Add UEFI SMM service documentation
Adds developer documentation for the smm variable service
provider and the smm-gateway deployment.
Signed-off-by: Julian Hall <julian.hall@arm.com>
Change-Id: Iba3216986831afe22ce62a51a92ba53c4920f8db
diff --git a/docs/developer/service-descriptions/image/smm-gateway-layers.svg b/docs/developer/service-descriptions/image/smm-gateway-layers.svg
new file mode 100644
index 0000000..e930e6c
--- /dev/null
+++ b/docs/developer/service-descriptions/image/smm-gateway-layers.svg
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Do not edit this file with editors other than diagrams.net -->
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg xmlns="http://www.w3.org/2000/svg" style="background-color: rgb(255, 255, 255);" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="1243px" height="319px" viewBox="-0.5 -0.5 1243 319" content="<mxfile host="confluence.arm.com" modified="2021-12-15T14:28:45.848Z" agent="5.0 (X11)" etag="RyVEXBLsGt1b45TKPOvv" version="15.3.7" type="atlas"><mxAtlasLibraries/><diagram id="wNY_4wXUTk2zhrBGsPOK" name="Page-1">7VpZd9o4FP41nDPzQA9YtoFHtrRp4wmFpFleOMYWRo1tMbLCkl8/khcwkoCcBIjJNH2odbXY/u69311MCbSDxVdiTycWdqFf0iruogQ6JU3TgFZh/3HJMpFUQaOWSDyC3FS2FgzQC0yF6UbvGbkw2lhIMfYpmm4KHRyG0KEbMpsQPN9cNsb+5l2ntpfesbIWDBzbh9KyO+TSSSKtG7nV3yDyJtmdq5V0JrCzxakgmtgunudEoFsCbYIxTa6CRRv6HL0Ml2TfxZbZ1YMRGNLXbMCX92DgwoVjVMu3326Nxa8AlNNTZrb/nL5w20f8QK3SI9iBUYRCjw264QwRHAbxVPw2dJlBRPBz6EJ+l2oJtOYTROFgajt8ds6sgskmNPDT6THy/Tb2MYn3gq7J/zF5RAl+grkZHWgdo8ZmfHsE/R6OEEU4ZHMOewbIFrVmkFDENHUlLKCY39P2kadc3kwnRphSHPBHwiHN3bgS/60eKdM6YBIZ8gw/djZc5ESpCr5CHEBKlmxJOls2MtNJPaKsp+P52ry0bM0kZ1ogsyw7NWlvdfha6+wiVbzaCObN25vpyyj48eg+jsOLZvQIaFmXjCAKgqFnUzi3+aMPeifSeUtLof9kOq9q+3WuH03nL4/ez6sZMhrgx8U0+P6z3QhnZU3Seb/HTqq0bd9n0Gmmzx6hNeJXHr/6y7KG7WvLuv3nst286f69wyIq+y3iII4ENkGtK/yoqsDUPBakQILUYvxpewmDXtlLJa4XF80CgllVsdKx0OxY5rwf3nlRff777sGbWfWX7lYD7YbuFCMehopvoqtkYLuJVhunBPWcTVQEU2Wip0WzJqEpoQRDt8mzUB6UfJtlU04cZGxCZXEOLwYTWd6n2MaDBz74YmTDziI/2VlmowWi99kZ7Dq3i43Wm/gg27NVNxF+Jg7cH0PY23iQ7ndl6Gap9hZN5xSpCoaZjEDfpmi2maCrlJveoZfQxcqQ9MamIWk1wUCSF0+35TNq6SRdOEkTTkqgkU6KrW314m83wLrszhaP4WsSlAySeRvdtLW9SVOAXJdvbxEYoRd7FB/FLSfm4fhNjVbJ6GR5W8t2nryYHnIZ1jj+U5rbTt8S+WFV6aXPUcoXU0reqHzR9NpBLKdqbmi7XBW0jcfjCL5X0coMXS7TDsY0J2UMUCwm0MSQYjbYq7+NC6TwJLLK4bhAaSJyvsTCNhPkAnzxqWCn8f/vqOB6bBGrg5cAhNMHs69PrfpAQQUDSGaIuR0j/rR3855UTSjWmaY0x1EV6645Mg3zSPWHdsLyQwmz7E68JzKzCYqtjeG7Qn1K8Ay5PHM+P9xF1lLgrp8Ud7lCKXyk2+WmhYl05qaejbemvKLBiAcdLsopYZVblQNW9f9q9i+bravusNe/vrluX1+dQ6zbaf5FinVa7QSxDv/bb5Dho/a9v7hpTX4PW8OnjiLW7WlSspSHrfj4ZoXY8D1l40eJpBzOzqbxI2J50r6PEkzF9xLoPJM4K6CY8C+Kfz6avFftuhCxlN/JgELtB/lmotS7sYWOtrekEz76cBfS6wWjI/N86UjE8uPpSG5DK+joU5QrIvaKauW00GepUEHKlbd+NtiqmnyZsyuvyH8C2OXwBSmHNOE3GO/o++m1vUcdriRS26CcJZ9h52+3exWpHDpJ608Nh5zFfyq2KQg7gKrg0pW3s4OYLMhHHZsd5IbalqT0bEgh84I/pBDDIVejn4oU9nZaX5uC1IpFMkIKAhqCxbyWYgxtz0HHJhi5Ku4NePoxyIqQQVaEnCvhZB722QmHDdc/R0+Wr3/VD7r/AQ==</diagram></mxfile>"><defs/><g><rect x="1" y="17" width="250" height="300" rx="37.5" ry="37.5" fill="#e6e6e6" stroke="#432d57" stroke-width="3" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-end; justify-content: unsafe center; width: 248px; height: 1px; padding-top: 14px; margin-left: 2px;"><div style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Client Processing Environment</div></div></div></foreignObject><text x="126" y="14" fill="#000000" font-family="Helvetica" font-size="12px" text-anchor="middle">Client Processing Environment</text></switch></g><rect x="431" y="17" width="450" height="300" rx="45" ry="45" fill="#e6e6e6" stroke="#b20000" stroke-width="3" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-end; justify-content: unsafe center; width: 448px; height: 1px; padding-top: 14px; margin-left: 432px;"><div style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">smm_gateway SP</div></div></div></foreignObject><text x="656" y="14" fill="#000000" font-family="Helvetica" font-size="12px" text-anchor="middle">smm_gateway SP</text></switch></g><rect x="21" y="137" width="210" height="60" fill="#ffffff" stroke="#000000" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 208px; height: 1px; padding-top: 167px; margin-left: 22px;"><div style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">RPC Caller<br />(MM_COMMUNICATE)</div></div></div></foreignObject><text x="126" y="171" fill="#000000" font-family="Helvetica" font-size="12px" text-anchor="middle">RPC Caller...