Docs: Secure Partition Manager
An overall design document for Secure Partition Manager. Covers
FF-M compliance and implementation defined features.
Change-Id: Ia2ac487918e17c2c0ce1b442c5cb8497f64393eb
Signed-off-by: Ken Liu <Ken.Liu@arm.com>
diff --git a/docs/conf.py.in b/docs/conf.py.in
index e2cd0be..eeff3ba 100644
--- a/docs/conf.py.in
+++ b/docs/conf.py.in
@@ -138,6 +138,16 @@
.. |TFM_VERSION| replace:: @SPHINXCFG_TFM_VERSION@
"""
+# Enable figures and tables auto numbering
+numfig = True
+numfig_secnum_depth = 0
+numfig_format = {
+ 'figure': 'Figure %s:',
+ 'table': 'Table %s:',
+ 'code-block': 'Listing %s:',
+ 'section': '%s'
+}
+
# -- Options for LaTeX output ------------------------------------------------
latex_elements = {
diff --git a/docs/technical_references/design_docs/media/abi_scheduler.svg b/docs/technical_references/design_docs/media/abi_scheduler.svg
new file mode 100644
index 0000000..34d7f40
--- /dev/null
+++ b/docs/technical_references/design_docs/media/abi_scheduler.svg
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Do not edit this file with editors other than diagrams.net -->
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="423px" height="182px" viewBox="-0.5 -0.5 423 182" content="<mxfile host="app.diagrams.net" modified="2021-09-26T06:40:48.327Z" agent="5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36" etag="BVD9jAIebmczNn1dO7Ma" version="15.2.9" type="device"><diagram id="pE8yNmrzc9lT-nbtH71B" name="Page-1">5VnRcuI2FP0aZtoHMraEMTwSAmEnWUqWTJs8ZVRbsdXYFitEwP36yljCxhKOmwK7Sf2QsY6ka+mec69uRAsO4801Q4vwK/Vx1AKWv2nBqxYA0AXibwakOQAsCQSM+DlkF8Cc/I0laEl0RXy83BvIKY04WeyDHk0S7PE9DDFG1/vDnmm0/9UFCrAGzD0U6egfxOdhjvaAW+ATTIJQfdnu9vOeGKnBcifLEPl0XYLgqAWHjFKev8WbIY4y3ym/5PPGB3p3C2M44U0mjMa4P8Cb9M5aezztwm/TCLbV4l5RtJI7nojd4CUX4IwRyghPhc25F2J/hZlAb6n3InfEU+UmjjdiEZcoIkEiEE+sSQyGl6+YcSK8OZAdnC4Eyugq8XG2Lku0nmnC59KULdtjFJMok8w9CmmMJDqkEWXbD0LL6opH4EvO6Ave68ke0eOjZbj9iDIq1WVnnbr3pEOzFeNNCZLevMY0xpwJZ1iqtyOdJ6XtKGeuC6EAS2JhWSRqIpLiDHa2C/7Ei6TQTKcT9J8mT9e3zuTGGa4HNzSdt9tQIwb7Qs6ySRkPaUATFI0KtEJGMeaWZlxtnfcX5jyV3kMrTgUU8jgq8WfmSzkc6PyNt8+OPxVb0Myo5FpwxdIH+dlt4zFrXDiqebUpd16lqrUh/EHuJXsvzRKtYlLWUHMOCmRJV8zDNSR0ZJpCLMBy6l18+926/hPfP7uol45upsmUtaW9jKFauTEcIU5e9xOSSTpy6oyShBey7FoVteUbkKPKCUNNPKTvXsVQvkPN0Fa5u/W/X8wdLTUNI4Llt8oaLxRsa4IChthvlnCqqSsmvr8NGMQ8aQ10a4T9TKLIJOIjZJ4KMd2Onnh6hrxzsrRj2xpVc8xeiQgTYVd4CcCt42dIuJQTmvxEFLo/hkLY/XEcpu1gOr9Dv5OXb0/f06eH+9FvkYnDweyLACYoEU5j7z7yd04/z6lf4Sxj0jrWgd+rcObonNnAQBo4AmnG8q2ncTYef60JLssQSuZgO3Cglwg7yPMxPO1Ujh63WXQ4p3J0X3P0JfJecOKXstsv8/FUGP8yG/76CSgAPxsFKkF97OK2KGEv3F3Z+qhq0wY1rHUBVOH6WK5bjUWsIU0OxdO0vK09KMr1bV1yOll9q4RqV7Ky/c56VzNUPWuPV++aBQ4+hcDNOrVrdXowKqw3ouI/Crwu15f1XRsIJxc4rOiyWk40Frj7RqScWuCdTyHwQqvgX2m1iAz3bBm8LjG/mcD7Z9I3qMiyes/QWN9VQ7CZvgeMobQ0bJENWDY/cRzHql+XWztevOQrOG6w9T9DsH2gu0DjHV/nTCFUvU1w+hdO731RBMXcfvl50/Lxjo26e9LyxcRldjGh/z/wIa8ktH/JDEpr/BuE6Uqic6IbiTrBa2Tpte3/jyxonY0s0Sx+WcwDsfh5Fo7+AQ==</diagram></mxfile>"><defs/><g><rect x="111" y="10" width="200" height="140" fill="none" stroke="#000000" stroke-dasharray="3 3" pointer-events="all"/><g fill="#006666" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="10px"><text x="210.5" y="25.5">Highest Priority/Scheduer Lock</text></g><path d="M 91 150 L 100.9 150" fill="none" stroke="#006666" stroke-width="3" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 107.65 150 L 98.65 154.5 L 100.9 150 L 98.65 145.5 Z" fill="#006666" stroke="#006666" stroke-width="3" stroke-miterlimit="10" pointer-events="all"/><rect x="11" y="130" width="80" height="40" rx="10.4" ry="10.4" fill="#006666" stroke="#000000" stroke-width="2" pointer-events="all"/><g fill="#FFFFFF" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="10px"><text x="50.5" y="153.5">Client</text></g><rect x="331" y="130" width="80" height="40" rx="10.8" ry="10.8" fill="#006666" stroke="#000000" stroke-width="2" pointer-events="all"/><g fill="#FFFFFF" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="10px"><text x="370.5" y="147.5">Service/</text><text x="370.5" y="159.5">Partition</text></g><rect x="151" y="140" width="120" height="20" fill="#ffff00" stroke="#000000" pointer-events="all"/><g fill="#006666" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="12px"><text x="210.5" y="154.5">API Handler</text></g><rect x="121" y="60" width="80" height="50" fill="#ffffff" stroke="#000000" stroke-width="2" pointer-events="all"/><g fill="#000000" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="10px"><text x="160.5" y="88.5">FFM</text></g><rect x="221" y="60" width="80" height="50" fill="#ffffff" stroke="#000000" stroke-width="2" pointer-events="all"/><g fill="#000000" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="10px"><text x="260.5" y="82.5">Backend</text><text x="260.5" y="94.5">(SFN/IPC)</text></g><path d="M 181 140 L 181 120.1" fill="none" stroke="#00cccc" stroke-width="3" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 181 113.35 L 185.5 122.35 L 181 120.1 L 176.5 122.35 Z" fill="#00cccc" stroke="#00cccc" stroke-width="3" stroke-miterlimit="10" pointer-events="all"/><path d="M 241 110 L 241 129.9" fill="none" stroke="#00cccc" stroke-width="3" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 241 136.65 L 236.5 127.65 L 241 129.9 L 245.5 127.65 Z" fill="#00cccc" stroke="#00cccc" stroke-width="3" stroke-miterlimit="10" pointer-events="all"/><path d="M 181 60 L 181 40 L 241 40 L 241 49.9" fill="none" stroke="#00cccc" stroke-width="3" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 241 56.65 L 236.5 47.65 L 241 49.9 L 245.5 47.65 Z" fill="#00cccc" stroke="#00cccc" stroke-width="3" stroke-miterlimit="10" pointer-events="all"/><path d="M 311 150 L 320.9 150" fill="none" stroke="#006666" stroke-width="3" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 327.65 150 L 318.65 154.5 L 320.9 150 L 318.65 145.5 Z" fill="#006666" stroke="#006666" stroke-width="3" stroke-miterlimit="10" pointer-events="all"/><rect x="111" y="140" width="40" height="20" fill="#ffff00" stroke="#000000" pointer-events="all"/><g fill="#006666" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="12px"><text x="130.5" y="154.5">ABI 1</text></g><rect x="271" y="140" width="40" height="20" fill="#ffff00" stroke="#000000" pointer-events="all"/><g fill="#006666" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="12px"><text x="290.5" y="154.5">ABI 2</text></g></g></svg>
