Document block store encryption
Change-Id: Id86c5a62d812b8089d6b80720a8c36424b72ba94
Signed-off-by: Gabor Toth <gabor.toth2@arm.com>
diff --git a/docs/project/change-log.rst b/docs/project/change-log.rst
index a38d707..18dde95 100644
--- a/docs/project/change-log.rst
+++ b/docs/project/change-log.rst
@@ -83,7 +83,7 @@
Feature Highlights
^^^^^^^^^^^^^^^^^^
-- Introduce the :doc:`Block Storage Service </services/block-storage-service-description>`. The Block Storage service
+- Introduce the :doc:`Block Storage Service </services/block-storage/block-storage-service-description>`. The Block Storage service
can be used to share a block-oriented storage device such as a QSPI flash between a set of independent secure world
clients.
diff --git a/docs/services/block-storage-service-description.rst b/docs/services/block-storage/block-storage-service-description.rst
similarity index 69%
rename from docs/services/block-storage-service-description.rst
rename to docs/services/block-storage/block-storage-service-description.rst
index a29f057..7dbb8e8 100644
--- a/docs/services/block-storage-service-description.rst
+++ b/docs/services/block-storage/block-storage-service-description.rst
@@ -5,13 +5,9 @@
The Block Storage service can be used to share a block-oriented storage device
such as a QSPI flash between a set of independent secure world clients. A block
storage service provider presents a block level interface for accessing an
-underlying block storage device. To allow multiple higher layer filesystems to
-share the same storage device, logical block addresses are partitioned, based on
-configuration data provided by a system integrator. The partition configuration
-data may be read from a GUID Partition Table (GPT) or from the block storage SP
-manifest. The configuration data restricts access to a storage partition to a
-defined owner. Each owner is allocated a maximum number of blocks and is given
-exclusive access to its own blocks, based on the client ID of the calling client.
+underlying block storage device. The basic storage functionality provided by a
+device can be extended by Stacked Block Stores, which add extra features, like
+encryption or partitioning on top of a device.
The following diagram illustrates a firmware integration that uses a single block
storage service provider to control access to a dedicated flash device. In this
@@ -19,7 +15,7 @@
the service. Each client independently manages its own filesystem and is presented
with its own logical partition, starting with a logical block address (LBA) of zero.
-.. image:: image/block-storage-example-usage.svg
+.. image:: ../image/block-storage-example-usage.svg
Project Directories
-------------------
@@ -33,12 +29,47 @@
- Contains
* - ``components/service/block_storage``
- Service specific code components.
+ * - ``components/service/block_storage/block_store``
+ - Client, devices, stacked block stores.
* - ``deployments/block-storage``
- Build files and deployment specific code for building alternative configurations
of the block storage service provider.
* - ``protocols/service/block_storage``
- Service access protocol definitions.
+Design Description
+------------------
+The block storage service provider conforms to the same model as other service providers
+within the TS project. Service requests from clients are received by a service provider
+that is responsible for parameter deserialization/serialization and service level access
+control. Block storage operations are delegated to a backend *block_store* that provides
+block-level storage in some way. There is much flexibility to realize the backend block-level
+storage in different ways, allowing platform integrators to use alternative *block_store*
+realizations to provide storage solutions that meet specific product requirements.
+
+The following class diagram illustrates the block storage service provider model:
+
+.. uml:: ../uml/BlockStorageProvider.puml
+
+Block Store
+^^^^^^^^^^^
+The *block_store* component defines a virtual interface for block IO operations. Alternative
+concrete *block_store* implementations are supported. Some *block_store* components are stackable
+over other *block_store* components to add features such as store partitioning or block
+authentication. Separation of functionality into stackable *block_store* components gives
+platform integrators the flexibility to create alternative storage solutions with different
+security/cost tradeoffs. The base *block_store* interface is defined in::
+
+ components/service/block_storage/block_store/block_store.h
+
+Components that implement the *block_store* interface are located in subdirectories beneath
+``components/service/block_storage/block_store``. A *block_device* is class of *block_store*
+that actually provides block-level storage. In a stack of *block_store* components, a
+*block_device* will always live at the bottom. The following layer diagram illustrates a
+typical block storage deployment where storage is provided by a stack of *block_store* components:
+
+.. image:: ../image/block-storage-layers.svg
+
Service Interface
-----------------
The Block Storage service supports a conventional set of block-level operations that
@@ -55,7 +86,7 @@
a handle to be used as a qualifier for other requests made by a client.
* - Close
- Close a previously opened session.
- * - GetInfo
+ * - GetPartitionInfo
- Returns information about the partition associated with an open session. Includes
the block size and the total number of blocks assigned to the partition.
* - Read
@@ -65,8 +96,6 @@
* - Erase
- Erase a set of one or more blocks.
-Protocol definitions live under: ``protocols/service/block_storage``.
-
The service interface is realized by the block storage service provider. It delegates
storage operations to a backend *block_store*. The *block_store* defines a common
interface for components that realize block storage operations. Where an underlying storage
@@ -75,17 +104,47 @@
operation (if the partition is writable and the LBA falls within the limits of the
partition).
-Service Provider Configuration
-------------------------------
-A platform integrator must provide a set of configuration data to configure how the block
-storage service provider presents block storage to clients. Configuration data relates to
-the following:
+Block Store Client
+------------------
- - **Storage partition configuration** - determines how storage is divided into separate partitions
- - **Block device configuration** - determines how the backed storage device is configured
+Communicates with a remote block storage service provider to provide storage.
+
+Block Store Devices
+-------------------
+
+ - **file_block_store** - stores blocks in file accessed using the standard C file (stdio.h) API.
+ The file represents a contiguous array of storage blocks. Designed to be used in a POSIX
+ environment as a virtual storage media.
+ - **fvb_block_store** - an adapter that uses a UEFI firmware volume block driver to access
+ storage. Can be used with drivers from the EDK2 project.