</text></switch></g><rect x="21" y="197" width="210" height="60" fill="#ffffff" stroke="#000000" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 208px; height: 1px; padding-top: 227px; margin-left: 22px;"><div style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Messaging Layer<br />(FFA)</div></div></div></foreignObject><text x="126" y="231" fill="#000000" font-family="Helvetica" font-size="12px" text-anchor="middle">Messaging Layer...</text></switch></g><rect x="451" y="137" width="190" height="60" fill="#ffffff" stroke="#000000" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 188px; height: 1px; padding-top: 167px; margin-left: 452px;"><div style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">RPC Endpoint<br />(MM_COMMUNICATE)</div></div></div></foreignObject><text x="546" y="171" fill="#000000" font-family="Helvetica" font-size="12px" text-anchor="middle">RPC Endpoint...</text></switch></g><rect x="451" y="197" width="190" height="60" fill="#ffffff" stroke="#000000" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 188px; height: 1px; padding-top: 227px; margin-left: 452px;"><div style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Messaging Layer<br />(FFA)</div></div></div></foreignObject><text x="546" y="231" fill="#000000" font-family="Helvetica" font-size="12px" text-anchor="middle">Messaging Layer...</text></switch></g><path d="M 237.37 167 L 444.63 167" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 232.12 167 L 239.12 163.5 L 237.37 167 L 239.12 170.5 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><path d="M 449.88 167 L 442.88 170.5 L 444.63 167 L 442.88 163.5 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 158px; margin-left: 331px;"><div style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; background-color: rgb(255, 255, 255); white-space: nowrap;">MM COMMUNICATE</div></div></div></foreignObject><text x="331" y="161" fill="#000000" font-family="Helvetica" font-size="12px" text-anchor="middle">MM COMMUNICATE</text></switch></g><path d="M 237.37 227 L 444.63 227" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 232.12 227 L 239.12 223.5 L 237.37 227 L 239.12 230.5 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><path d="M 449.88 227 L 442.88 230.5 L 444.63 227 L 442.88 223.5 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 218px; margin-left: 331px;"><div style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; background-color: rgb(255, 255, 255); white-space: nowrap;">FFA Messaging</div></div></div></foreignObject><text x="331" y="221" fill="#000000" font-family="Helvetica" font-size="12px" text-anchor="middle">FFA Messaging</text></switch></g><rect x="21" y="77" width="210" height="60" fill="#fff2cc" stroke="#d6b656" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 208px; height: 1px; padding-top: 107px; margin-left: 22px;"><div style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Service Client</div></div></div></foreignObject><text x="126" y="111" fill="#000000" font-family="Helvetica" font-size="12px" text-anchor="middle">Service Client</text></switch></g><rect x="451" y="77" width="410" height="60" fill="#fff2cc" stroke="#d6b656" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 408px; height: 1px; padding-top: 107px; margin-left: 452px;"><div style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">smm_variable service provider</div></div></div></foreignObject><text x="656" y="111" fill="#000000" font-family="Helvetica" font-size="12px" text-anchor="middle">smm_variable service provider</text></switch></g><path d="M 237.37 107 L 444.63 107" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 232.12 107 L 239.12 103.5 L 237.37 107 L 239.12 110.5 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><path d="M 449.88 107 L 442.88 110.5 L 444.63 107 L 442.88 103.5 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 98px; margin-left: 342px;"><div style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; background-color: rgb(255, 255, 255); white-space: nowrap;">SMM_VARIABLE_PROTOCOL</div></div></div></foreignObject><text x="342" y="101" fill="#000000" font-family="Helvetica" font-size="12px" text-anchor="middle">SMM_VARIABLE_PROTOCOL</text></switch></g><rect x="671" y="137" width="190" height="60" fill="#ffffff" stroke="#000000" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 188px; height: 1px; padding-top: 167px; margin-left: 672px;"><div style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">RPC Caller<br />(FFARPC)</div></div></div></foreignObject><text x="766" y="171" fill="#000000" font-family="Helvetica" font-size="12px" text-anchor="middle">RPC Caller...