Docs: Tidy up the security section
Signed-off-by: Anton Komlev <anton.komlev@arm.com>
Change-Id: I71cac0e19434def9c73859275b3130798f2efd0d
diff --git a/docs/releases/1.3.0.rst b/docs/releases/1.3.0.rst
index c58610f..ff98d45 100644
--- a/docs/releases/1.3.0.rst
+++ b/docs/releases/1.3.0.rst
@@ -168,7 +168,7 @@
.. [6] :doc:`Code sharing between independently linked XIP binaries </design_docs/code_sharing>`
- .. [7] :doc:`Security Handling </security/security>`
+ .. [7] :doc:`Security Handling </security/index>`
--------------
diff --git a/docs/security/index.rst b/docs/security/index.rst
index 22bdcba..736c799 100644
--- a/docs/security/index.rst
+++ b/docs/security/index.rst
@@ -1,12 +1,54 @@
+########
Security
-========
+########
+
.. toctree::
:maxdepth: 1
- :glob:
- */index
- *
+ Threat Model <threat_models/index>
+ Security Advisories <security_advisories/index>
+
+Security Disclosures
+--------------------
+
+Trusted Firmware-M(TF-M) disclose all security vulnerabilities, or are advised
+about, that are relevant to TF-M. TF-M encourage responsible disclosure of
+vulnerabilities and try the best to inform users about all possible issues.
+
+The TF-M vulnerabilities are disclosed as Security Advisories, all of which are
+listed at the bottom of this page.
+
+Found a Security Issue?
+-----------------------
+
+Although TF-M try to keep secure, it can only do so with the help of the
+community of developers and security researchers.
+
+.. warning::
+ If any security vulnerability was found, please **do not**
+ report it in the `issue tracker`_ or on the `mailing list`_. Instead, please
+ follow the `TrustedFirmware.org security incident process`_.
+
+One of the goals of this process is to ensure providers of products that use
+TF-M have a chance to consider the implications of the vulnerability and its
+remedy before it is made public. As such, please follow the disclosure plan
+outlined in the `Security Incident Process`_. TF-M do the best to respond and
+fix any issues quickly.
+
+Afterwards, write-up all the findings about the TF-M source code is highly
+encouraged.
+
+Attribution
+-----------
+
+TF-M values researchers and community members who report vulnerabilities and
+TF-M policy is to credit the contributor's name in the published security advisory.
+
+.. _issue tracker: https://developer.trustedfirmware.org/project/view/2/
+.. _mailing list: https://lists.trustedfirmware.org/mailman/listinfo/tf-m
+.. _TrustedFirmware.org security incident process: https://developer.trustedfirmware.org/w/collaboration/security_center/
+.. _Security Incident Process: https://developer.trustedfirmware.org/w/collaboration/security_center/reporting/
--------------
-*Copyright (c) 2021, Arm Limited. All rights reserved.*
+*Copyright (c) 2020-2023, Arm Limited. All rights reserved.*
diff --git a/docs/security/security.rst b/docs/security/security.rst
deleted file mode 100644
index 73289d3..0000000
--- a/docs/security/security.rst
+++ /dev/null
@@ -1,76 +0,0 @@
-Security Handling
-=================
-
-Security Disclosures
---------------------
-
-Trusted Firmware-M(TF-M) disclose all security vulnerabilities, or are advised
-about, that are relevant to TF-M. TF-M encourage responsible disclosure of
-vulnerabilities and try the best to inform users about all possible issues.
-
-The TF-M vulnerabilities are disclosed as Security Advisories, all of which are
-listed at the bottom of this page.
-
-Found a Security Issue?
------------------------
-
-Although TF-M try to keep secure, it can only do so with the help of the
-community of developers and security researchers.
-
-.. warning::
- If any security vulnerability was found, please **do not**
- report it in the `issue tracker`_ or on the `mailing list`_. Instead, please
- follow the `TrustedFirmware.org security incident process`_.
-
-One of the goals of this process is to ensure providers of products that use
-TF-M have a chance to consider the implications of the vulnerability and its
-remedy before it is made public. As such, please follow the disclosure plan
-outlined in the `Security Incident Process`_. TF-M do the best to respond and
-fix any issues quickly.
-
-Afterwards, write-up all the findings about the TF-M source code is highly
-encouraged.
-
-Attribution
------------
-
-TF-M values researchers and community members who report vulnerabilities and
-TF-M policy is to credit the contributor's name in the published security advisory.