+ - **mock_block_store** - mocked block store for unit testing.
+ - **null_block_store** - a store with no real storage. Always accepts legal writes and returns
+ zeros for reads.
+ - **ram_block_store** - stores blocks in RAM. Intended for test purposes.
+ - **rpmb_block_store** - it is a Replay Protected Memory Block device
+ (see `SD Association home page`_) that uses the RPMB frontend to provide RPMB based storage.
+ - **semihosting_block_store** - it is a block device that can be used on emulators
+ (FVP, qemu, etc...) or on target platforms where the debugger can provide the file-system
+ semihosting features (See `this page`_.). Semihosting allows accessing files from the host
+ environment. This block store uses a single file to represent a contiguous array of storage
+ blocks.
+
+Stacked Block Stores
+--------------------
+
+Partitioned Block Store
+^^^^^^^^^^^^^^^^^^^^^^^
+
+To allow multiple higher layer filesystems to share the same storage device,
+logical block addresses are partitioned, based on configuration data provided
+by a system integrator. The partition configuration data may be read from a
+GUID Partition Table (GPT) or from the block storage SP manifest. The
+configuration data restricts access to a storage partition to a defined owner.
+Each owner is allocated a maximum number of blocks and is given exclusive access
+to its own blocks, based on the client ID of the calling client.
Storage Partition Configuration
-^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+"""""""""""""""""""""""""""""""
The block storage service allows a block storage device to be presented as a single storage
partition or as a set of smaller storage partitions. The way that storage is presented is
determined by configuration data prepared by a platform integrator. Each storage partition
@@ -206,57 +265,47 @@
- 72 bytes
- PartitionName - Holds canonical UUID string for owner.
-Design Description
-------------------
-The block storage service provider conforms to the same model as other service providers
-within the TS project. Service requests from clients are received by a service provider
-that is responsible for parameter deserialization/serialization and service level access
-control. Block storage operations are delegated to a backend *block_store* that provides
-block-level storage in some way. There is much flexibility to realize the backend block-level
-storage in different ways, allowing platform integrators to use alternative *block_store*
-realizations to provide storage solutions that meet specific product requirements.
+Encrypted Block Store
+^^^^^^^^^^^^^^^^^^^^^
-The following class diagram illustrates the block storage service provider model:
+To provide data in rest, and data in transit protection for the stored data using encryption.
+The current implementation uses *AES-CBC with ESSIV* encryption, where the encryption key is
+derived from the Encryption Root key (ERK).
+This way a unique, deterministic, but unpredictable vector is generated for each sector, which
+mitigates IV prediction based attacks, like watermarking attack.
+To implement the algorithm two keys are derived from the root key and generated with the same
+salt value, but with different info:
-.. uml:: uml/BlockStorageProvider.puml
+ - **encryption key** - encryption and decryption of the data (AES with CBC block cipher mode)
+ - **essiv key** - generation of the IV (AES with ECB block cipher mode)
-Block Store
-^^^^^^^^^^^
-The *block_store* component defines a virtual interface for block IO operations. Alternative
-concrete *block_store* implementations are supported. Some *block_store* components are stackable
-over other *block_store* components to add features such as store partitioning or block
-authentication. Separation of functionality into stackable *block_store* components gives
-platform integrators the flexibility to create alternative storage solutions with different
-security/cost tradeoffs. The base *block_store* interface is defined in::
+Encrypted Block Store Configuration
+"""""""""""""""""""""""""""""""""""
- components/service/block_storage/block_store/block_store.h
+ - **ENCRYPTED_BLK_AES_KEY_BITS** - determines the size of the keys derived from the root key
+ supported values are 128, 192 and 256.
+ - **ENCRYPTED_BLK_BLOCK_ENCRYPTION_ROOT_KEY** - root key to be used to derive encryption
+ and ESSIV keys from.
+ - **ENCRYPTED_BLK_BLOCK_ENCRYPTION_SALT** - Salt value to make impossible for an attacker to
+ derive the same keys as the ones used for encryption without knowing this value.
-Components that implement the *block_store* interface are located in subdirectories beneath
-``components/service/block_storage/block_store``. A *block_device* is class of *block_store*
-that actually provides block-level storage. In a stack of *block_store* components, a
-*block_device* will always live at the bottom. The following layer diagram illustrates a
-typical block storage deployment where storage is provided by a stack of *block_store* components:
+Encrypted Block Store Limitations
+"""""""""""""""""""""""""""""""""
-.. image:: image/block-storage-layers.svg
-
-Some block devices supported in the TS project (located under:
-``components/service/block_storage/block_store/block_device``) are:
-
- - **ram_block_store** - stores blocks in RAM. Intended for test purposes.
- - **null_block_store** - a store with no real storage. Always accepts legal writes and returns
- zeros for reads.
- - **fvb_block_store** - an adapter that uses a UEFI firmware volume block driver to access
- storage. Can be used with drivers from the EDK2 project.
-
-Other supported block_store components:
-
- - **partitioned_block_store** - a stackable *block_store* that presents an underlying *block_store*
- as a set of configurable storage partitions.
- - **block_storage_client** - communicates with a remote block storage service provider to provide
- storage.
+ - Block size of the store must be multiple of the AES block size (16 bytes).
+ - Encryption root key is currently a configurable vector in the future it should come from a
+ secure source, like from the Crypto SP or a separate SP responsible for root key storage and
+ key derivation, but in the current implementation
+ - AES with CBC block method encrypts a whole block, where the consecutive AES blocks are
+ interconnected. A drawback of this algorithm is that partial read or write does not
+ work. To mitigate this limitation at read request the whole block is read and only partial
+ data is returned, at write request the read-modify-write methodology is used.
