Mention the unified driver interface
Keep the old secure element interface, but say that it is not being
actively worked on.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/docs/psa/index.html b/docs/psa/index.html
index 657008e..d9fb9a9 100644
--- a/docs/psa/index.html
+++ b/docs/psa/index.html
@@ -5,8 +5,13 @@
<p><strong>Reference documentation</strong>: <a href="../html/index.html">HTML</a>, <a href="../PSA_Cryptography_API_Specification.pdf">PDF</a></p>
<p><strong>Reference implementation</strong>: <a href="https://github.com/ARMmbed/mbed-tls">Mbed TLS</a></p>
<h2 id="hardware-abstraction-layer">Hardware abstraction layer</h2>
+<h3 id="unified-driver-interface">Unified driver interface</h3>
+<p>There is work in progress to define a PSA cryptography driver interface, allowing an implementation of the PSA Cryptography API to make use of dedicated hardware (accelerators, secure elements, random generators, etc.) or other external systems such as a remote key store. The driver interface is being tried out in Mbed TLS. Arm expects to make it an official PSA specification once it has been sufficiently validated.</p>
+<p>For more information, please see the <a href="https://github.com/ARMmbed/mbedtls/blob/development/docs/proposed/psa-driver-interface.md">proposed driver interface</a> as well as the <a href="https://github.com/ARMmbed/mbedtls/issues?q=+label%3AHwDrivers+">ongoing specification and implementation effort</a>.</p>
+<p>PSA includes functional specifications describing a hardware abstraction layer covering <a href="accel/">cryptographic accelerators</a>, <a href="se/">secure elements</a> and <a href="entropy/">entropy sources</a>.</p>
<h3 id="secure-element-driver-interface">Secure element driver interface</h3>
-<p>The secure element driver interface lets you write drivers for external cryptoprocessors such as secure elements (SE), smart cards and hardware security modules (HSM) that perform operations on keys that never leave the external processor and are accessed only through opaque handles. You can plug such drivers into any implementation of the PSA Cryptography API.</p>
+<p>The dynamic secure element driver interface lets you write drivers for external cryptoprocessors such as secure elements (SE), smart cards and hardware security modules (HSM) that perform operations on keys that never leave the external processor and are accessed only through opaque handles. Such drivers can be loaded dynamically into an implementation of the PSA Cryptography API such as Mbed TLS.</p>
+<p>Work on this interface is currently frozen. The <a href="#unified-driver-interface">unified driver interface</a> replaces the older dynamic secure element driver for most purposes. The older interface the advantage of allowing drivers to be dynamically loaded. If there is widespread demand for dynamic loading of secure element drivers, Arm may revive the effort on the older interface or merge it into the unified interface.</p>
<p>For more information, see <a href="se/">PSA secure element driver interface</a>.</p>
<h2 id="feedback">Feedback</h2>
<p>Arm welcomes feedback on the design of the PSA cryptography interfaces. If you think something could be improved, please open an <a href="https://github.com/ARMmbed/mbedtls/labels/api-spec">issue on the Mbed TLS GitHub repository</a>. Alternatively, if you prefer to provide your feedback privately, please email us at <code>mbed-crypto@arm.com</code>. All feedback received by email is treated confidentially.</p>