| Julian Hall | e76ade8 | 2020-11-25 03:07:21 +0100 | [diff] [blame] | 1 | Glossary |
| 2 | ======== |
| 3 | |
| 4 | This glossary provides definitions for terms and abbreviations used in the Trusted Services documentation. |
| 5 | |
| 6 | You can find additional definitions in the `Arm Glossary`_. |
| 7 | |
| 8 | .. glossary:: |
| 9 | :sorted: |
| 10 | |
| 11 | TF-A |
| 12 | Trusted Firmware-A |
| 13 | |
| 14 | TS |
| 15 | Trusted Services |
| 16 | |
| 17 | C identifier like string |
| 18 | A name which uses only alphanumeric characters and underscores and the first character is not a digit. |
| 19 | |
| 20 | LCS |
| 21 | `Linux Coding Style`_ |
| 22 | |
| 23 | ACLE |
| 24 | `Arm C language extensions`_ |
| 25 | |
| Gyorgy Szing | 101ce2d | 2021-03-19 12:47:53 +0100 | [diff] [blame] | 26 | PSA |
| 27 | `Platforn Security Arhitecture`_ |
| 28 | |
| 29 | FF-A |
| 30 | `Firmware Framework for A`_ |
| 31 | |
| Gyorgy Szing | 30731ce | 2023-09-27 12:24:18 +0200 | [diff] [blame^] | 32 | Normal World |
| 33 | The rich execution environment running the "business logic" of the device. NWd is separated by hardware |
| 34 | technology (e.g. see :term:`TrustZone`) from components which are managing sensitive information. See |
| 35 | :term:`Secure World`. |
| 36 | |
| 37 | NWd |
| 38 | See :term:`Normal World`. |
| 39 | |
| 40 | Secure World |
| 41 | Hardware isolated execution environment executing specially crafted software managing sensitive data. On Arm |
| 42 | devices :term:`TrustZone` technology can be used to implement the needed isolation. |
| 43 | |
| 44 | SWd |
| 45 | See :term:`Secure World`. |
| 46 | |
| Gyorgy Szing | e656524 | 2022-11-25 12:01:55 +0100 | [diff] [blame] | 47 | TEE |
| 48 | Trusted Execution Environment. An SPE implemented using TrustZone. |
| 49 | |
| 50 | TrustZone |
| 51 | Hardware assisted isolation technology built into arm CPUs. See `TrustZone for Cortex-A`_. |
| 52 | |
| 53 | SPE |
| 54 | See :term:`Secure Processing Environment`. |
| 55 | |
| 56 | Secure Processing Environment |
| 57 | An isolated environment to execute software images backed by a specific set of hardware and arm architecture |
| Gyorgy Szing | 30731ce | 2023-09-27 12:24:18 +0200 | [diff] [blame^] | 58 | features. The aim of isolation is to protect sensitive workloads and their assets. |
| Gyorgy Szing | e656524 | 2022-11-25 12:01:55 +0100 | [diff] [blame] | 59 | |
| 60 | SP |
| 61 | see :term:`Secure Partition` |
| 62 | |
| 63 | Secure Partition |
| 64 | Secure Partition is a compartment to execute a software image isolated from other images. Isolation can be logical |
| 65 | or physical based on if physical address range isolation is involved or not. See :term:`Physical SP` and :term:`Logical SP`. |
| 66 | |
| 67 | An SP may host a single or multiple services. |
| 68 | |
| 69 | Physical SP |
| 70 | A Secure Partition which executes a software image in and isolated physical address space. |
| 71 | |
| 72 | Logical SP |
| 73 | A Secure Partition which executes a software image isolated buy without physical address space isolation. |
| 74 | |
| 75 | SPM |
| 76 | See :term:`Secure Partition Manager`. |
| 77 | |
| 78 | Secure Partition Manager |
| 79 | A component responsible for creating and managing the physical isolation boundary of an :term:`SP` in the SWd. It |
| 80 | is built from two sub-components the :term:`Secure Partition Manager Dispatcher` and the |
| 81 | :term:`Secure Partition Manager Core`. |
| 82 | |
| 83 | Secure Partition Manager Dispatcher |
| 84 | The SPM component responsible for SPMC initialization boot-time, and forwarding FF-A calls run-time between SPs |
| 85 | and between SPs and the SPMC. |
| 86 | |
| 87 | Secure Partition Manager Core |
| 88 | A component responsible for SP initialization and isolation at boot-time, inter partition isolation at run-time, |
| 89 | inter-partition communication at run-time. |
| 90 | |
| 91 | Secure Enclave |
| 92 | An isolated hardware subsystem focusing on security related operations. The subsystem may include hardware |
| 93 | peripherals and one or more processing elements. As an example see the `Arm SSE-700`_ subsystem. |
| Julian Hall | e76ade8 | 2020-11-25 03:07:21 +0100 | [diff] [blame] | 94 | |
| 95 | -------------- |
| 96 | |
| Gyorgy Szing | e656524 | 2022-11-25 12:01:55 +0100 | [diff] [blame] | 97 | .. _`Arm Glossary`: https://developer.arm.com/documentation/aeg0014 |
| Julian Hall | e76ade8 | 2020-11-25 03:07:21 +0100 | [diff] [blame] | 98 | .. _`Linux Coding Style`: https://www.kernel.org/doc/html/v4.10/process/coding-style.html |
| 99 | .. _`Arm C language extensions`: https://developer.arm.com/documentation/101028/0012/?lang=en |
| Gyorgy Szing | 101ce2d | 2021-03-19 12:47:53 +0100 | [diff] [blame] | 100 | .. _`Platforn Security Arhitecture`: https://developer.arm.com/architectures/security-architectures/platform-security-architecture |
| 101 | .. _`Firmware Framework for A`: https://developer.arm.com/docs/den0077/latest |
| Gyorgy Szing | e656524 | 2022-11-25 12:01:55 +0100 | [diff] [blame] | 102 | .. _`TrustZone for Cortex-A`: https://www.arm.com/technologies/trustzone-for-cortex-a |
| 103 | .. _`Arm SSE-700`: https://developer.arm.com/documentation/101418/0100/Overview/About-SSE-700 |
| Gyorgy Szing | 101ce2d | 2021-03-19 12:47:53 +0100 | [diff] [blame] | 104 | |
| Gyorgy Szing | e656524 | 2022-11-25 12:01:55 +0100 | [diff] [blame] | 105 | *Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved.* |
| Julian Hall | e76ade8 | 2020-11-25 03:07:21 +0100 | [diff] [blame] | 106 | |
| 107 | SPDX-License-Identifier: BSD-3-Clause |