--------------
+.. _`SD Association home page`: https://www.sdcard.org/developers/boot-and-new-security-features/replay-protected-memory-block/
+.. _`this page`: https://developer.arm.com/documentation/dui0203/j/semihosting?lang=en
+
*Copyright (c) 2022, Arm Limited and Contributors. All rights reserved.*
SPDX-License-Identifier: BSD-3-Clause
diff --git a/docs/services/image/block-storage-example-usage.svg b/docs/services/image/block-storage-example-usage.svg
index 5da7427..beebab0 100644
--- a/docs/services/image/block-storage-example-usage.svg
+++ b/docs/services/image/block-storage-example-usage.svg
@@ -1,4 +1,4 @@
<?xml version="1.0" encoding="UTF-8"?>
-<!-- Do not edit this file with editors other than diagrams.net -->
+<!-- Do not edit this file with editors other than draw.io -->
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
-<svg xmlns="http://www.w3.org/2000/svg" style="background-color: rgb(255, 255, 255);" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="921px" height="551px" viewBox="-0.5 -0.5 921 551" content="<mxfile host="confluence.arm.com" modified="2022-08-25T16:15:08.782Z" agent="5.0 (X11)" etag="mAY4xjS1y1Ce76DsL9WA" version="20.1.4" type="atlas"><mxAtlasLibraries/><diagram id="plxMLLH-skr558P6A1ZB" name="Page-1">3VrbctowEP0aHunYFubyyDWdJkyY0k5KXjqKLWwNwmJkESBfXxnLV5lLCdSmT1hH0gqdPdr1Cmqgv9w+MLhyx9RGpGZo9rYGBjXD0DsAiI8A2YVIGzRCwGHYloMSYIo/kAQ1ia6xjfzMQE4p4XiVBS3qecjiGQwyRjfZYXNKsquuoCNX1BJgakGClGEv2Oau3IWZGv0VYceNVtY12bOE0WAJ+C606SYFgWEN9BmlPHxabvuIBORFvITzRgd64y/GkMfPmTBv7Zzxyuqw2XjDtfaH/mrCuhFaeYdkLTcsvyzfRQwwuvZsFBjRa6C3cTFH0xW0gt6N8LnAXL4ksnuOCelTQtl+LrAhas8tgfuc0QWKejzqiek9dQdyU++IcbRNQXJHD4guEWc7MUT21vWmpFfqK2J7kzgrHuKmHdWWIJQCcWLbCYfiQdJYTOmju/6tdRmZ6LPm2+IbefrOaF2/d0pblaNUVemUj8dHaNVO03oVphpZppqmypRRwFTnCkQ96QuwaDuzH5OXwSvt9Qh/9O5fe2aZ2iukVNXehFEuUo3g0NCmnLIgg5QuRbNqUgT3LkVQOSk2FEqfJ/Ufw2H56gNVU5957+pTAmG7dPk1FU57hFqLKkdBYJQtxJZC2gDZ2IJh+hgR6LsKbaJSWAWP1o5gwR8Dp8l7C5l+eosBaC2cPf/Pay7MIIn7YYWlm9diXM8y3uioOi2S6c1U2j598pFnd4PSMDmxKSbRFvNfgWK/mLI1k/oNngfbdGOXakwQw2IHiEWYJ3aTMhQ0Z9EaQSMxtW9Ftg46xadrZqHTUuOQOYifPsfIjirfAy5OedAs8GCEMUQgx+/ZernIrXKFCcViZ4mCjFykA3lphBuX09IFrmIpp0UAcpZCahRLe53FG79cep1PSu+g66viKqUybFzoqsYJOzd2VKSTlKdGo3pXIGPk+9DBnqN4TgREnnVXYe5PvyhICBLseEE4F24NwkMvCK8iBZCu7Fhi2w6WKQzy2Rx6hZBt5rgHBS8WeoGIjFtFbP2MqvV4yL52qD0ZQhvVOpdxNv3suVRDaN7rtz6Zarn9b7RwSdq/PFU3z9SZUTGd5VN16251dsb1RHkx59glaFW00Px/Yo56rzKBIkNzTD0B96k3x86awbB9oFazqbVe7n3616XaFXK6cgEDCrJ6p0ANNyvD9DNuYNQDZotyOL6SKSjK9HRsjiN1WdFZr9prwD2G58KfJdU3wp8rG3IksK6D5Jql3jTpJd54FlJW6YR2zMlVOT3Xy2c5Q6Z5pbMjmsnfBcLhyZ8uwPAP</diagram></mxfile>"><defs/><g><rect x="600" y="0" width="160" height="180" rx="24" ry="24" fill="#dae8fc" stroke="none" pointer-events="all"/><rect x="0" y="0" width="160" height="180" rx="24" ry="24" fill="#dae8fc" stroke="none" pointer-events="all"/><rect x="20" y="45" width="120" height="90" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 118px; height: 1px; padding-top: 90px; margin-left: 21px;"><div style="box-sizing: border-box; font-size: 0px; text-align: center;" data-drawio-colors="color: rgb(0, 0, 0); "><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">StMM</div></div></div></foreignObject><text x="80" y="94" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">StMM</text></switch></g><rect x="200" y="0" width="160" height="180" rx="24" ry="24" fill="#dae8fc" stroke="none" pointer-events="all"/><rect x="220" y="45" width="120" height="90" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 118px; height: 1px; padding-top: 90px; margin-left: 221px;"><div style="box-sizing: border-box; font-size: 0px; text-align: center;" data-drawio-colors="color: rgb(0, 0, 0); "><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Protected Storage</div></div></div></foreignObject><text x="280" y="94" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">Protected Storage</text></switch></g><rect x="400" y="0" width="160" height="180" rx="24" ry="24" fill="#dae8fc" stroke="none" pointer-events="all"/><rect x="420" y="45" width="120" height="90" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 118px; height: 1px; padding-top: 90px; margin-left: 421px;"><div style="box-sizing: border-box; font-size: 0px; text-align: center;" data-drawio-colors="color: rgb(0, 0, 0); "><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">OP-TEE</div></div></div></foreignObject><text x="480" y="94" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">OP-TEE</text></switch></g><rect x="200" y="260" width="160" height="180" rx="24" ry="24" fill="#dae8fc" stroke="none" pointer-events="all"/><rect x="220" y="305" width="120" height="90" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 118px; height: 1px; padding-top: 350px; margin-left: 221px;"><div style="box-sizing: border-box; font-size: 0px; text-align: center;" data-drawio-colors="color: rgb(0, 0, 0); "><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Block Storage</div></div></div></foreignObject><text x="280" y="354" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">Block Storage</text></switch></g><path d="M 250 485 C 250 476.72 263.43 470 280 470 C 287.96 470 295.59 471.58 301.21 474.39 C 306.84 477.21 310 481.02 310 485 L 310 535 C 310 543.28 296.57 550 280 550 C 263.43 550 250 543.28 250 535 Z" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/><path d="M 310 485 C 310 493.28 296.57 500 280 500 C 263.43 500 250 493.28 250 485" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 58px; height: 1px; padding-top: 523px; margin-left: 251px;"><div style="box-sizing: border-box; font-size: 0px; text-align: center;" data-drawio-colors="color: rgb(0, 0, 0); "><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Dedicated Flash</div></div></div></foreignObject><text x="280" y="526" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">Dedicated...