</text></switch></g><rect x="671" y="197" width="190" height="60" fill="#ffffff" stroke="#000000" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 188px; height: 1px; padding-top: 227px; margin-left: 672px;"><div style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Messaging Layer<br />(FFA)</div></div></div></foreignObject><text x="766" y="231" fill="#000000" font-family="Helvetica" font-size="12px" text-anchor="middle">Messaging Layer...</text></switch></g><rect x="1011" y="17" width="230" height="300" rx="34.5" ry="34.5" fill="#e6e6e6" stroke="#b20000" stroke-width="3" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe flex-end; justify-content: unsafe center; width: 228px; height: 1px; padding-top: 14px; margin-left: 1012px;"><div style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">secure storage SP</div></div></div></foreignObject><text x="1126" y="14" fill="#000000" font-family="Helvetica" font-size="12px" text-anchor="middle">secure storage SP</text></switch></g><rect x="1031" y="137" width="190" height="60" fill="#ffffff" stroke="#000000" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 188px; height: 1px; padding-top: 167px; margin-left: 1032px;"><div style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">RPC Endpoint<br />FFARPC</div></div></div></foreignObject><text x="1126" y="171" fill="#000000" font-family="Helvetica" font-size="12px" text-anchor="middle">RPC Endpoint...</text></switch></g><rect x="1031" y="197" width="190" height="60" fill="#ffffff" stroke="#000000" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 188px; height: 1px; padding-top: 227px; margin-left: 1032px;"><div style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Messaging Layer<br />(FFA)</div></div></div></foreignObject><text x="1126" y="231" fill="#000000" font-family="Helvetica" font-size="12px" text-anchor="middle">Messaging Layer...</text></switch></g><rect x="1031" y="77" width="190" height="60" fill="#fff2cc" stroke="#d6b656" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 188px; height: 1px; padding-top: 107px; margin-left: 1032px;"><div style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">secure storage service provider</div></div></div></foreignObject><text x="1126" y="111" fill="#000000" font-family="Helvetica" font-size="12px" text-anchor="middle">secure storage service provider</text></switch></g><path d="M 867.37 227 L 1024.63 227" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 862.12 227 L 869.12 223.5 L 867.37 227 L 869.12 230.5 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><path d="M 1029.88 227 L 1022.88 230.5 L 1024.63 227 L 1022.88 223.5 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 218px; margin-left: 942px;"><div style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; background-color: rgb(255, 255, 255); white-space: nowrap;">FFA Messaging</div></div></div></foreignObject><text x="942" y="221" fill="#000000" font-family="Helvetica" font-size="12px" text-anchor="middle">FFA Messaging</text></switch></g><path d="M 867.37 166.5 L 1024.63 166.5" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 862.12 166.5 L 869.12 163 L 867.37 166.5 L 869.12 170 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><path d="M 1029.88 166.5 L 1022.88 170 L 1024.63 166.5 L 1022.88 163 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 157px; margin-left: 942px;"><div style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; background-color: rgb(255, 255, 255); white-space: nowrap;">FFARPC</div></div></div></foreignObject><text