 196.55 120.01 L 200.57 121.98 Z" fill="#000000" stroke="#000000" stroke-width="2" stroke-miterlimit="10" pointer-events="all" style="fill: light-dark(rgb(0, 0, 0), rgb(255, 255, 255)); stroke: light-dark(rgb(0, 0, 0), rgb(255, 255, 255));"/><path d="M 240.72 86.36 L 236.78 94.39 L 235.95 89.99 L 231.93 88.02 Z" fill="#000000" stroke="#000000" stroke-width="2" stroke-miterlimit="10" pointer-events="all" style="fill: light-dark(rgb(0, 0, 0), rgb(255, 255, 255)); stroke: light-dark(rgb(0, 0, 0), rgb(255, 255, 255));"/></g></g><g data-cell-id="S7Y9dz76nA7kSrRkpRBJ-17"><g><path d="M 334.04 129.32 L 293.46 90.68" fill="none" stroke="#000000" stroke-width="2" stroke-miterlimit="10" pointer-events="stroke" style="stroke: light-dark(rgb(0, 0, 0), rgb(255, 255, 255));"/><path d="M 338.38 133.46 L 329.83 130.84 L 334.04 129.32 L 335.35 125.04 Z" fill="#000000" stroke="#000000" stroke-width="2" stroke-miterlimit="10" pointer-events="all" style="fill: light-dark(rgb(0, 0, 0), rgb(255, 255, 255)); stroke: light-dark(rgb(0, 0, 0), rgb(255, 255, 255));"/><path d="M 289.12 86.54 L 297.67 89.16 L 293.46 90.68 L 292.15 94.96 Z" fill="#000000" stroke="#000000" stroke-width="2" stroke-miterlimit="10" pointer-events="all" style="fill: light-dark(rgb(0, 0, 0), rgb(255, 255, 255)); stroke: light-dark(rgb(0, 0, 0), rgb(255, 255, 255));"/></g></g><g data-cell-id="S7Y9dz76nA7kSrRkpRBJ-18"><g><path d="M 318.24 55 L 341.76 55" fill="none" stroke="#000000" stroke-width="2" stroke-miterlimit="10" pointer-events="stroke" style="stroke: light-dark(rgb(0, 0, 0), rgb(255, 255, 255));"/><path d="M 312.24 55 L 320.24 51 L 318.24 55 L 320.24 59 Z" fill="#000000" stroke="#000000" stroke-width="2" stroke-miterlimit="10" pointer-events="all" style="fill: light-dark(rgb(0, 0, 0), rgb(255, 255, 255)); stroke: light-dark(rgb(0, 0, 0), rgb(255, 255, 255));"/><path d="M 347.76 55 L 339.76 59 L 341.76 55 L 339.76 51 Z" fill="#000000" stroke="#000000" stroke-width="2" stroke-miterlimit="10" pointer-events="all" style="fill: light-dark(rgb(0, 0, 0), rgb(255, 255, 255)); stroke: light-dark(rgb(0, 0, 0), rgb(255, 255, 255));"/></g></g><g data-cell-id="S7Y9dz76nA7kSrRkpRBJ-19"><g><rect x="360" y="40" width="60" height="50" fill="#fff2cc" stroke="#d6b656" pointer-events="all" style="fill: light-dark(rgb(255, 242, 204), rgb(40, 29, 0)); stroke: light-dark(rgb(214, 182, 86), rgb(109, 81, 0));"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 58px; height: 1px; padding-top: 65px; margin-left: 361px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; color: #000000; "><div style="display: inline-block; font-size: 12px; font-family: "Helvetica"; color: light-dark(#000000, #ffffff); line-height: 1.2; pointer-events: all; white-space: normal; word-wrap: normal; ">PSA ITS client</div></div></div></foreignObject><text x="390" y="69" fill="light-dark(#000000, #ffffff)" font-family=""Helvetica"" font-size="12px" text-anchor="middle">PSA ITS cl...</text></switch></g></g></g><g data-cell-id="S7Y9dz76nA7kSrRkpRBJ-20"><g><rect x="430" y="40" width="60" height="50" fill="#fff2cc" stroke="#d6b656" pointer-events="all" style="fill: light-dark(rgb(255, 242, 204), rgb(40, 29, 0)); stroke: light-dark(rgb(214, 182, 86), rgb(109, 81, 0));"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 58px; height: 1px; padding-top: 65px; margin-left: 431px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; color: #000000; "><div style="display: inline-block; font-size: 12px; font-family: "Helvetica"; color: light-dark(#000000, #ffffff); line-height: 1.2; pointer-events: all; white-space: normal; word-wrap: normal; ">MbedTLS</div></div></div></foreignObject><text x="460" y="69" fill="light-dark(#000000, #ffffff)" font-family=""Helvetica"" font-size="12px" text-anchor="middle">MbedTLS</text></switch></g></g></g></g></g></g><switch><g requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"/><a transform="translate(0,-5)" xlink:href="https://www.drawio.com/doc/faq/svg-export-text-problems" target="_blank"><text text-anchor="middle" font-size="10px" x="50%" y="100%">Text is not SVG - cannot display</text></a></switch></svg>
\ No newline at end of file
diff --git a/docs/services/index.rst b/docs/services/index.rst
index 15e2415..0d1d30c 100644
--- a/docs/services/index.rst
+++ b/docs/services/index.rst
@@ -12,6 +12,7 @@
block-storage/block-storage-service-description
uefi-smm-services
logging-service-description
+ tpm-service-description
--------------
diff --git a/docs/services/tpm-service-description.rst b/docs/services/tpm-service-description.rst
new file mode 100644
index 0000000..faa2010
--- /dev/null
+++ b/docs/services/tpm-service-description.rst
@@ -0,0 +1,92 @@
+TPM 2.0 service
+===============
+Overview
+--------
+A TPM is a Root of Trust component that is standardized by the Trusted Computing Group in the
+`TPM specification`_. The Trusted Services project implements the following TPM-related
+components:
+
+ * TPM Service CRB Interface Over FF-A (`DEN0138`_) RPC layer,
+ * TPM CRB provider,
+ * TPM backend using `ms-tpm-20-ref`_ library.