\ No newline at end of file
diff --git a/docs/technical_references/design_docs/media/hybridruntime.svg b/docs/technical_references/design_docs/media/hybridruntime.svg
new file mode 100644
index 0000000..1a485d6
--- /dev/null
+++ b/docs/technical_references/design_docs/media/hybridruntime.svg
@@ -0,0 +1,3 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="362px" height="203px" viewBox="-0.5 -0.5 362 203" content="<mxfile host="app.diagrams.net" modified="2021-09-06T03:17:02.086Z" agent="5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36" etag="i12WVWij0c3EiUyQtPTn" version="14.9.8" type="device"><diagram id="pE8yNmrzc9lT-nbtH71B" name="Page-1">7Vpdk6I4FP01PvYUEMD2UW3tnprZng+7dmeeulKSBnbQODG2sr9+E7kIJIG2abUtd3mwzCU3JPecc7lJ0UHD2eaW4UX0Bw1I0nGsYNNBNx3H8VBP/EpDmhmcHsoMIYuDzGQXhkn8DwGjBdZVHJBlpSOnNOHxomqc0vmcTHnFhhmj62q3J5pUn7rAIdEMkylOdOtfccCjzHrtdAv7HYnDKH+y7cOCZzjvDCtZRjig65IJjTpoyCjl2b/ZZkgSGbs8LpnfuObubmKMzPk+Dl7Ye7x7vP3s3X3yhuv+J5pOrq6cbJRnnKxgwR+/DmG+PM2DwOhqHhA5jt1BgyVn9NcuGmIdgyc65wCdwA3a4G5De4xncSJJ8IAjOsPC+kwYj0Wk+0kczsWNWRwE0mWA2RRGc3zwHtKEsu1k0Hh7SXucJCW7ZfniEnY9MBAr+UCyKZkgULeEzghnqegCd8VomQuw1s/puC444IMpKsHvgg0D68LdyAUw4g9g8wqckIYJCQRPoUkZj2hI5zgZFdZBgZrEpOjzmdIFAPM34TyFWOMVp8IU8VkCLmbYymA7DfBUaYJ2FhNkAimW/pCP/eDlzZ8wx23jZgNzylpp3trEvOQmWj9Ldwon2ch9aumxpCs2JQ0guJB/MAsJb+hnA1oSoka2MZJgHj9XU42JO+D6lcZizgUrLYVu2QqgVzkV5I5Ab4Xd7rUyTrZCbZwtc3fTb09mV0s695OOkLqDttmjHxJ47n86B9n2meUg29ZwO6+XRfd9gELeuQGFNKAm4/sGoCwDLGbgal4HJfhqgTqCJDz3vSOtp7LLiLTKabd7ukinV+H95Bv+M/71/fF3+vjjYfQlyd8ZF1sAtShk2hZNexVAozHp9ckm/Watpzz10ff7BF35+xZA7pELoJzD170PvfJV4Wy3bXlku0qacY5WHxm57l8C13NG22U+79hdx+igL/fscpUipWaWcSyjVyomKvoZiquihbISSsJ4ixYaX7IvisE5jRaQWi52W7J/l9ffif3di2D/yZncRm/t2e/s+yawT8N+p6eQ1m/N/qZXiof204LAHqelbgvZYfkK8SKrcZYv9Bd/shkcVJiG/V9/8FFTq6gwudyXQVU6FdwirKlcNVTHL24HFSXu6iiDruSlbwClcq1GDexfLKvcu3aF7tRq2TVUy2pmPVi1bNgBPkSM4OBM0IJcV4dJPYoHQMvueoqmXQ0s70hgGatq/Qz+YmSloWLArn4PqurK1oE6lqqMQOmi+h8oI1AnTYBGqPRzmUvKf29Cy+lV859vmdA6aQb0NbTO5hTtbcJQTtFOeV5pDPRF7K3O6RRN2de0PErIP2wo7abqdXL4UzSVpV7bczN1oIOdHIhm8aFE1r342gSN/gU=</diagram></mxfile>"><defs/><g><rect x="150" y="151" width="60" height="40" rx="10.4" ry="10.4" fill="#006666" stroke="#000000" stroke-width="2" pointer-events="all"/><g fill="#FFFFFF" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="10px"><text x="179.5" y="174.5">IPC</text></g><path d="M 60 151 L 60 131.1" fill="none" stroke="#006666" stroke-width="3" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 60 124.35 L 64.5 133.35 L 60 131.1 L 55.5 133.35 Z" fill="#006666" stroke="#006666" stroke-width="3" stroke-miterlimit="10" pointer-events="all"/><rect x="30" y="151" width="60" height="40" rx="10.4" ry="10.4" fill="#006666" stroke="#000000" stroke-width="2" pointer-events="all"/><g fill="#FFFFFF" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="10px"><text x="59.5" y="168.5">NS</text><text x="59.5" y="180.5">Agent</text></g><rect x="270" y="151" width="60" height="40" rx="10.8" ry="10.8" fill="#006666" stroke="#000000" stroke-width="2" pointer-events="all"/><g fill="#FFFFFF" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="10px"><text x="299.5" y="174.5">IPC</text></g><rect x="30" y="81" width="60" height="40" fill="#ffffff" stroke="#000000" stroke-width="2" pointer-events="all"/><g fill="#000000" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="10px"><text x="59.5" y="104.5">SFN</text></g><rect x="270" y="11" width="60" height="40" fill="#ffffff" stroke="#000000" stroke-width="2" pointer-events="all"/><g fill="#000000" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="10px"><text x="299.5" y="34.5">SFN</text></g><path d="M 300 81 L 300 61.1" fill="none" stroke="#006666" stroke-width="3" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 300 54.35 L 304.5 63.35 L 300 61.1 L 295.5 63.35 Z" fill="#006666" stroke="#006666" stroke-width="3" stroke-miterlimit="10" pointer-events="all"/><path d="M 90 101 L 120.03 101.03 L 120.03 171.03 L 147 171" fill="none" stroke="#00cccc" stroke-width="3" stroke-miterlimit="10" pointer-events="stroke"/><ellipse cx="150" cy="171" rx="3" ry="3" fill="#00cccc" stroke="#00cccc" stroke-width="3" pointer-events="all"/><path d="M 210 171 L 230.03 171.03 L 267 171" fill="none" stroke="#00cccc" stroke-width="3" stroke-miterlimit="10" pointer-events="stroke"/><ellipse cx="270" cy="171" rx="3" ry="3" fill="#00cccc" stroke="#00cccc" stroke-width="3" pointer-events="all"/><rect x="10" y="125.5" width="40" height="20" fill="#ffff00" stroke="#000000" pointer-events="all"/><g fill="#006666" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="12px"><text x="29.5" y="140">ABI</text></g><rect x="95" y="75" width="50" height="20" fill="#ffff00" stroke="#000000" pointer-events="all"/><g fill="#00CCCC" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="12px"><text x="119.5" y="89.5">Thread</text></g><rect x="310" y="55" width="40" height="20" fill="#ffff00" stroke="#000000" pointer-events="all"/><g fill="#006666" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="12px"><text x="329.5" y="69.5">ABI</text></g><rect x="310" y="125.5" width="40" height="20" fill="#ffff00" stroke="#000000" pointer-events="all"/><g fill="#006666" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="12px"><text x="329.5" y="140">ABI</text></g><rect x="215" y="145.5" width="50" height="20" fill="#ffff00" stroke="#000000" pointer-events="all"/><g fill="#00CCCC" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="12px"><text x="239.5" y="160">Thread</text></g><rect x="270" y="81" width="60" height="40" fill="#ffffff" stroke="#000000" stroke-width="2" pointer-events="all"/><g fill="#000000" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="10px"><text x="299.5" y="104.5">SFN</text></g><path d="M 300 151 L 300 131.1" fill="none" stroke="#006666" stroke-width="3" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 300 124.35 L 304.5 133.35 L 300 131.1 L 295.5 133.35 Z" fill="#006666" stroke="#006666" stroke-width="3" stroke-miterlimit="10" pointer-events="all"/></g></svg>