</text></switch></g><path d="M 280 470 L 280 395" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 0 220 L 800 220" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="stroke"/><rect x="810" y="210" width="110" height="20" fill="none" stroke="none" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 108px; height: 1px; padding-top: 220px; margin-left: 811px;"><div style="box-sizing: border-box; font-size: 0px; text-align: center;" data-drawio-colors="color: rgb(0, 0, 0); "><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">FF-A Messaging</div></div></div></foreignObject><text x="865" y="224" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">FF-A Messaging</text></switch></g><path d="M 480 220 L 480 135" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 280 305 L 280 135" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 80 220 L 80 135" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 420 310 L 510 310 L 510 378 Q 487.5 356.4 465 378 Q 442.5 399.6 420 378 L 420 322 Z" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 88px; height: 1px; padding-top: 338px; margin-left: 421px;"><div style="box-sizing: border-box; font-size: 0px; text-align: center;" data-drawio-colors="color: rgb(0, 0, 0); "><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Partition Configuration</div></div></div></foreignObject><text x="465" y="342" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">Partition Confi...</text></switch></g><path d="M 340 350 L 420 350" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" stroke-dasharray="3 3" pointer-events="stroke"/><rect x="620" y="45" width="120" height="90" fill="rgb(255, 255, 255)" stroke="rgb(0, 0, 0)" pointer-events="all"/><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 118px; height: 1px; padding-top: 90px; margin-left: 621px;"><div style="box-sizing: border-box; font-size: 0px; text-align: center;" data-drawio-colors="color: rgb(0, 0, 0); "><div style="display: inline-block; font-size: 12px; font-family: Helvetica; color: rgb(0, 0, 0); line-height: 1.2; pointer-events: all; white-space: normal; overflow-wrap: normal;">Update Agent</div></div></div></foreignObject><text x="680" y="94" fill="rgb(0, 0, 0)" font-family="Helvetica" font-size="12px" text-anchor="middle">Update Agent</text></switch></g><path d="M 680 220 L 680 135" fill="none" stroke="rgb(0, 0, 0)" stroke-miterlimit="10" pointer-events="stroke"/></g><switch><g requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"/><a transform="translate(0,-5)" xlink:href="https://www.diagrams.net/doc/faq/svg-export-text-problems" target="_blank"><text text-anchor="middle" font-size="10px" x="50%" y="100%">Text is not SVG - cannot display</text></a></switch></svg>
\ No newline at end of file
+<svg xmlns="http://www.w3.org/2000/svg" style="background: transparent; background-color: transparent; color-scheme: light dark;" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="921px" height="531px" viewBox="-0.5 -0.5 921 531" content="<mxfile host="app.diagrams.net" agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36" version="26.0.14"> <diagram name="Page-1" id="DQ98of8pp7M35S4G1Lo6"> <mxGraphModel dx="1853" dy="603" grid="1" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="1" pageScale="1" pageWidth="827" pageHeight="1169" math="0" shadow="0"> <root> <mxCell id="0" /> <mxCell id="1" parent="0" /> <mxCell id="8d1qzFLiU4dvMAKzdGGc-1" value="" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=none;" vertex="1" parent="1"> <mxGeometry x="-160" y="20" width="160" height="180" as="geometry" /> </mxCell> <mxCell id="8d1qzFLiU4dvMAKzdGGc-2" value="" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=none;" vertex="1" parent="1"> <mxGeometry x="-760" y="20" width="160" height="180" as="geometry" /> </mxCell> <mxCell id="8d1qzFLiU4dvMAKzdGGc-3" value="StMM" style="rounded=0;whiteSpace=wrap;html=1;" vertex="1" parent="1"> <mxGeometry x="-740" y="65" width="120" height="90" as="geometry" /> </mxCell> <mxCell id="8d1qzFLiU4dvMAKzdGGc-4" value="" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=none;" vertex="1" parent="1"> <mxGeometry x="-560" y="20" width="160" height="180" as="geometry" /> </mxCell> <mxCell id="8d1qzFLiU4dvMAKzdGGc-5" value="Protected Storage" style="rounded=0;whiteSpace=wrap;html=1;" vertex="1" parent="1"> <mxGeometry