+
+These components are integrated as a Secure Partition in the fTPM deployment, which provides
+standard TPM 2.0 functionality to clients both in Normal World and Secure World. This service is
+suitable for platforms without discrete TPM hardware, while maintaining compatibility with software
+stacks expecting a standard TPM CRB interface.
+
+Communication with the fTPM follows the DEN0138 protocol, using shared memory for the CRB registers
+and FF-A direct messaging for signaling.
+
+.. image:: image/tpm-components.svg
+
+TPM CRB over FF-A RPC endpoint
+------------------------------
+Location: ``components/rpc/tpm_crb_ffa/endpoint/sp/tpm_crb_ffa_endpoint.c``
+
+This component handles the incoming FF-A direct requests and parses them according to the DEN0138
+specification. The functions defined by this specification fall into two categories:
+
+ * Management type functions, for controlling the TPM service frontend in the SP.
+ * Start function, to signal to the TPM backend that a locality request or command available in the
+ CRB should be processed.
+
+The management type functions are handled in this component, while the start function is passed to
+the TPM CRB provider.
+
+TPM CRB provider
+----------------
+Location: ``components/service/tpm/provider/tpm_crb_provider.c``
+
+This component provides the core logic for handling TPM CRB memory-mapped register access, it
+interprets CRB register state transitions. The two main types of events to handle are:
+
+ * Locality request: a client requests or relinquishes access to a locality.
+ * Command request: a client has placed a TPM command into a locality and requires processing of
+ the command.
+
+The locality requests are handled in this components, while the command request is passed to the
+TPM backend.
+
+TPM backend
+-----------
+Location: ``components/service/tpm/backend/ms_tpm/ms_tpm_backend.c``
+
+Currently a single type of TPM backend is supported, which is based on the ms-tpm-20-ref library.
+This is responsible for:
+
+ * Initial provisioning using ``TPM_Manufacture()``.
+ * Startup and runtime initialization of the TPM.
+ * Command execution: the memory buffer from the CRB which contains the incoming command is passed
+ to the library using ``ExecuteCommand()``, writing the response back to the same memory buffer.
+
+The platform, crypto library and build system related modifications for ms-tpm-20-ref are
+implemented in patch files found at ``external/ms_tpm/*.patch``. Summary of the modifications:
+
+ * CMake support: adds a simple CMake build system to the project which can compile the necessary
+ files into a static library an install it as a CMake package.
+ * Mbed TLS support: adds support for using hash, symmetric crypto and bignum operations from Mbed
+ TLS instead of OpenSSL.
+ * Platform porting: implements a minimal necessary platform layer to satisfy the requirements of
+ ms-tpm-20-ref. This includes:
+
+ * Non-volatile storage using PSA Storage API.
+ * Get entropy using Mbed TLS.
+
+Limitations
+-----------
+
+ * Handling of Locality 4 commands is not implemented.
+ * Hardware clock usage is not implemented, a software counter is used instead that's incremented
+ on each query.
+ * Handling of early boot measurements (from BL1 and BL2) is not implemented.
+
+--------------
+
+.. _`TPM specification`: https://trustedcomputinggroup.org/resource/tpm-library-specification/
+.. _`DEN0138`: https://developer.arm.com/documentation/den0138/latest
+.. _`ms-tpm-20-ref`: https://github.com/microsoft/ms-tpm-20-ref
+
+*Copyright (c) 2025, Arm Limited and Contributors. All rights reserved.*
+
+SPDX-License-Identifier: BSD-3-Clause