\ No newline at end of file
diff --git a/docs/technical_references/design_docs/media/modelisolation.svg b/docs/technical_references/design_docs/media/modelisolation.svg
new file mode 100644
index 0000000..05bc071
--- /dev/null
+++ b/docs/technical_references/design_docs/media/modelisolation.svg
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Do not edit this file with editors other than diagrams.net -->
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="462px" height="342px" viewBox="-0.5 -0.5 462 342" content="<mxfile host="app.diagrams.net" modified="2021-09-17T06:56:27.058Z" agent="5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36" etag="a4te_vN3EQJEAzAJBS9K" version="15.2.9" type="device"><diagram id="z2eWvvA0n7qyoBdv0BDn" name="Page-1">3Zptc6I6FIB/jR/b4S2oH6t92Z3bdb3X3bm3+6WTStRMkTgQre6vvwkEhCRY1kJRccaBQxLIec45OQnp2MPl9iGEq8U34iG/YxnetmPfdiyr27PYPxfsEoFjgUQwD7GXiMy9YIJ/IyE0hHSNPRQVClJCfIpXReGUBAGa0oIMhiF5KxabEb/41BWcI0UwmUJflf6LPbpIpD2ru5d/QXi+SJ9suv3kzhKmhUVPogX0yFtOZN917GFICE3Oltsh8rnuUr0k9e5L7mYvFqKAVqnwPNiYj2Tw7P4MwrkFX3+N3OcrQWcD/bXo8GjCroc+5q0m7013qTJCsg48xNszOvbAhy/IH5MIU0wCJpuyKihkNzYopJip8FEqsMSex5saQB/PtTVuxI2s5IwEdCJewOTX2PeHxCdh/EL2DPCfKHcPl9jnZvYDLsgSMmlEQ/KK0vIBCVAmTGGaonKu0eRgclXDQun8ddE2JxIaf0BkiWi4Y0XE3Yx+av5AXL/tjclMyyxyhmTZQgiFAc+ztveM2YnArEc+enjaztbfHbCK/v7Lfvr+tvPWV46CvD3OlKx0kLUwJUoGO/r9MsiSnQziXz1IgVsBqaFBajaG1FaQjv8hP5jklqkOB+3xfSGUkmVlxHqUJdwbRJwhFYhBV0WcjVAFxGZTiNVAfflee+fyXz1Ibed9pObnIjUVpDen4bWXwFcXlS3dQJuNvh/hq82tVL4KUhR4NzxJLUa7ssCY5iyOol+h+eGQ3UFbTP/jRnINxNWTMBl+frvNX+zERSmAiKzDKTrUSZHOI6+QR6ucchyABkMqC5EPKd4Us28dGvGEMcE8Uc3MwCyagduT6CYdErXy2bLckGxPjtQQheEcUaWh2FKybh9vPOqQngQHtxP30R6MIXPa2LUPx4nYjZNpVV+xJOugX+e9v3Rk92C0iB9miosxpCysBLHEMky9rbrsqGms7kqgeqrj9zQGJxtGbW6v5tcSuQkKN3jKJrWVwcXV9POW98jVoOCeNHIaqoJdjYLryHa1CgZ1uIZm3mfER6mP5Jyo2tBY6jIwnIrGLHACHmRLExrQtge5F+ZBthSiQL97Ddr1oa6iYr7ukyn4Zn54+edo7zGNo91nvyZUMvHLuZV7gm7V+sDUU5hPxt8+5ELHpw9lMDMrkqzrPj7K5hUVUDeQabQeJ/sK0PGF5IiCaw3QwKlBSyco5dTObHQDUn7otp0fmurE+wi/OOcEsTn3aX0QM9WF0Mtyn9anV6a69DAZ3ynaZN2jVdb5hChddPTRjB7KB1RIJQgEOqvE23QrY3UkddKXAcdSaTkaWs0tMqrLDaMacYVJF86Wl9U/NV7q6sXXiPA1Tz4aGY9oE++f4HF9wFULxTNrYPn+1/YTh2lLH9Pdftsw1Wm0DqZ1FjDNKjDrmx4DG5yYZ6rz469j1pQh9jQdlSlqCDa+PrLPHu1eTVFUcryuhpUuC2yOlTr1ndyPKrD69DWN+lJxOfq1DiFtuP4PnFZjy3cn8plS/qbSlbP5qp8pHVs2in66tPxJHyotdbatGwPtQ2MgpxJvV/iTiQKK8G/4EjfBvXjFOxh3GQw64LYkU1EtT95HIWe8pdso4ooDOH2dx+HlvV1LpZZ52Lfk8JDtdBVd7+Q3k+rCxpVx7dRis2mNnbY+mc0i9FED026TUYflClFG3TChjgE6PGccUkBJcvynIUXZ31hx5wMjAHe5YsIhK79wutRU9b2k8uwkeYOKxscu93uvk+L7Dez23f8=</diagram></mxfile>"><defs/><g><rect x="11" y="40" width="120" height="230" fill="#f5f5f5" stroke="none" pointer-events="all"/><g fill="#333333" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="12px"><text x="70.5" y="159.5">NS Client</text></g><rect x="351" y="40" width="100" height="130" fill="#b3b3b3" stroke="none" pointer-events="all"/><rect x="241" y="160" width="210" height="110" fill="#b3b3b3" stroke="none" pointer-events="all"/><g fill="#000099" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="12px"><text x="345.5" y="264.5">PRoT Domain</text></g><rect x="131" y="160" width="110" height="110" fill="#e6e6e6" stroke="none" pointer-events="all"/><rect x="131" y="40" width="220" height="120" fill="#e6e6e6" stroke="none" pointer-events="all"/><g fill="#000099" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="12px"><text x="240.5" y="57.5">ARoT Domain</text></g><path d="M 131 280 L 131 30" fill="none" stroke="#0000cc" stroke-width="4" stroke-miterlimit="10" pointer-events="stroke"/><rect x="261" y="70" width="80" height="80" fill="#ffffff" stroke="#006666" stroke-width="2" stroke-dasharray="2 2" pointer-events="all"/><g fill="#000000" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="9px"><text x="300.5" y="133.5">ARoT</text><text x="300.5" y="144.5">Partition</text></g><rect x="271" y="90" width="60" height="30" fill="#ffffff" stroke="#000000" pointer-events="all"/><g fill="#000000" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="10px"><text x="300.5" y="102.5">ARoT</text><text x="300.5" y="114.5">Services</text></g><rect x="151" y="170" width="80" height="80" rx="20" ry="20" fill="#ffffff" stroke="#006666" stroke-width="2" stroke-dasharray="2 2" pointer-events="all"/><g fill="#000000" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="9px"><text x="190.5" y="233.5">ARoT</text><text x="190.5" y="244.5">Partition</text></g><rect x="161" y="187.5" width="60" height="30" fill="#ffffff" stroke="#000000" pointer-events="all"/><g fill="#000000" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="10px"><text x="190.5" y="200">ARoT</text><text x="190.5" y="212">Services</text></g><rect x="151" y="70" width="80" height="80" rx="20.8" ry="20.8" fill="#b3b3b3" stroke="#006666" stroke-width="2" stroke-dasharray="2 2" pointer-events="all"/><g fill="#000000" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="10px"><text x="190.5" y="107.5">NS</text><text x="190.5" y="119.5">Agent</text></g><rect x="261" y="170" width="80" height="80" fill="#000000" stroke="none" pointer-events="all"/><g fill="#FFFFFF" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="10px"><text