x="-540" y="65" width="120" height="90" as="geometry" /> </mxCell> <mxCell id="8d1qzFLiU4dvMAKzdGGc-6" value="" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=none;" vertex="1" parent="1"> <mxGeometry x="-360" y="20" width="160" height="180" as="geometry" /> </mxCell> <mxCell id="8d1qzFLiU4dvMAKzdGGc-7" value="OP-TEE" style="rounded=0;whiteSpace=wrap;html=1;" vertex="1" parent="1"> <mxGeometry x="-340" y="65" width="120" height="90" as="geometry" /> </mxCell> <mxCell id="8d1qzFLiU4dvMAKzdGGc-8" value="" style="rounded=1;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=none;" vertex="1" parent="1"> <mxGeometry x="-590" y="270" width="232" height="190" as="geometry" /> </mxCell> <mxCell id="8d1qzFLiU4dvMAKzdGGc-9" value="" style="rounded=0;whiteSpace=wrap;html=1;" vertex="1" parent="1"> <mxGeometry x="-570" y="290" width="182" height="150" as="geometry" /> </mxCell> <mxCell id="8d1qzFLiU4dvMAKzdGGc-10" value="Dedicated Flash" style="shape=cylinder3;whiteSpace=wrap;html=1;boundedLbl=1;backgroundOutline=1;size=15;" vertex="1" parent="1"> <mxGeometry x="-509" y="470" width="60" height="80" as="geometry" /> </mxCell> <mxCell id="8d1qzFLiU4dvMAKzdGGc-12" value="" style="endArrow=none;html=1;" edge="1" parent="1"> <mxGeometry width="50" height="50" relative="1" as="geometry"> <mxPoint x="-760" y="240" as="sourcePoint" /> <mxPoint x="40" y="240" as="targetPoint" /> </mxGeometry> </mxCell> <mxCell id="8d1qzFLiU4dvMAKzdGGc-13" value="FF-A Messaging" style="text;html=1;strokeColor=none;fillColor=none;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" vertex="1" parent="1"> <mxGeometry x="50" y="230" width="110" height="20" as="geometry" /> </mxCell> <mxCell id="8d1qzFLiU4dvMAKzdGGc-14" value="" style="endArrow=none;html=1;entryX=0.5;entryY=1;entryDx=0;entryDy=0;" edge="1" parent="1" target="8d1qzFLiU4dvMAKzdGGc-7"> <mxGeometry width="50" height="50" relative="1" as="geometry"> <mxPoint x="-280" y="240" as="sourcePoint" /> <mxPoint x="-210" y="320" as="targetPoint" /> </mxGeometry> </mxCell> <mxCell id="8d1qzFLiU4dvMAKzdGGc-15" value="" style="endArrow=none;html=1;entryX=0.5;entryY=1;entryDx=0;entryDy=0;exitX=0.5;exitY=0;exitDx=0;exitDy=0;" edge="1" parent="1" source="8d1qzFLiU4dvMAKzdGGc-9" target="8d1qzFLiU4dvMAKzdGGc-5"> <mxGeometry width="50" height="50" relative="1" as="geometry"> <mxPoint x="-260" y="370" as="sourcePoint" /> <mxPoint x="-210" y="320" as="targetPoint" /> </mxGeometry> </mxCell> <mxCell id="8d1qzFLiU4dvMAKzdGGc-16" value="" style="endArrow=none;html=1;entryX=0.5;entryY=1;entryDx=0;entryDy=0;" edge="1" parent="1" target="8d1qzFLiU4dvMAKzdGGc-3"> <mxGeometry width="50" height="50" relative="1" as="geometry"> <mxPoint x="-680" y="240" as="sourcePoint" /> <mxPoint x="-210" y="320" as="targetPoint" /> </mxGeometry> </mxCell> <mxCell id="8d1qzFLiU4dvMAKzdGGc-17" value="Partition Configuration" style="shape=document;whiteSpace=wrap;html=1;boundedLbl=1;" vertex="1" parent="1"> <mxGeometry x="-325" y="350" width="90" height="80" as="geometry" /> </mxCell> <mxCell id="8d1qzFLiU4dvMAKzdGGc-19" value="Update Agent" style="rounded=0;whiteSpace=wrap;html=1;" vertex="1" parent="1"> <mxGeometry x="-140" y="65" width="120" height="90" as="geometry" /> </mxCell> <mxCell id="8d1qzFLiU4dvMAKzdGGc-20" value="" style="endArrow=none;html=1;entryX=0.5;entryY=1;entryDx=0;entryDy=0;" edge="1" parent="1" target="8d1qzFLiU4dvMAKzdGGc-19"> <mxGeometry width="50" height="50" relative="1" as="geometry"> <mxPoint x="-80" y="240" as="sourcePoint" /> <mxPoint x="-20" y="255" as="targetPoint" /> </mxGeometry> </mxCell> <mxCell id="8d1qzFLiU4dvMAKzdGGc-27" value="" style="rounded=1;whiteSpace=wrap;html=1;dashed=1;" vertex="1" parent="1"> <mxGeometry x="-560" y="330" width="160" height="100" as="geometry" /> </mxCell> <mxCell id="8d1qzFLiU4dvMAKzdGGc-21" value="Block Storage" style="text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" vertex="1" parent="1"> <mxGeometry x="-534" y="290" width="110" height="30" as="geometry" /> </mxCell> <mxCell id="8d1qzFLiU4dvMAKzdGGc-22" value="Encrypted" style="rounded=0;whiteSpace=wrap;html=1;" vertex="1" parent="1"> <mxGeometry x="-534" y="360" width="110" height="20" as="geometry" /> </mxCell> <mxCell id="8d1qzFLiU4dvMAKzdGGc-23" value="Partitioned" style="rounded=0;whiteSpace=wrap;html=1;" vertex="1" parent="1"> <mxGeometry x="-534" y="380" width="110" height="20" as="geometry" /> </mxCell> <mxCell id="8d1qzFLiU4dvMAKzdGGc-26" value="Device: RPMB" style="rounded=0;whiteSpace=wrap;html=1;" vertex="1" parent="1"> <mxGeometry x="-534" y="400" width="110" height="20" as="geometry" /> </mxCell> <mxCell id="8d1qzFLiU4dvMAKzdGGc-18" value="" style="endArrow=none;dashed=1;html=1;exitX=1;exitY=0.5;exitDx=0;exitDy=0;" edge="1" parent="1" source="8d1qzFLiU4dvMAKzdGGc-23" target="8d1qzFLiU4dvMAKzdGGc-17"> <mxGeometry width="50" height="50" relative="1" as="geometry"> <mxPoint x="-348" y="350" as="sourcePoint" /> <mxPoint x="-298" y="300" as="targetPoint" /> </mxGeometry> </mxCell> <mxCell