-
-Security Advisories
--------------------
-
-+------------+-----------------------------------------------------------------+
-| ID | Title |
-+============+=================================================================+
-| |TFMV-1| | NS world may cause the CPU to perform an unexpected return |
-| | operation due to unsealed stacks. |
-+------------+-----------------------------------------------------------------+
-| |TFMV-2| | Invoking Secure functions from handler mode may cause TF-M IPC |
-| | model to behave unexpectedly. |
-+------------+-----------------------------------------------------------------+
-| |TFMV-3| | ``abort()`` function may not take effect in TF-M Crypto |
-| | multi-part MAC/hashing/cipher operations. |
-+------------+-----------------------------------------------------------------+
-| |TFMV-4| | NSPE may access secure keys stored in TF-M Crypto service |
-| | in Profile Small with Crypto key ID encoding disabled. |
-+------------+-----------------------------------------------------------------+
-| |TFMV-5| | ``psa_fwu_write()`` may cause buffer overflow in SPE. |
-+------------+-----------------------------------------------------------------+
-
-.. _issue tracker: https://developer.trustedfirmware.org/project/view/2/
-.. _mailing list: https://lists.trustedfirmware.org/mailman/listinfo/tf-m
-
-.. |TFMV-1| replace:: :ref:`security/security_advisories/stack_seal_vulnerability:Advisory TFMV-1`
-.. |TFMV-2| replace:: :ref:`security/security_advisories/svc_caller_sp_fetching_vulnerability:Advisory TFMV-2`
-.. |TFMV-3| replace:: :ref:`security/security_advisories/crypto_multi_part_ops_abort_fail:Advisory TFMV-3`
-.. |TFMV-4| replace:: :ref:`security/security_advisories/profile_small_key_id_encoding_vulnerability:Advisory TFMV-4`
-.. |TFMV-5| replace:: :ref:`security/security_advisories/fwu_write_vulnerability:Advisory TFMV-5`
-
-.. _TrustedFirmware.org security incident process: https://developer.trustedfirmware.org/w/collaboration/security_center/
-
-.. _Security Incident Process: https://developer.trustedfirmware.org/w/collaboration/security_center/reporting/
-
---------------
-
-*Copyright (c) 2020-2022, Arm Limited. All rights reserved.*
diff --git a/docs/security/security_advisories/index.rst b/docs/security/security_advisories/index.rst
index fe8118a..b18800f 100644
--- a/docs/security/security_advisories/index.rst
+++ b/docs/security/security_advisories/index.rst
@@ -1,9 +1,10 @@
+###################
Security Advisories
-===================
+###################
.. toctree::
:maxdepth: 1
- :glob:
+ :hidden:
stack_seal_vulnerability
svc_caller_sp_fetching_vulnerability
@@ -11,6 +12,30 @@
profile_small_key_id_encoding_vulnerability
fwu_write_vulnerability
++------------+-----------------------------------------------------------------+
+| ID | Title |
++============+=================================================================+
+| |TFMV-1| | NS world may cause the CPU to perform an unexpected return |
+| | operation due to unsealed stacks. |
++------------+-----------------------------------------------------------------+
+| |TFMV-2| | Invoking Secure functions from handler mode may cause TF-M IPC |
+| | model to behave unexpectedly. |
++------------+-----------------------------------------------------------------+
+| |TFMV-3| | ``abort()`` function may not take effect in TF-M Crypto |
+| | multi-part MAC/hashing/cipher operations. |
++------------+-----------------------------------------------------------------+
+| |TFMV-4| | NSPE may access secure keys stored in TF-M Crypto service |
+| | in Profile Small with Crypto key ID encoding disabled. |
++------------+-----------------------------------------------------------------+
+| |TFMV-5| | ``psa_fwu_write()`` may cause buffer overflow in SPE. |
++------------+-----------------------------------------------------------------+
+
+.. |TFMV-1| replace:: :doc:`TFMV-1 <stack_seal_vulnerability>`
+.. |TFMV-2| replace:: :doc:`TFMV-2 <svc_caller_sp_fetching_vulnerability>`
+.. |TFMV-3| replace:: :doc:`TFMV-3 <crypto_multi_part_ops_abort_fail>`
+.. |TFMV-4| replace:: :doc:`TFMV-4 <profile_small_key_id_encoding_vulnerability>`
+.. |TFMV-5| replace:: :doc:`TFMV-5 <fwu_write_vulnerability>`
+
--------------
-*Copyright (c) 2020-2022, Arm Limited. All rights reserved.*
+*Copyright (c) 2020-2023, Arm Limited. All rights reserved.*
diff --git a/docs/security/threat_models/index.rst b/docs/security/threat_models/index.rst
index 227d4d4..671c1be 100644
--- a/docs/security/threat_models/index.rst
+++ b/docs/security/threat_models/index.rst
@@ -1,12 +1,8 @@
-Threat Models
-=============
-
.. toctree::
:maxdepth: 1
- :glob:
- *
+ Threat model <generic_threat_model.rst>
--------------
-*Copyright (c) 2020, Arm Limited. All rights reserved.*
+*Copyright (c) 2023, Arm Limited. All rights reserved.*