x="300.5" y="213.5">SPM</text></g><rect x="361" y="170" width="80" height="80" fill="#ffffff" stroke="none" pointer-events="all"/><g fill="#000000" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="9px"><text x="400.5" y="233.5">PRoT</text><text x="400.5" y="244.5">Partition</text></g><rect x="371" y="190" width="60" height="30" fill="#ffffff" stroke="#000000" pointer-events="all"/><g fill="#000000" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="10px"><text x="400.5" y="202.5">PRoT</text><text x="400.5" y="214.5">Services</text></g><rect x="361" y="70" width="80" height="80" rx="20" ry="20" fill="#ffffff" stroke="none" pointer-events="all"/><g fill="#000000" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="9px"><text x="400.5" y="133.5">PRoT</text><text x="400.5" y="144.5">Partition</text></g><rect x="371" y="90" width="60" height="30" fill="#ffffff" stroke="#000000" pointer-events="all"/><g fill="#000000" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="10px"><text x="400.5" y="102.5">PRoT</text><text x="400.5" y="114.5">Services</text></g><rect x="141" y="10" width="40" height="20" fill="none" stroke="none" pointer-events="all"/><g fill="#0000CC" font-family="Tahoma" font-weight="bold" font-size="12px"><text x="142.5" y="24.5">SPE</text></g><rect x="81" y="10" width="40" height="20" fill="none" stroke="none" pointer-events="all"/><g fill="#0000CC" font-family="Tahoma" font-weight="bold" text-anchor="end" font-size="12px"><text x="118.5" y="24.5">NSPE</text></g><rect x="111" y="280" width="40" height="20" fill="none" stroke="none" pointer-events="all"/><g fill="#0000CC" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="12px"><text x="130.5" y="294.5">Isolation Level 1 Boundary</text></g><rect x="326" y="10" width="40" height="20" fill="none" stroke="none" pointer-events="all"/><g fill="#006666" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="11px"><text x="345.5" y="24">Isolation Level 2 Boundary</text></g><rect x="11" y="310" width="80" height="20" rx="7.6" ry="7.6" fill="none" stroke="#000000" stroke-width="2" pointer-events="all"/><g fill="#000000" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="10px"><text x="50.5" y="323.5">IPC Model</text></g><rect x="111" y="310" width="80" height="20" fill="none" stroke="#000000" stroke-width="2" pointer-events="all"/><g fill="#000000" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="10px"><text x="150.5" y="323.5">SFN Model</text></g><path d="M 271 320 L 221 319.5" fill="none" stroke="#006666" stroke-width="2" stroke-miterlimit="10" stroke-dasharray="2 2" pointer-events="stroke"/><g fill="#006666" font-family="Tahoma" font-size="12px"><text x="278.5" y="325.85">Isolation Level 3 Boundary</text></g><path d="M 241 280 L 241 160 L 351 160 L 351 30" fill="none" stroke="#006666" stroke-width="4" stroke-miterlimit="10" pointer-events="stroke"/></g></svg>
\ No newline at end of file
diff --git a/docs/technical_references/design_docs/media/spestate.svg b/docs/technical_references/design_docs/media/spestate.svg
new file mode 100644
index 0000000..9b436f9
--- /dev/null
+++ b/docs/technical_references/design_docs/media/spestate.svg
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Do not edit this file with editors other than diagrams.net -->
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="545px" height="352px" viewBox="-0.5 -0.5 545 352" content="<mxfile host="app.diagrams.net" modified="2021-09-17T08:07:56.757Z" agent="5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36" etag="jj3Jf5IRjsPlaCu4d2ZX" version="15.2.9" type="device"><diagram id="pE8yNmrzc9lT-nbtH71B" name="Page-1">7ZpZc6M4EIB/jR+dAoTAPPrMJjvZ8awnm+NNA7IhAeQRsmPy60eAMIfwMVnbSWXsVKVQ02oa9ddNI7sF+sHqkqK5e0Mc7Lc0xVm1wKClaWZH4/8TQZwJdA1mghn1nEykFoKJ94qFUBHShefgqKLICPGZN68KbRKG2GYVGaKUvFTVpsSvXnWOZlgSTGzky9I7z2FuJu1oZiH/C3szN7+yaljZmQDlyuJOIhc55KUkAsMW6FNCWHYUrPrYT9YuX5ds3mjD2bVjFIdsnwmPwLa+tr89IP2bFY+uHpUXMGyDzMoS+Qtxw1ehxzzke69eOBOOszhfDUoWoYMTg0oL9Hz0A/tjEvEJJOQym3uCKT+xxJR5fA2/1BQCz3ESUz1uf9Y4oytOrDUjRsnzeun5ovWmJGQT4ZIqxiMUeH5C2HfkkgDlvvUIdTDtE5/wawxCEhYWa8Kp5/u5qKWBjpL8CeMl+Sj95E5ksKo6H8vBEPFJbgyvSiIRnEtMAsxozFXEWc0UoOSZ0hHjl4I7NU8Lt8wcFEIkWJ+tbRc48ANBRDMdN/eXbt8O4O2j/7P7avm3NrluqxIA2OHZIYZi6ewFXaZIJMEglLlkRkIee0LmQviEGYvFaqEFI1zkssAXFOGVx+6FZnL8kMgvoBgNViW1QSwGtbAo6UeiBUjRTnUN/kkMhnyJ7nPryaB05WRYXDod5dfeGOqILKiNdycbQ3SGxVRwtxqz0bI9vRwOei566PZX17lestZbwaHYR8xbVitVEwRi6ph43OU1cLpeBQ5C64KvTMVKdk9iYrm41G1pG+DNDWU3LRlKsVzf0l6k/kSd57v+7Xfn6cd/T+140b6OwrYp1bGt6BaYDgtpr1rd9kU557dg9qFEczO/BXsFbutZW9jbVI5+h/u9+G3kUn1XfruUorikME9YijbjbRiwgqRhKtsRtrbq84PMg7dyu21Jy8/fwZfh+bl7wueuob7nc7eRCk2ioofs51lKwZmNE7IBamwAU2ZjLSuzYR4LDblhn2C6PPfqp+Wi3jp9gJqhn3v1N/bq2/JsZ6+jnqZXh6DWqyvWBXxbqw7Nett/tFa9y66m0fWgfb1U9RhMHx1g2g0tTy/ZA9GUxVxCmKcj26cMCNH+papaHJvLUrV4HeAFX6ktvAqloqE31AztACWjMRLb35EOVDI+ZPofO12lUMM3Jmt9UwhCvZ73R07XhoZjfMMFyT5hSzNaaY8EeoOElk+dvsCqp6/8zG9KX3Cs9NWlyPwzGQ9LMfkXIyf+3EGBxgcLirEhKErapvOWQ1O6to2j6JPHpbYfaDS8OKnaKQMj7xCOKcbBPH3d+dSx0OsbHLoci84pQ2H9saGAnfcLxeTvHoYhQJMhHNx+JV4MYT8vVx+/BXy3Vg7s+mZj31YOgB2GNjRyv7vvLTmsb9/3lvyq6v/vfe9G7swzd7u+nbMOxB1UTsOd5PAO7iS/TsFd58zdDu4M40DcGZt+z3Bg7iSHd3An+XUK7v7clkerb5Ufr+Xhw+LnVFnkit+kgeEv</diagram></mxfile>"><defs/><g><rect x="83" y="121" width="110" height="150" fill="#808080" stroke="none" pointer-events="all"/><g fill="#FFFFFF" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="14px"><text x="137.5" y="201.5">Initializing</text></g><path d="M 193 196 Q 193 196 242.9 196" fill="none" stroke="#006666" stroke-width="3" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 249.65 196 L 240.65 200.5 L 242.9 196 L 240.65 191.5 Z" fill="#006666" stroke="#006666" stroke-width="3" stroke-miterlimit="10" pointer-events="all"/><path d="M 478 271 L 478 311 L 308 311 L 308 281.1" fill="none" stroke="#006666" stroke-width="3" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 