x="942" y="161" fill="#000000" font-family="Helvetica" font-size="12px" text-anchor="middle">FFARPC</text></switch></g><path d="M 867.37 107 L 1024.63 107" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 862.12 107 L 869.12 103.5 L 867.37 107 L 869.12 110.5 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><path d="M 1029.88 107 L 1022.88 110.5 L 1024.63 107 L 1022.88 103.5 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 1px; height: 1px; padding-top: 98px; margin-left: 942px;"><div style="box-sizing: border-box; font-size: 0px; text-align: center;"><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; background-color: rgb(255, 255, 255); white-space: nowrap;">PSA Secure Storage</div></div></div></foreignObject><text x="942" y="101" fill="#000000" font-family="Helvetica" font-size="12px" text-anchor="middle">PSA Secure Storage</text></switch></g></g><switch><g requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"/><a transform="translate(0,-5)" xlink:href="https://www.diagrams.net/doc/faq/svg-export-text-problems" target="_blank"><text text-anchor="middle" font-size="10px" x="50%" y="100%">Viewer does not support full SVG 1.1</text></a></switch></svg>
\ No newline at end of file
diff --git a/docs/developer/service-descriptions/index.rst b/docs/developer/service-descriptions/index.rst
index 5962e37..6574a3e 100644
--- a/docs/developer/service-descriptions/index.rst
+++ b/docs/developer/service-descriptions/index.rst
@@ -8,9 +8,10 @@
attest-service-description
crypto-service-description
secure-storage-service-description
+ uefi-smm-services
--------------
-*Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.*
+*Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved.*
SPDX-License-Identifier: BSD-3-Clause
diff --git a/docs/developer/service-descriptions/uefi-smm-services.rst b/docs/developer/service-descriptions/uefi-smm-services.rst
new file mode 100644
index 0000000..3795063
--- /dev/null
+++ b/docs/developer/service-descriptions/uefi-smm-services.rst
@@ -0,0 +1,243 @@
+UEFI SMM Services
+=================
+The Trusted Services project provides support for UEFI System Management Mode (SMM) services via the
+SMM Gateway secure partition. The SMM Gateway adopts the API Gateway design pattern, popular in
+microservices architecture. The pattern decouples clients from backend service providers using an
+API gateway that presents a domain specific interface to clients while delegating operations to a
+set of backend microservices. An API gateway will typically use multiple backend services and may
+perform protocol translation while presenting a single service entry point for clients. The SMM
+Gateway works in a similar manner - clients access SMM services using standard SMM protocol messages,
+carried by an RPC mechanism. Service requests are forwarded by the SMM Gateway to backend service
+providers for operations such as secure persistent storage and signature verification.
+
+SMM Gateway is intended to be used on non-EDK2 platforms as an alternative to the EDK2 StandaloneMM
+(StMM) component. The current SMM Gateway version only supports the SMM Variable service. Additional
+SMM service providers may be added to SMM Gateway if required. By deliberately limiting functionality
+and exploiting backend services, the SMM Gateway SP can be significantly lighter-weight than StMM.
+This option is intended to be used on more resource constrained devices that tend to use u-boot.
+There is of course the possibility that other SMM services will need to be supported in the future.
+In such cases, a judgement should be made as to whether StMM should be used rather than extending the SP.
+
+.. uml:: uml/SmmGatewayOverview.puml
+
+SMM Variable Service
+--------------------
+Overview
+''''''''
+UEFI Variable support is provided by the *smm_variable* service provider component. This service provider
+is structured in the same way as other service providers within the TS project. Features of this
+component are:
+
+ * Source file location: ``components/service/smm_variable``
+ * Public interface definitions: ``protocols/service/smm_variable``
+ * Can be used with any RPC layer - not tied to MM Communicate RPC.
+ * Volatile and non-volatile storage is accessed via instances of the common *storage_backend* interface.
