docs/project/glossary.rst - TS/trusted-services - TrustedFirmware Git Browser

 Glossary
 ========

 This glossary provides definitions for terms and abbreviations used in the Trusted Services documentation.

 You can find additional definitions in the `Arm Glossary`_.

 .. glossary::
     :sorted:

     TF-A
         Trusted Firmware-A

     TS
         Trusted Services

     C identifier like string
         A name which uses only alphanumeric characters and underscores and the first character is not a digit.

     LCS
         `Linux Coding Style`_

     ACLE
         `Arm C language extensions`_

     PSA
         `Platforn Security Arhitecture`_

     FF-A
         `Firmware Framework for A`_

     Normal World
         The rich execution environment running the "business logic" of the device. NWd is separated by hardware
         technology (e.g. see :term:`TrustZone`) from components which are managing sensitive information. See
         :term:`Secure World`.

     NWd
         See :term:`Normal World`.

     Secure World
         Hardware isolated execution environment executing specially crafted software managing sensitive data. On Arm
         devices :term:`TrustZone` technology can be used to implement the needed isolation.

     SWd
         See :term:`Secure World`.

     TEE
         Trusted Execution Environment. An SPE implemented using TrustZone.

     TrustZone
         Hardware assisted isolation technology built into arm CPUs. See `TrustZone for Cortex-A`_.

     SPE
         See :term:`Secure Processing Environment`.

     Secure Processing Environment
         An isolated environment to execute software images backed by a specific set of hardware and arm architecture
         features. The aim of isolation is to protect sensitive workloads and their assets.

     SP
         see :term:`Secure Partition`

     Secure Partition
         Secure Partition is a compartment to execute a software image isolated from other images. Isolation can be logical
         or physical based on if physical address range isolation is involved or not. See :term:`Physical SP` and :term:`Logical SP`.

         An SP may host a single or multiple services.

     Physical SP
         A Secure Partition which executes a software image in and isolated physical address space.

     Logical SP
         A Secure Partition which executes a software image isolated buy without physical address space isolation.

     SPM
         See :term:`Secure Partition Manager`.

     Secure Partition Manager
         A component responsible for creating and managing the physical isolation boundary of an :term:`SP` in the SWd. It
         is built from two sub-components the :term:`Secure Partition Manager Dispatcher` and the
         :term:`Secure Partition Manager Core`.

     Secure Partition Manager Dispatcher
         The SPM component responsible for SPMC initialization boot-time, and forwarding FF-A calls run-time between SPs
         and between SPs and the SPMC.

     Secure Partition Manager Core
         A component responsible for SP initialization and isolation at boot-time, inter partition isolation at run-time,
         inter-partition communication at run-time.

     Secure Enclave
         An isolated hardware subsystem focusing on security related operations. The subsystem may include hardware
         peripherals and one or more processing elements. As an example see the `Arm SSE-700`_ subsystem.

 --------------

 .. _`Arm Glossary`: https://developer.arm.com/documentation/aeg0014
 .. _`Linux Coding Style`: https://www.kernel.org/doc/html/v4.10/process/coding-style.html
 .. _`Arm C language extensions`: https://developer.arm.com/documentation/101028/0012/?lang=en
 .. _`Platforn Security Arhitecture`:  https://developer.arm.com/architectures/security-architectures/platform-security-architecture
 .. _`Firmware Framework for A`: https://developer.arm.com/docs/den0077/latest
 .. _`TrustZone for Cortex-A`: https://www.arm.com/technologies/trustzone-for-cortex-a
 .. _`Arm SSE-700`: https://developer.arm.com/documentation/101418/0100/Overview/About-SSE-700

 *Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved.*

 SPDX-License-Identifier: BSD-3-Clause
	Glossary
	========

	This glossary provides definitions for terms and abbreviations used in the Trusted Services documentation.

	You can find additional definitions in the `Arm Glossary`_.

	.. glossary::
	:sorted:

	TF-A
	Trusted Firmware-A

	TS
	Trusted Services

	C identifier like string
	A name which uses only alphanumeric characters and underscores and the first character is not a digit.

	LCS
	`Linux Coding Style`_

	ACLE
	`Arm C language extensions`_

	PSA
	`Platforn Security Arhitecture`_

	FF-A
	`Firmware Framework for A`_

	Normal World
	The rich execution environment running the "business logic" of the device. NWd is separated by hardware
	technology (e.g. see :term:`TrustZone`) from components which are managing sensitive information. See
	:term:`Secure World`.

	NWd
	See :term:`Normal World`.

	Secure World
	Hardware isolated execution environment executing specially crafted software managing sensitive data. On Arm
	devices :term:`TrustZone` technology can be used to implement the needed isolation.

	SWd
	See :term:`Secure World`.

	TEE
	Trusted Execution Environment. An SPE implemented using TrustZone.

	TrustZone
	Hardware assisted isolation technology built into arm CPUs. See `TrustZone for Cortex-A`_.

	SPE
	See :term:`Secure Processing Environment`.

	Secure Processing Environment
	An isolated environment to execute software images backed by a specific set of hardware and arm architecture
	features. The aim of isolation is to protect sensitive workloads and their assets.

	SP
	see :term:`Secure Partition`

	Secure Partition
	Secure Partition is a compartment to execute a software image isolated from other images. Isolation can be logical
	or physical based on if physical address range isolation is involved or not. See :term:`Physical SP` and :term:`Logical SP`.

	An SP may host a single or multiple services.

	Physical SP
	A Secure Partition which executes a software image in and isolated physical address space.

	Logical SP
	A Secure Partition which executes a software image isolated buy without physical address space isolation.

	SPM
	See :term:`Secure Partition Manager`.

	Secure Partition Manager
	A component responsible for creating and managing the physical isolation boundary of an :term:`SP` in the SWd. It
	is built from two sub-components the :term:`Secure Partition Manager Dispatcher` and the
	:term:`Secure Partition Manager Core`.

	Secure Partition Manager Dispatcher
	The SPM component responsible for SPMC initialization boot-time, and forwarding FF-A calls run-time between SPs
	and between SPs and the SPMC.

	Secure Partition Manager Core
	A component responsible for SP initialization and isolation at boot-time, inter partition isolation at run-time,
	inter-partition communication at run-time.

	Secure Enclave
	An isolated hardware subsystem focusing on security related operations. The subsystem may include hardware
	peripherals and one or more processing elements. As an example see the `Arm SSE-700`_ subsystem.

	--------------

	.. _`Arm Glossary`: https://developer.arm.com/documentation/aeg0014
	.. _`Linux Coding Style`: https://www.kernel.org/doc/html/v4.10/process/coding-style.html
	.. _`Arm C language extensions`: https://developer.arm.com/documentation/101028/0012/?lang=en
	.. _`Platforn Security Arhitecture`: https://developer.arm.com/architectures/security-architectures/platform-security-architecture
	.. _`Firmware Framework for A`: https://developer.arm.com/docs/den0077/latest
	.. _`TrustZone for Cortex-A`: https://www.arm.com/technologies/trustzone-for-cortex-a
	.. _`Arm SSE-700`: https://developer.arm.com/documentation/101418/0100/Overview/About-SSE-700

	Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved.

	SPDX-License-Identifier: BSD-3-Clause