308 274.35 L 312.5 283.35 L 308 281.1 L 303.5 283.35 Z" fill="#006666" stroke="#006666" stroke-width="3" stroke-miterlimit="10" pointer-events="all"/><rect x="423" y="121" width="110" height="150" fill="#808080" stroke="none" pointer-events="all"/><g fill="#FFFFFF" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="14px"><text x="477.5" y="201.5">IDLE</text></g><rect x="123" y="11" width="370" height="70" fill="#808080" stroke="none" pointer-events="all"/><g fill="#FFFFFF" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="14px"><text x="307.5" y="51.5">Background</text></g><rect x="253" y="121" width="110" height="150" fill="#808080" stroke="none" pointer-events="all"/><g fill="#FFFFFF" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="14px"><text x="307.5" y="201.5">Serving</text></g><path d="M 363 196 Q 363 196 412.9 196" fill="none" stroke="#006666" stroke-width="3" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 419.65 196 L 410.65 200.5 L 412.9 196 L 410.65 191.5 Z" fill="#006666" stroke="#006666" stroke-width="3" stroke-miterlimit="10" pointer-events="all"/><rect x="13" y="156" width="40" height="20" fill="none" stroke="none" pointer-events="all"/><g fill="#000000" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="12px"><text x="32.5" y="170.5">Boot up</text></g><path d="M 13 196 Q 13 196 72.9 195.57" fill="none" stroke="#006666" stroke-width="3" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 79.65 195.52 L 70.68 200.09 L 72.9 195.57 L 70.61 191.09 Z" fill="#006666" stroke="#006666" stroke-width="3" stroke-miterlimit="10" pointer-events="all"/><rect x="203" y="151" width="40" height="30" fill="none" stroke="none" pointer-events="all"/><g fill="#000000" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="12px"><text x="222.5" y="163.5">SPM Init</text><text x="222.5" y="177.5">Done</text></g><rect x="373" y="151" width="40" height="30" fill="none" stroke="none" pointer-events="all"/><g fill="#000000" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="12px"><text x="392.5" y="163.5">NSPE</text><text x="392.5" y="177.5">Ready</text></g><rect x="333" y="311" width="120" height="30" fill="none" stroke="none" pointer-events="all"/><g fill="#000000" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="12px"><text x="392.5" y="330.5">NSPE Service Access</text></g><rect x="223" y="81" width="80" height="30" fill="none" stroke="none" pointer-events="all"/><g fill="#000000" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="12px"><text x="262.5" y="100.5">Preemption</text></g><rect x="393" y="81" width="80" height="30" fill="none" stroke="none" pointer-events="all"/><g fill="#000000" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="12px"><text x="432.5" y="100.5">Preemption</text></g><path d="M 133 121 Q 133 81 138 81 Q 143 81 143 110.9" fill="none" stroke="#006666" stroke-width="3" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 143 117.65 L 138.5 108.65 L 143 110.9 L 147.5 108.65 Z" fill="#006666" stroke="#006666" stroke-width="3" stroke-miterlimit="10" pointer-events="all"/><path d="M 303 121 Q 303 81 308 81 Q 313 81 313 110.9" fill="none" stroke="#006666" stroke-width="3" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 313 117.65 L 308.5 108.65 L 313 110.9 L 317.5 108.65 Z" fill="#006666" stroke="#006666" stroke-width="3" stroke-miterlimit="10" pointer-events="all"/><path d="M 473 121 Q 473 81 478 81 Q 483 81 483 110.9" fill="none" stroke="#006666" stroke-width="3" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 483 117.65 L 478.5 108.65 L 483 110.9 L 487.5 108.65 Z" fill="#006666" stroke="#006666" stroke-width="3" stroke-miterlimit="10" pointer-events="all"/><rect x="53" y="81" width="80" height="30" fill="none" stroke="none" pointer-events="all"/><g fill="#000000" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="12px"><text x="92.5" y="100.5">Preemption</text></g></g></svg>
\ No newline at end of file
diff --git a/docs/technical_references/design_docs/media/spmabitypes.svg b/docs/technical_references/design_docs/media/spmabitypes.svg
new file mode 100644
index 0000000..e0e45e5
--- /dev/null
+++ b/docs/technical_references/design_docs/media/spmabitypes.svg
@@ -0,0 +1,3 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="423px" height="303px" viewBox="-0.5 -0.5 423 303" content="<mxfile host="app.diagrams.net" modified="2021-09-10T10:28:55.524Z" agent="5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36" etag="_JZ6fR9ln1KZGVaMcIWN" version="15.0.6" type="device"><diagram id="z2eWvvA0n7qyoBdv0BDn" name="Page-1">7Ztfc6o4FMA/DY91IPyTx2rr9u703nHW7tzZvnRyIQJbJE6Mtt5PvwkGFAKKFapboTMdOYRDOL+Tc05iVPTh7P0PAufBd+yhSAGq967odwoAlgnYfy5YbwS6aWwEPgm9jUjbCibhbySEqpAuQw8tcg0pxhEN53mhi+MYuTQng4Tgt3yzKY7yT51DH0mCiQsjWfoz9GiwkfaBvZU/oNAP0idrlrO5MoNpY/EmiwB6+G1HpN8r+pBgTDefZu9DFHHbpXbZ3DequJp1jKCY1rkheH64+xP8tHz96duSjh60++d/boDAs4LRUryx6C1dpyYgeBl7iGtRFX0wxTEVmBx2uqAEv2amAaLBCM7CiBN/ggGewfQ2oVNj5ytEaMjMfBuFfsxks9Dz+MXBNIyiIY4wSR6uq+qQHdmD0isxjnlj0XmmC71XmkXLjM2cFOEZomTNmqQeqgo+69Rj1Z4hjPC2Q1y0CnZgG0IGhY/5mfItBvZBkDiGitZRyVOxjfNT0Zxrp2IYhbGS2v8AEk1tjUm/Y5JnYqo1mVgNMHkZrLRHPHix/o6JD+Dr8w/r5caUkNz+hZ8UYDFzaBzBGDLb0RDHe1BpwuY5U/KjktkO1CKscqSVCCFxhTJgslMPLoKsT/xkDClFJE4kQNUkuElfLXZkhCWcJdArCetWgbBVj3ATgbAUsC0B/jHZwXvr83dtAa2mns62MDwHyV+euXWJzGuO6taYa3JJMu5GdYOE6+bS1sobOZN+IGx/RoZtgNxJGVciB85MLp0rnzY2rxGdbZwZHZDRXVn9Wpzp1a5fVbOlVCcHwsn4e30qWnUyOwVLPmuOkqMKi8SwubRlgo/hyoTNDyFdYoM8H6VWFSZxl2SVRR5MaIB9HMPoEeO5EP6LKF0LhnBJMRMFdBbtAD5cteg1Ahjv3LFjhaAI0nCVv6/MkuLWMQ55CV45R9ScntnPa1ngJXGRuHF3GbGgS3KAEl0UEh9RSVeCN3urE4ibHfFjidsNEi/R1TZxeco5JHix2ClxBjweQ26T7UR08K3UUR7hLxTxGYEIsi6Dgci+6EvQIvwNfyVKuOY5f9Hk1c2BYt4xScR1DqD76ieJoRiQawX/qhhfmWXFlx6iY0r2VcOuf+0ZQZVBXu0Je5/ohTegn/OcbOSmKvB0ukDteIzVxYgjY4SlNxcjynS1HSP6HfFjiTuMku1sj4bg71fbth84nR8c6Qe26fQcp3E/OKC2ZT/Q5an1aBm7ySrIECi36hByJWepFsrrgcM1xJmqBedAtWCofb2Q6JupHzS7oBZ8Vv2gy+swXRTJ05FWbgDoqR+sH7LV7z262o4X3azyWOIN5Y0i/DPnDetr543m84N+aDb5FfOD3UWLI6OFZbUSLQ6obTtayN8WXNjK1IXGDPsKY0Y3Mz26puwbTaxQSOXlfrUtxwxDnplO3AB5S+YG/6eo8HkzUP0KZ6DpduduQ87BLQTFiuACtvBr8i7Ybk9OLXoXsdW/kbH3tXY7Ngq59n7WBjb5lBPWmxifHeFqwpbZ1hhmp9ufzW3S7fa3h/r9fw==</diagram></mxfile>"><defs/><g><rect