+
+The *smm-gateway/opteesp* deployment integrates the *smm_variable* service provider with the following:
+
+ * An MM Communicate based RPC endpoint.
+ * A *mock_store* instance for volatile variables.
+ * A *secure_storage_client* for non-volatile variables.
+
+During SP initialization, the *smm-gateway* uses pre-configured information to discover a backend secure
+storage SP for NV storage.
+
+The following diagram illustrates how the *smm_variable* service provider is integrated into the *smm-gateway*.
+
+.. image:: image/smm-gateway-layers.svg
+
+Because the *smm_variable* service provider is independent of any particular environment, alternative deployments
+are possible e.g.
+
+ * *smm_variable* service provider running within a GP TA with storage off-loaded to the GP TEE Internal API.
+ * *smm_variable* service provider running within a secure enclave with its own internal flash storage.
+
+Supported Functions
+'''''''''''''''''''
+The *smm_variable* service provider supports the following functions:
+
+.. list-table::
+ :header-rows: 1
+
+ * - SMM Variable Function
+ - Purpose
+ - Backend service interaction
+ * - SMM_VARIABLE_FUNCTION_GET_VARIABLE
+ - Get variable data identified by GUID/name.
+ - Query index and get object from appropriate storage backend.
+ * - SMM_VARIABLE_FUNCTION_GET_NEXT_VARIABLE_NAME
+ - Called multiple times to enumerate stored variables.
+ - Find variable in index and return next.
+ * - SMM_VARIABLE_FUNCTION_SET_VARIABLE
+ - Adds a new variable or updates an existing one.
+ - | Sets object in storage backend and if necessary, updates index
+ | and syncs to storage.
+ * - SMM_VARIABLE_FUNCTION_QUERY_VARIABLE_INFO
+ - Returns information about the variable store.
+ - Iterates over stored variables to determine space used.
+ * - SMM_VARIABLE_FUNCTION_EXIT_BOOT_SERVICE
+ - Called by OS when boot phase is complete.
+ - | Updates view of runtime state held by smm_variable service provider.
+ | State variable used when implementing state dependent access control.
+ * - SMM_VARIABLE_FUNCTION_VAR_CHECK_VARIABLE_PROPERTY_SET
+ - | Set constraints that are checked on the SetVariable operation.
+ | Allows a platform to set check policy.
+ - | Variable index holds variable check constraints object for each variable.
+ | This is updated by this function.
+ * - SMM_VARIABLE_FUNCTION_VAR_CHECK_VARIABLE_PROPERTY_GET
+ - Get the variable check constraints.
+ - Reads the variable check constraints object.
+ * - SMM_VARIABLE_FUNCTION_GET_PAYLOAD_SIZE
+ - | Returns the maximum variable data size, excluding any
+ | auth header.
+ - | Considers size constraints imposed by backend stores and RPC response
+ | payload constraints.
+
+Supported Variable Attributes
+'''''''''''''''''''''''''''''
+The following variable attributes are supported:
+
+.. list-table::
+ :widths: 3 1 3
+ :header-rows: 1
+
+ * - SMM Variable Attribute
+ - Support
+ - Comment
+ * - EFI_VARIABLE_NON_VOLATILE
+ - yes
+ - Determines which storage backend is used.
+ * - EFI_VARIABLE_BOOTSERVICE_ACCESS
+ - yes
+ - Boot service access controlled by smm_variable service provider.
+ * - EFI_VARIABLE_RUNTIME_ACCESS
+ - yes
+ - Runtime access controlled by smm_variable service provider.
+ * - EFI_VARIABLE_HARDWARE_ERROR_RECORD
+ - no
+ -
+ * - EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS
+ - no
+ -
+ * - EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS
+ - not yet
+ - Will be needed for secure boot support
+ * - EFI_VARIABLE_APPEND_WRITE
+ - yes
+ - Implemented by overwriting entire variable data.
+
+SMM Variable Tests
+''''''''''''''''''
+The following test components exist for the SMM Variable service:
+
+.. list-table::
+ :header-rows: 1
+
+ * - Test Component
+ - Description
+ - Included in deployments
+ * - ``component/service/smm_variable/backend/test``
+ - | Component tests for the variable_index and variable_store backend
+ | components. Can be run in a native PC environment.
+ - ``deployments/component-test/*``
+ * - ``component/service/smm_variable/test/service``
+ - | End-to-end service level tests that call service operations from
+ | the perspective of a client. Can be run in a native PC environment
+ | or on the Arm target platform.