id="8d1qzFLiU4dvMAKzdGGc-11" value="" style="endArrow=none;html=1;exitX=0.5;exitY=0;exitDx=0;exitDy=0;exitPerimeter=0;entryX=0.5;entryY=1;entryDx=0;entryDy=0;" edge="1" parent="1" source="8d1qzFLiU4dvMAKzdGGc-10" target="8d1qzFLiU4dvMAKzdGGc-26"> <mxGeometry width="50" height="50" relative="1" as="geometry"> <mxPoint x="-348" y="360" as="sourcePoint" /> <mxPoint x="-298" y="310" as="targetPoint" /> </mxGeometry> </mxCell> <mxCell id="8d1qzFLiU4dvMAKzdGGc-28" value="Block Store" style="text;html=1;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" vertex="1" parent="1"> <mxGeometry x="-519" y="330" width="80" height="30" as="geometry" /> </mxCell> </root> </mxGraphModel> </diagram> </mxfile> "><defs/><g><g data-cell-id="0"><g data-cell-id="1"><g data-cell-id="8d1qzFLiU4dvMAKzdGGc-1"><g><rect x="600" y="0" width="160" height="180" rx="24" ry="24" fill="#dae8fc" stroke="none" pointer-events="all" style="fill: light-dark(rgb(218, 232, 252), rgb(29, 41, 59));"/></g></g><g data-cell-id="8d1qzFLiU4dvMAKzdGGc-2"><g><rect x="0" y="0" width="160" height="180" rx="24" ry="24" fill="#dae8fc" stroke="none" pointer-events="all" style="fill: light-dark(rgb(218, 232, 252), rgb(29, 41, 59));"/></g></g><g data-cell-id="8d1qzFLiU4dvMAKzdGGc-3"><g><rect x="20" y="45" width="120" height="90" fill="#ffffff" stroke="#000000" pointer-events="all" style="fill: light-dark(#ffffff, var(--ge-dark-color, #121212)); stroke: light-dark(rgb(0, 0, 0), rgb(255, 255, 255));"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 118px; height: 1px; padding-top: 90px; margin-left: 21px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; color: #000000; "><div style="display: inline-block; font-size: 12px; font-family: "Helvetica"; color: light-dark(#000000, #ffffff); line-height: 1.2; pointer-events: all; white-space: normal; word-wrap: normal; ">StMM</div></div></div></foreignObject><text x="80" y="94" fill="light-dark(#000000, #ffffff)" font-family=""Helvetica"" font-size="12px" text-anchor="middle">StMM</text></switch></g></g></g><g data-cell-id="8d1qzFLiU4dvMAKzdGGc-4"><g><rect x="200" y="0" width="160" height="180" rx="24" ry="24" fill="#dae8fc" stroke="none" pointer-events="all" style="fill: light-dark(rgb(218, 232, 252), rgb(29, 41, 59));"/></g></g><g data-cell-id="8d1qzFLiU4dvMAKzdGGc-5"><g><rect x="220" y="45" width="120" height="90" fill="#ffffff" stroke="#000000" pointer-events="all" style="fill: light-dark(#ffffff, var(--ge-dark-color, #121212)); stroke: light-dark(rgb(0, 0, 0), rgb(255, 255, 255));"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 118px; height: 1px; padding-top: 90px; margin-left: 221px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; color: #000000; "><div style="display: inline-block; font-size: 12px; font-family: "Helvetica"; color: light-dark(#000000, #ffffff); line-height: 1.2; pointer-events: all; white-space: normal; word-wrap: normal; ">Protected Storage</div></div></div></foreignObject><text x="280" y="94" fill="light-dark(#000000, #ffffff)" font-family=""Helvetica"" font-size="12px" text-anchor="middle">Protected Storage</text></switch></g></g></g><g data-cell-id="8d1qzFLiU4dvMAKzdGGc-6"><g><rect x="400" y="0" width="160" height="180" rx="24" ry="24" fill="#dae8fc" stroke="none" pointer-events="all" style="fill: light-dark(rgb(218, 232, 252), rgb(29, 41, 59));"/></g></g><g data-cell-id="8d1qzFLiU4dvMAKzdGGc-7"><g><rect x="420" y="45" width="120" height="90" fill="#ffffff" stroke="#000000" pointer-events="all" style="fill: light-dark(#ffffff, var(--ge-dark-color, #121212)); stroke: light-dark(rgb(0, 0, 0), rgb(255, 255, 255));"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 118px; height: 1px; padding-top: 90px; margin-left: 421px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; color: #000000; "><div style="display: inline-block; font-size: 12px; font-family: "Helvetica"; color: light-dark(#000000, #ffffff); line-height: 1.2; pointer-events: all; white-space: normal; word-wrap: normal; ">OP-TEE</div></div></div></foreignObject><text x="480" y="94" fill="light-dark(#000000, #ffffff)" font-family=""Helvetica"" font-size="12px" text-anchor="middle">OP-TEE</text></switch></g></g></g><g data-cell-id="8d1qzFLiU4dvMAKzdGGc-8"><g><rect x="170" y="250" width="232" height="190" rx="28.5" ry="28.5" fill="#dae8fc" stroke="none" pointer-events="all" style="fill: light-dark(rgb(218, 232, 252), rgb(29, 41, 59));"/></g></g><g data-cell-id="8d1qzFLiU4dvMAKzdGGc-9"><g><rect x="190" y="270" width="182" height="150" fill="#ffffff" stroke="#000000" pointer-events="all" style="fill: light-dark(#ffffff, var(--ge-dark-color, #121212)); stroke: light-dark(rgb(0, 0, 0), rgb(255, 255, 255));"/></g></g><g data-cell-id="8d1qzFLiU4dvMAKzdGGc-10"><g><path d="M 251 465 C 251 456.72 264.43 450 281 450 C 288.96 450 296.59 451.58 302.21 454.39 C 307.84 457.21 311 461.02 311 465 L 311 515 C 311 523.28 297.57 530 281 530 C 264.43 530 251 523.28 251 515 Z" fill="#ffffff" stroke="#000000" stroke-miterlimit="10" pointer-events="all" style="fill: light-dark(#ffffff, var(--ge-dark-color, #121212)); stroke: light-dark(rgb(0, 0, 0), rgb(255, 