x="251" y="161.42" width="80" height="40" fill="#00cccc" stroke="none" pointer-events="all"/><rect x="251" y="251.42" width="80" height="40" fill="#00cccc" stroke="none" pointer-events="all"/><rect x="91" y="191" width="80" height="100" fill="#00cccc" stroke="none" pointer-events="all"/><rect x="91" y="11" width="80" height="160" fill="#00cccc" stroke="none" pointer-events="all"/><rect x="11" y="71" width="80" height="40" rx="10" ry="10" fill="#ffffff" stroke="#006666" stroke-width="2" stroke-dasharray="2 2" pointer-events="all"/><g fill="#000000" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="9px"><text x="50.5" y="88.5">ARoT</text><text x="50.5" y="99.5">Partition</text></g><rect x="11" y="11" width="80" height="40" rx="10.4" ry="10.4" fill="#b3b3b3" stroke="#006666" stroke-width="2" stroke-dasharray="2 2" pointer-events="all"/><g fill="#000000" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="10px"><text x="50.5" y="28.5">NS</text><text x="50.5" y="40.5">Agent</text></g><rect x="11" y="191" width="80" height="40" rx="10" ry="10" fill="#ffffff" stroke="#006666" stroke-width="2" stroke-dasharray="2 2" pointer-events="all"/><g fill="#000000" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="9px"><text x="50.5" y="208.5">PRoT</text><text x="50.5" y="219.5">Partition</text></g><rect x="11" y="131" width="80" height="40" fill="#ffffff" stroke="#006666" stroke-width="2" stroke-dasharray="2 2" pointer-events="all"/><g fill="#000000" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="9px"><text x="50.5" y="148.5">ARoT</text><text x="50.5" y="159.5">Partition</text></g><rect x="11" y="251" width="80" height="40" fill="#ffffff" stroke="#006666" stroke-width="2" stroke-dasharray="2 2" pointer-events="all"/><g fill="#000000" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="9px"><text x="50.5" y="268.5">PRoT</text><text x="50.5" y="279.5">Partition</text></g><rect x="251" y="11" width="80" height="105" fill="#00cccc" stroke="none" pointer-events="all"/><rect x="171" y="11" width="80" height="280" fill="#006666" stroke="none" pointer-events="all"/><g fill="#FFFFFF" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="10px"><text x="210.5" y="154.5">SPM</text></g><path d="M 91 30.58 Q 91 30.58 160.9 30.58" fill="none" stroke="#006666" stroke-width="3" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 167.65 30.58 L 158.65 35.08 L 160.9 30.58 L 158.65 26.08 Z" fill="#006666" stroke="#006666" stroke-width="3" stroke-miterlimit="10" pointer-events="all"/><path d="M 91 90.58 Q 91 90.58 160.9 90.58" fill="none" stroke="#006666" stroke-width="3" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 167.65 90.58 L 158.65 95.08 L 160.9 90.58 L 158.65 86.08 Z" fill="#006666" stroke="#006666" stroke-width="3" stroke-miterlimit="10" pointer-events="all"/><g fill="#FFFFFF" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="11px"><text x="131.25" y="57">Cross</text><text x="131.25" y="70">Boundary</text><text x="131.25" y="83">ABI</text></g><path d="M 91 150.58 Q 91 150.58 160.9 150.58" fill="none" stroke="#006666" stroke-width="3" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 167.65 150.58 L 158.65 155.08 L 160.9 150.58 L 158.65 146.08 Z" fill="#006666" stroke="#006666" stroke-width="3" stroke-miterlimit="10" pointer-events="all"/><path d="M 91 210.58 Q 91 210.58 160.9 210.58" fill="none" stroke="#006666" stroke-width="3" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 167.65 210.58 L 158.65 215.08 L 160.9 210.58 L 158.65 206.08 Z" fill="#006666" stroke="#006666" stroke-width="3" stroke-miterlimit="10" pointer-events="all"/><path d="M 91 271 Q 91 271 160.9 271" fill="none" stroke="#006666" stroke-width="3" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 167.65 271 L 158.65 275.5 L 160.9 271 L 158.65 266.5 Z" fill="#006666" stroke="#006666" stroke-width="3" stroke-miterlimit="10" pointer-events="all"/><g fill="#FFFFFF" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="11px"><text x="130.58" y="248.92">Function Call</text><text x="130.58" y="261.92">ABI</text></g><path d="M 251 33.08 Q 251 33.08 320.9 33.08" fill="none" stroke="#006666" stroke-width="3" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 327.65 33.08 L 318.65 37.58 L 320.9 33.08 L 318.65 28.58 Z" fill="#006666" stroke="#006666" stroke-width="3" stroke-miterlimit="10" pointer-events="all"/><path d="M 251 271 Q 251 271 320.9 271" fill="none" stroke="#006666" stroke-width="3" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 327.65 271 L 318.65 275.5 L 320.9 271 L 318.65 266.5 Z" fill="#006666" stroke="#006666" stroke-width="3" stroke-miterlimit="10" pointer-events="all"/><g fill="#000000" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="11px"><text x="290.58" y="248.92">Function Call</text><text x="290.58" y="261.92">ABI</text></g><path d="M 251 181 Q 251 181 320.9 181" fill="none" stroke="#006666" stroke-width="3" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 327.65 181 L 318.65 185.5 L 320.9 181 L 318.65 176.5 Z" fill="#006666" stroke="#006666" stroke-width="3" stroke-miterlimit="10" pointer-events="all"/><g fill="#000000" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="11px"><text x="290.58" y="152.42">Cross</text><text x="290.58" y="165.42">Boundary</text><text x="290.58" y="178.42">ABI</text></g><path d="M 251 95.58 Q 251 95.58 320.9 95.58" fill="none" stroke="#006666" stroke-width="3" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 327.65 95.58 L 318.65 100.08 L 320.9 95.58 L 318.65 91.08 