+ - | ``deployments/ts-service-test/linux-pc``
+ | ``deployments/uefi-test/arm-linux``
+
+SMM Gateway Build Configuration
+-------------------------------
+The smm-gateway SP image may be built using the default configuration parameters defined
+within relevant source files. In practice, it is likely that at least some configuration
+values will need to be overridden. The following table lists build-time configuration
+parameters that may be overridden by global C pre-processor defines.
+
+.. list-table::
+ :widths: 2 2 2 1
+ :header-rows: 1
+
+ * - Config define
+ - Usage
+ - File
+ - Default value
+ * - SMM_GATEWAY_MAX_UEFI_VARIABLES
+ - Maximum number of variables
+ - ``deployments/smm-gateway/smm_gateway.c``
+ - 40
+ * - SMM_GATEWAY_NV_STORE_SN
+ - The service ID for the backend NV variable store
+ - ``deployments/smm-gateway/smm_gateway.c``
+ - Protected Storage SP
+
+MM Communicate RPC Layer
+------------------------
+To maintain compatibility with existing SMM service clients, an MM Communicate based RPC
+layer has been developed that uses the same 'carveout' buffer scheme as StMM. When SMM
+Gateway is used instead of StMM, existing SMM variable clients should interoperate seamlessly.
+The MM Communicate RPC components implement the standard TS RPC interfaces and can be used as
+a general purpose RPC for calls from normal world to secure world. The following MM Communicate
+RPC components have been added:
+
+ * ``components/rpc/mm_communicate/endpoint/sp`` - an RPC endpoint that handles FFA direct
+ calls with MM Communicate and SMM message carried in a shared 'carveout' buffer. Call requests
+ are demultiplexed to the appropriate service interface based on the service GUID carried in
+ the MM Communicate header. Suitable for use in SP deployments.
+ * ``components/rpc/mm_communicate/caller/linux`` - an RPC caller that calls service operations
+ associated with the destination service interface from Linux user-space. Uses the MM Communicate
+ protocol, sent over FFA using the Debug FFA kernel driver. Service level tests that run against
+ the SMM Gateway use this RPC caller for invoking SMM service operations.
+
+The following register mapping is assumed for FFA based direct calls to an SP that handles the MM
+Communicate RPC protocol:
+
+.. list-table::
+ :widths: 1 2 2 2
+ :header-rows: 1
+
+ * - Registers
+ - FF-A layer
+ - MM_COMMUNICATE Request
+ - MM_COMMUNICATE Response
+ * - W0
+ - Function ID
+ - | FFA_MSG_SEND_DIRECT_REQ
+ | (0x8400006F/0xC400006F)
+ - | FFA_MSG_SEND_DIRECT_RESP
+ | (0x84000070/0xC4000070)
+ * - W1
+ - Source/Destination ID
+ - Source/Destination ID
+ - Source/Destination ID
+ * - W2/X2
+ - Reserved
+ - 0x00000000
+ - 0x00000000
+ * - W3/X3
+ - Parameter[0]
+ - Address of the MM communication buffer
+ - | ARM_SVC_ID_SP_EVENT_COMPLETE
+ | (0x84000061/0xC4000061)
+ * - W4/X4
+ - Parameter[1]
+ - Size of the MM communication buffer
+ - SUCCESS/[error code]
+ * - W5/X5
+ - Parameter[2]
+ - 0x00000000
+ - 0x00000000
+ * - W6/X6
+ - Parameter[3]
+ - 0x00000000
+ - 0x00000000
+ * - W7/X7
+ - Parameter[4]
+ - 0x00000000
+ - 0x00000000
+
+--------------
+
+*Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.*
+
+SPDX-License-Identifier: BSD-3-Clause
diff --git a/docs/developer/service-descriptions/uml/SmmGatewayOverview.puml b/docs/developer/service-descriptions/uml/SmmGatewayOverview.puml
new file mode 100644
index 0000000..f53d2a4
--- /dev/null
+++ b/docs/developer/service-descriptions/uml/SmmGatewayOverview.puml
@@ -0,0 +1,14 @@
+'-------------------------------------------------------------------------------
+' Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.
+'
+' SPDX-License-Identifier: BSD-3-Clause
+'
+'-------------------------------------------------------------------------------
+
+@startuml
+
+[u-boot efi services] -down- [smm gateway]
+[smm gateway] -down- [secure storage service]
+[smm gateway] -down- [crypto service]
+
+@enduml