255, 255));"/><path d="M 311 465 C 311 473.28 297.57 480 281 480 C 264.43 480 251 473.28 251 465" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="all" style="stroke: light-dark(rgb(0, 0, 0), rgb(255, 255, 255));"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 58px; height: 1px; padding-top: 503px; margin-left: 252px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; color: #000000; "><div style="display: inline-block; font-size: 12px; font-family: "Helvetica"; color: light-dark(#000000, #ffffff); line-height: 1.2; pointer-events: all; white-space: normal; word-wrap: normal; ">Dedicated Flash</div></div></div></foreignObject><text x="281" y="506" fill="light-dark(#000000, #ffffff)" font-family=""Helvetica"" font-size="12px" text-anchor="middle">Dedicated...</text></switch></g></g></g><g data-cell-id="8d1qzFLiU4dvMAKzdGGc-12"><g><path d="M 0 220 L 800 220" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="stroke" style="stroke: light-dark(rgb(0, 0, 0), rgb(255, 255, 255));"/></g></g><g data-cell-id="8d1qzFLiU4dvMAKzdGGc-13"><g><rect x="810" y="210" width="110" height="20" fill="none" stroke="none" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 108px; height: 1px; padding-top: 220px; margin-left: 811px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; color: #000000; "><div style="display: inline-block; font-size: 12px; font-family: "Helvetica"; color: light-dark(#000000, #ffffff); line-height: 1.2; pointer-events: all; white-space: normal; word-wrap: normal; ">FF-A Messaging</div></div></div></foreignObject><text x="865" y="224" fill="light-dark(#000000, #ffffff)" font-family=""Helvetica"" font-size="12px" text-anchor="middle">FF-A Messaging</text></switch></g></g></g><g data-cell-id="8d1qzFLiU4dvMAKzdGGc-14"><g><path d="M 480 220 L 480 135" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="stroke" style="stroke: light-dark(rgb(0, 0, 0), rgb(255, 255, 255));"/></g></g><g data-cell-id="8d1qzFLiU4dvMAKzdGGc-15"><g><path d="M 281 270 L 280 135" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="stroke" style="stroke: light-dark(rgb(0, 0, 0), rgb(255, 255, 255));"/></g></g><g data-cell-id="8d1qzFLiU4dvMAKzdGGc-16"><g><path d="M 80 220 L 80 135" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="stroke" style="stroke: light-dark(rgb(0, 0, 0), rgb(255, 255, 255));"/></g></g><g data-cell-id="8d1qzFLiU4dvMAKzdGGc-17"><g><path d="M 435 330 L 525 330 L 525 398 Q 502.5 376.4 480 398 Q 457.5 419.6 435 398 L 435 342 Z" fill="#ffffff" stroke="#000000" stroke-miterlimit="10" pointer-events="all" style="fill: light-dark(#ffffff, var(--ge-dark-color, #121212)); stroke: light-dark(rgb(0, 0, 0), rgb(255, 255, 255));"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 88px; height: 1px; padding-top: 358px; margin-left: 436px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; color: #000000; "><div style="display: inline-block; font-size: 12px; font-family: "Helvetica"; color: light-dark(#000000, #ffffff); line-height: 1.2; pointer-events: all; white-space: normal; word-wrap: normal; ">Partition Configuration</div></div></div></foreignObject><text x="480" y="362" fill="light-dark(#000000, #ffffff)" font-family=""Helvetica"" font-size="12px" text-anchor="middle">Partition Confi...</text></switch></g></g></g><g data-cell-id="8d1qzFLiU4dvMAKzdGGc-19"><g><rect x="620" y="45" width="120" height="90" fill="#ffffff" stroke="#000000" pointer-events="all" style="fill: light-dark(#ffffff, var(--ge-dark-color, #121212)); stroke: light-dark(rgb(0, 0, 0), rgb(255, 255, 255));"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 118px; height: 1px; padding-top: 90px; margin-left: 621px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; color: #000000; "><div style="display: inline-block; font-size: 12px; font-family: "Helvetica"; color: light-dark(#000000, #ffffff); line-height: 1.2; pointer-events: all; white-space: normal; word-wrap: normal; ">Update Agent</div></div></div></foreignObject><text x="680" y="94" fill="light-dark(#000000, #ffffff)" font-family=""Helvetica"" font-size="12px" text-anchor="middle">Update Agent</text></switch></g></g></g><g data-cell-id="8d1qzFLiU4dvMAKzdGGc-20"><g><path d="M 680 220 L 680 135" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="stroke" style="stroke: light-dark(rgb(0, 0, 0), rgb(255, 255, 255));"/></g></g><g data-cell-id="8d1qzFLiU4dvMAKzdGGc-27"><g><rect x="200" y="310" width="160" height="100" rx="15" ry="15" fill="#ffffff" stroke="#000000" stroke-dasharray="3 3" pointer-events="all" style="fill: light-dark(#ffffff, var(--ge-dark-color, #121212)); stroke: light-dark(rgb(0, 0, 0), rgb(255, 255, 255));"/></g></g><g data-cell-id="8d1qzFLiU4dvMAKzdGGc-21"><g><rect x="226" y="270" width="110" height="30" fill="none" stroke="none" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 108px; height: 1px; padding-top: 285px; margin-left: 227px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; color: #000000; "><div style="display: inline-block; font-size: 12px; font-family: "Helvetica"; color: light-dark(#000000, #ffffff); line-height: 