Z" fill="#006666" stroke="#006666" stroke-width="3" stroke-miterlimit="10" pointer-events="all"/><g fill="#FFFFFF" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="11px"><text x="290.58" y="80">Schedule</text></g><rect x="331" y="161.42" width="80" height="40" fill="#ffffff" stroke="#006666" stroke-width="2" stroke-dasharray="2 2" pointer-events="all"/><g fill="#000000" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="9px"><text x="370.5" y="178.92">ARoT</text><text x="370.5" y="189.92">Partition</text></g><rect x="331" y="251.42" width="80" height="40" fill="#ffffff" stroke="#006666" stroke-width="2" stroke-dasharray="2 2" pointer-events="all"/><g fill="#000000" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="9px"><text x="370.5" y="268.92">PRoT</text><text x="370.5" y="279.92">Partition</text></g><rect x="331" y="11" width="80" height="45" rx="11.25" ry="11.25" fill="#ffffff" stroke="#006666" stroke-width="2" stroke-dasharray="2 2" pointer-events="all"/><g fill="#000000" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="9px"><text x="370.5" y="31">ARoT</text><text x="370.5" y="42">Partition</text></g><rect x="331" y="76" width="80" height="40" rx="10" ry="10" fill="#ffffff" stroke="#006666" stroke-width="2" stroke-dasharray="2 2" pointer-events="all"/><g fill="#000000" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="9px"><text x="370.5" y="93.5">PRoT</text><text x="370.5" y="104.5">Partition</text></g></g></svg>
\ No newline at end of file
diff --git a/docs/technical_references/design_docs/media/tfmdev.svg b/docs/technical_references/design_docs/media/tfmdev.svg
new file mode 100644
index 0000000..fc072f3
--- /dev/null
+++ b/docs/technical_references/design_docs/media/tfmdev.svg
@@ -0,0 +1,3 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="482px" height="181px" viewBox="-0.5 -0.5 482 181" content="<mxfile host="app.diagrams.net" modified="2021-06-10T08:17:08.793Z" agent="5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36" etag="bcO4cmytDhasP_7HJr2A" version="14.7.3" type="device"><diagram id="pE8yNmrzc9lT-nbtH71B" name="Page-1">7Vlbc6IwFP41PtoBIoiP9dbL9GLHdtv6lkIK2Q3EjfFCf/0GCMpVra66syPOdMjHyTHnfN9JjrQGOt7iisGxe09tRGqaYi9qoFvTNEPXxN8QCGIA6I0YcBi2Y0hdAUP8hSSoSHSKbTTJGHJKCcfjLGhR30cWz2CQMTrPmn1Skv3WMXRQARhakBTRV2xzN0ZNrbnCrxF23OSbVaMVP/FgYiwjmbjQpvMUBHo10GGU8vjOW3QQCXOX5CWe1694ulwYQz7fZsL925XbsTz9ZUR+X361yItFb+syjBkkUxnwADKOOaa+gCV3Ex4k6WB06tso9KjUQJvAD0QGdBLbg64lloKYeDBDwolI4l3OwMO2HbpqQ4Kd0hmX8sEH5Zx64sEn9flQLkANx5iQDiWURQsC7egj7frQwyQU2jN0qQcFOuGM/kKJvU99JE1TLvrRJXCZC7EStKhMsrqkTkgeUQ9xFgiTRO9NybaUeyMZz1PikZCb1o0hQSj16ixdrygVN5LVbzBsrGVYPTP8TYYbrRMy/ENVPx/v6nedJz14eDUfApN263qB4YfhoPd/ElvBVgmnlQRqpyRwBKzWY/3pHTaeWkH/ZqTMQa+uNgpkIVucQnIoQ7embBbRF6aSMu5Sh/qCJ0rHEvyJOA/kEQqnnArI5R6RjKMF5m/SMrx/D/ELXY66i5RZN0gGvojvLT1IzQqHq2nRKJmXqz8lupacJgcpKLAc2RriWkf1hE6ZJfP0cUuIPrp87hvXffPRmUMNT+synRwyB/E1eZeHX5jrtcJhiECOZ9mOYB8VrFt1qoyHiM2wiFQTezhQw/xdbqjqqOJiAajFfGuVtbahUnP7517lpyu58jOL5WeUlZ92sPIrtjnn8tuu/ErzqW1ZfuBU5bdu1any6xAcxn6giquosHwlHuoUBP9cGYJKAlbb3+DmdG3N0rKc4sz2WUp5tDaxddiI5fgs72GzCjGV8LOxt91LFA11syj0o4qi+Pv0LIoji8LYYqc4rijMLTql9lE6pb+QXfOE+3DpC4PiK4FzN9QubVV2a49AsT2q/j2wRzckpw4oDrfL5RbfyOpN11sXhpH1EocgJ6bfKOZ9mZt9xWEWfEXKXEa1u1jPrfthxdrcspc3DyJWw8gJTGldNHcUa1PZ7GtnsYrh6kV+bL76bwjo/QE=</diagram></mxfile>"><defs/><g><rect x="388" y="8" width="80" height="160" fill="#b3b3b3" stroke="none" pointer-events="all"/><g fill="#FFFFFF" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="12px"><text x="427.5" y="162.5">Partition 2</text></g><rect x="208" y="8" width="80" height="160" fill="#b3b3b3" stroke="none" pointer-events="all"/><g fill="#FFFFFF" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="12px"><text x="247.5" y="162.5">Partition 1</text></g><rect x="8" y="8" width="80" height="160" fill="#b3b3b3" stroke="none" pointer-events="all"/><g fill="#000000" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="12px"><text x="47.5" y="162.5">NSPE</text></g><path d="M 278 78 Q 278 78 307.9 78" fill="none" stroke="#006666" stroke-width="3" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 314.65 78 L 305.65 82.5 L 307.9 78 L 305.65 73.5 Z" fill="#006666" stroke="#006666" stroke-width="3" stroke-miterlimit="10" pointer-events="all"/><rect x="218" y="18" width="60" height="120" fill="#ffffff" stroke="#000000" stroke-width="2" pointer-events="all"/><g fill="#000000" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="10px"><text x="247.5" y="75.5">Service</text><text x="247.5" y="87.5">A</text></g><path d="M 78 78 Q 78 78 117.9 78" fill="none" stroke="#006666" stroke-width="3" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 124.65 78 L 115.65 82.5 L 117.9 78 L 115.65 73.5 Z" fill="#006666" stroke="#006666" stroke-width="3" stroke-miterlimit="10" pointer-events="all"/><rect x="18" y="18" width="60" height="120" fill="#ffffff" stroke="none" pointer-events="all"/><g fill="#000000" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="10px"><text x="47.5" y="81.5">Client</text></g><rect x="128" y="18" width="50" height="120" fill="#808080" stroke="none" pointer-events="all"/><g fill="#FFFFFF" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="12px"><text x="152.5" y="75.5">Client</text><text x="152.5" y="89.5">API</text></g><rect x="318" y="18" width="50" height="120" fill="#808080" stroke="none" pointer-events="all"/><g fill="#FFFFFF" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="12px"><text x="342.5" y="75.5">Client</text><text x="342.5" y="89.5">API</text></g><rect x="398" y="18" width="60" height="120" fill="#ffffff" stroke="#000000" stroke-width="2" pointer-events="all"/><g fill="#000000" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="10px"><text x="427.5" y="75.5">Service</text><text x="427.5" y="87.5">B</text></g><path d="M 178 78 Q 178 78 207.9 78" fill="none" stroke="#006666" stroke-width="3" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 214.65 78 L 205.65 82.5 L 207.9 78 L 205.65 73.5 Z" fill="#006666" stroke="#006666" stroke-width="3" stroke-miterlimit="10" pointer-events="all"/><path d="M 368 78 Q 368 78 387.9 78" fill="none" stroke="#006666" stroke-width="3" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 394.65 78 L 385.65 82.5 L 387.9 78 L 385.65 73.5 Z" fill="#006666" stroke="#006666" stroke-width="3" stroke-miterlimit="10" pointer-events="all"/></g></svg>
