Add reference platform diagram
Extends the introduction documentation to include a diagram that
illustrates the OP-TEE based reference platform with PSA root-of-trust
and UEFI SMM services.
Signed-off-by: Julian Hall <julian.hall@arm.com>
Change-Id: Ibd557c1c6e4e92e9cabfb637a8acc8fb3a807c8d
diff --git a/docs/overview/index.rst b/docs/overview/index.rst
index 485abae..3e657ab 100644
--- a/docs/overview/index.rst
+++ b/docs/overview/index.rst
@@ -8,9 +8,9 @@
put trust in the service. Meeting those trust obligations relies on a range of hardware and firmware
implemented security measures.
-The Arm A-profile architecture, in combination with standard firmware, provides a range of isolated
-processing environments that offer hardware-backed protection against various classes of attack. Because
-of their strong security properties, these environments are suitable for running applications that have
+The Arm Application-profile (A-profile) architecture, in combination with standard firmware, provides a range
+of isolated processing environments that offer hardware-backed protection against various classes of attack.
+Because of their strong security properties, these environments are suitable for running applications that have
access to valuable assets such as keys or sensitive user data. The goal of the Trusted Services project is
to provide a framework in which security related services may be developed, tested and easily deployed to
run in any of the supported environments. A core set of trusted services are implemented to provide basic
@@ -18,9 +18,17 @@
Example isolated processing environments are:
- - **Secure partitions** - secure world VMs managed by a secure partition manager
+ - **Secure partitions** - secure world isolated environments managed by a secure partition manager
- **Trusted applications** - application environments managed by a TEE
- - **Integrated microcontroller** - a secondary MCU used as a secure enclave
+ - **VM backed container** - container runtime that uses a hypervisor to provide hardware backed container isolation
+
+The default reference system, used for test and development, uses the Secure Partition Manager configuration
+of OP-TEE to manage a set of secure partitions running at S-EL0. The secure partitions host service providers
+that implement PSA root-of-trust services. Services may be accessed using client-side C bindings that expose PSA
+Functional APIs. UEFI SMM services are provided by the SMM Gateway.
+
+.. image:: image/TsReferencePlatform.svg
+.. The image was exported from an original on Arm Confluence.
For more background on the type of problems solved by trusted services and how the project aims to
make solutions more accessible, see:
@@ -31,7 +39,9 @@
example-usage
goals
-
+The Trusted Services project includes components that may be integrated into platform firmware
+to enable A-profile platforms to meet PSA Certified security requirements. For more information, see:
+:ref:`Platform Certification`.
--------------