1.2; pointer-events: all; white-space: normal; word-wrap: normal; ">Block Storage</div></div></div></foreignObject><text x="281" y="289" fill="light-dark(#000000, #ffffff)" font-family=""Helvetica"" font-size="12px" text-anchor="middle">Block Storage</text></switch></g></g></g><g data-cell-id="8d1qzFLiU4dvMAKzdGGc-22"><g><rect x="226" y="340" width="110" height="20" fill="#ffffff" stroke="#000000" pointer-events="all" style="fill: light-dark(#ffffff, var(--ge-dark-color, #121212)); stroke: light-dark(rgb(0, 0, 0), rgb(255, 255, 255));"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 108px; height: 1px; padding-top: 350px; margin-left: 227px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; color: #000000; "><div style="display: inline-block; font-size: 12px; font-family: "Helvetica"; color: light-dark(#000000, #ffffff); line-height: 1.2; pointer-events: all; white-space: normal; word-wrap: normal; ">Encrypted</div></div></div></foreignObject><text x="281" y="354" fill="light-dark(#000000, #ffffff)" font-family=""Helvetica"" font-size="12px" text-anchor="middle">Encrypted</text></switch></g></g></g><g data-cell-id="8d1qzFLiU4dvMAKzdGGc-23"><g><rect x="226" y="360" width="110" height="20" fill="#ffffff" stroke="#000000" pointer-events="all" style="fill: light-dark(#ffffff, var(--ge-dark-color, #121212)); stroke: light-dark(rgb(0, 0, 0), rgb(255, 255, 255));"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 108px; height: 1px; padding-top: 370px; margin-left: 227px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; color: #000000; "><div style="display: inline-block; font-size: 12px; font-family: "Helvetica"; color: light-dark(#000000, #ffffff); line-height: 1.2; pointer-events: all; white-space: normal; word-wrap: normal; ">Partitioned</div></div></div></foreignObject><text x="281" y="374" fill="light-dark(#000000, #ffffff)" font-family=""Helvetica"" font-size="12px" text-anchor="middle">Partitioned</text></switch></g></g></g><g data-cell-id="8d1qzFLiU4dvMAKzdGGc-26"><g><rect x="226" y="380" width="110" height="20" fill="#ffffff" stroke="#000000" pointer-events="all" style="fill: light-dark(#ffffff, var(--ge-dark-color, #121212)); stroke: light-dark(rgb(0, 0, 0), rgb(255, 255, 255));"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 108px; height: 1px; padding-top: 390px; margin-left: 227px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; color: #000000; "><div style="display: inline-block; font-size: 12px; font-family: "Helvetica"; color: light-dark(#000000, #ffffff); line-height: 1.2; pointer-events: all; white-space: normal; word-wrap: normal; ">Device: RPMB</div></div></div></foreignObject><text x="281" y="394" fill="light-dark(#000000, #ffffff)" font-family=""Helvetica"" font-size="12px" text-anchor="middle">Device: RPMB</text></switch></g></g></g><g data-cell-id="8d1qzFLiU4dvMAKzdGGc-18"><g><path d="M 336 370 L 435 370" fill="none" stroke="#000000" stroke-miterlimit="10" stroke-dasharray="3 3" pointer-events="stroke" style="stroke: light-dark(rgb(0, 0, 0), rgb(255, 255, 255));"/></g></g><g data-cell-id="8d1qzFLiU4dvMAKzdGGc-11"><g><path d="M 281 450 L 281 400" fill="none" stroke="#000000" stroke-miterlimit="10" pointer-events="stroke" style="stroke: light-dark(rgb(0, 0, 0), rgb(255, 255, 255));"/></g></g><g data-cell-id="8d1qzFLiU4dvMAKzdGGc-28"><g><rect x="241" y="310" width="80" height="30" fill="none" stroke="none" pointer-events="all"/></g><g><g transform="translate(-0.5 -0.5)"><switch><foreignObject style="overflow: visible; text-align: left;" pointer-events="none" width="100%" height="100%" requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"><div xmlns="http://www.w3.org/1999/xhtml" style="display: flex; align-items: unsafe center; justify-content: unsafe center; width: 78px; height: 1px; padding-top: 325px; margin-left: 242px;"><div style="box-sizing: border-box; font-size: 0; text-align: center; color: #000000; "><div style="display: inline-block; font-size: 12px; font-family: "Helvetica"; color: light-dark(#000000, #ffffff); line-height: 1.2; pointer-events: all; white-space: normal; word-wrap: normal; ">Block Store</div></div></div></foreignObject><text x="281" y="329" fill="light-dark(#000000, #ffffff)" font-family=""Helvetica"" font-size="12px" text-anchor="middle">Block Store</text></switch></g></g></g></g></g></g><switch><g requiredFeatures="http://www.w3.org/TR/SVG11/feature#Extensibility"/><a transform="translate(0,-5)" xlink:href="https://www.drawio.com/doc/faq/svg-export-text-problems" target="_blank"><text text-anchor="middle" font-size="10px" x="50%" y="100%">Text is not SVG - cannot display</text></a></switch></svg>
\ No newline at end of file
diff --git a/docs/services/index.rst b/docs/services/index.rst
index 5f7377d..15e2415 100644
--- a/docs/services/index.rst
+++ b/docs/services/index.rst
@@ -9,7 +9,7 @@
crypto-service-description
fwu/index
secure-storage-service-description
- block-storage-service-description
+ block-storage/block-storage-service-description
uefi-smm-services
logging-service-description