\ No newline at end of file
diff --git a/docs/technical_references/design_docs/media/twocalltypes.svg b/docs/technical_references/design_docs/media/twocalltypes.svg
new file mode 100644
index 0000000..b1432b6
--- /dev/null
+++ b/docs/technical_references/design_docs/media/twocalltypes.svg
@@ -0,0 +1,3 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="316px" height="139px" viewBox="-0.5 -0.5 316 139" content="<mxfile host="app.diagrams.net" modified="2021-06-21T13:51:31.836Z" agent="5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36" etag="zDoxWHAhn_gRFZadqpOB" version="14.8.0" type="device"><diagram id="oEx5C9R192mbNw7mWCni" name="Page-1">5Zhdd6IwEIZ/jZfuCVCpXiq17X50S9eetreRRMhpIG4IVvvrN5QgQvzArS26y4WHvIZhmGcmGWhZTji/4nAa3DCEacsEaN6yLlqmaXdM+ZsKi0ywDDsTfE5QJhmFMCKvWIlAqQlBOC5NFIxRQaZl0WNRhD1R0iDn7KU8bcJo+a5T6GNNGHmQ6uojQSLI1K55XujXmPhBfmfD7mX/hDCfrJ4kDiBiLyuSNWxZDmdMZGfh3ME0jV0el+y6yw3/Lh3jOBJ1LnDv/Nfby2dw/QifkxmekdH0qa2szCBN1AMrZ8UijwCOUD8NpBx5FMYx8VrWAME4wKlhQw50T5RZjErBVX5dYRZiwRdywksR0o4KU7ASzVzjmEJBZmUkUJH1l+aWd3AZkZ6YQCVhV5lRKWiegbKFmCXcw+qi1QhW7Fj2DkMCch8LzZA8WXnqQnoDtAes871gRSyS4mDCInEJQ0JTp+9hwEIoVTlP1ZotR7F0XJTGnD0v871QHEYZf7uRBYAtjxOAb4AD0Td2pdEH0+82Q18uxGvxA+A4J4Df3FWztYv/rFn8+b55JNXvOCeBf2fR1sW/M48Oh394m/zkwbenVz72JgSMo2nfbPc0+iP3Rgp996v8HTC00LJB4LnQ4OV5QSitSJASP5JDiifpZTPMBZF9UF/JIUEotTzgLInQ294PNiZYqqqMMox8rDzLx3utJqk3eL41oTaByjvJlYTrrkk4E2zOrRLMLeTC30+PUw+5P3zbe/g+uJslyUXb0sjJpi+O2+M0jpCfNrfSMqBBWoNyIzfjvMKto3PrfSa3M41b/xe7l4orl0siCItOmlypfXsfuWqH1XTFdfbaKbe+1FS2sVphaeSlxqpGs3Zf0+l96a0e280ebptbi67BJmfTnrSr9z3eFKkW5l/nSLWL+uysaOjFt9arz/HiN/er7NoLhnVMC8b/1Be/a5fW+uJew7u0oX97dP+lButw6LQG6+PQyWHxRTqr0eKzvjX8Aw==</diagram></mxfile>"><defs/><g><path d="M 15 38 L 288.63 38" fill="none" stroke="#000000" stroke-miterlimit="10" stroke-dasharray="3 3" pointer-events="stroke"/><path d="M 293.88 38 L 286.88 41.5 L 288.63 38 L 286.88 34.5 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><path d="M 35 38 L 115 38" fill="none" stroke="#006666" stroke-width="6" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 195 38 L 275 38" fill="none" stroke="#0000cc" stroke-width="10" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 115 38 L 195 38" fill="none" stroke="#00cccc" stroke-width="6" stroke-miterlimit="10" pointer-events="stroke"/><rect x="195" y="8" width="80" height="20" fill="none" stroke="none" pointer-events="all"/><g fill="#0000CC" font-family="Tahoma" font-weight="bold" font-size="11px"><text x="196.5" y="22">SPM API Body</text></g><rect x="105" y="48" width="90" height="20" fill="none" stroke="none" pointer-events="all"/><g fill="#00CCCC" font-family="Tahoma" font-weight="bold" font-size="11px"><text x="106.5" y="62">Cross-boundary</text></g><rect x="35" y="8" width="80" height="20" fill="none" stroke="none" pointer-events="all"/><g fill="#006666" font-family="Tahoma" font-weight="bold" font-size="11px"><text x="36.5" y="22">ARoT Partition</text></g><path d="M 15 118 L 288.63 118" fill="none" stroke="#000000" stroke-miterlimit="10" stroke-dasharray="3 3" pointer-events="stroke"/><path d="M 293.88 118 L 286.88 121.5 L 288.63 118 L 286.88 114.5 Z" fill="#000000" stroke="#000000" stroke-miterlimit="10" pointer-events="all"/><path d="M 35 118 L 115 118" fill="none" stroke="#0000cc" stroke-width="6" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 195 118 L 275 118" fill="none" stroke="#0000cc" stroke-width="10" stroke-miterlimit="10" pointer-events="stroke"/><rect x="195" y="88" width="80" height="20" fill="none" stroke="none" pointer-events="all"/><g fill="#0000CC" font-family="Tahoma" font-weight="bold" font-size="11px"><text x="196.5" y="102">SPM API Body</text></g><rect x="35" y="88" width="80" height="20" fill="none" stroke="none" pointer-events="all"/><g fill="#0000CC" font-family="Tahoma" font-weight="bold" font-size="11px"><text x="36.5" y="102">PRoT Partition</text></g></g></svg>
\ No newline at end of file
diff --git a/docs/technical_references/design_docs/media/tzcontext.svg b/docs/technical_references/design_docs/media/tzcontext.svg
new file mode 100644
index 0000000..e4132a3
--- /dev/null
+++ b/docs/technical_references/design_docs/media/tzcontext.svg
@@ -0,0 +1,3 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" width="232px" height="242px" viewBox="-0.5 -0.5 232 242" content="<mxfile host="app.diagrams.net" modified="2021-09-06T06:23:14.559Z" agent="5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36" etag="1QsfdRuMsY_wf8lx7K3Z" version="14.9.8" type="device"><diagram id="pE8yNmrzc9lT-nbtH71B" name="Page-1">vVbbctowEP0aP9LBV+hjMCQ8gEPrTJP2paPYwlYjexkhLu7XV4rXN0wKnbaBGUY62l1pz1mtMGw/O94JskmXEFNuWMP4aNhTw7JGY0v9aqAoAcdySyARLC4hswFC9pMiOER0x2K67RhKAC7ZpgtGkOc0kh2MCAGHrtkaeHfXDUloDwgjwvvoI4tlWqJja9Tgc8qStNrZ9D6WKxmpjDGTbUpiOLQge2bYvgCQ5Sg7+pRr7ipeSr/bN1brgwmay2scvpjm+n4xWPif3CJ4HAfFGKYDVGdP+A4TfvhmWJ5h2UoAe+JDLulRtpCQij2LKKYki4onAbs8pnorbbVWfqilqRKdbKWAl5pACy1uSca4rosHkkJGNMo494GDeA1qzzz9reLhZmcSR2hPhTptC0Ii7ihkVIpCmeCqU5UXVqVXzQ+NxmYlXNrS10WMYFkldeiGeTVA8v9ACLsnRBCq+U2ik3xfsjWNTN2AG86SXK09g5SQvYMKjnOlCqbzv2TwejKEq+UF/jl5pnwFWyYZaL4ixQgVLSIXJwYZi2MdakKQ4Z5Hj/rzmjZi/P7q9LX/B+q53mX1vDPi1Q3xb8TLv3/mwXz2Yt3P52GwDhZLPx6YPaForJo5TkHIFBLICZ816KQrZWOzANggsz+olAVeMLKToKBUZhxd6JHJJz3+4OLsK/rp8fTYMpsWV9/YEmnpORz66lMrpxN78x2oeICdiOilntPXV1BOJNt3458TC11XwHSPquvCOemtjtsNUZ4LvdoP1kkgZ3TapO1uIElEQmUv0Gvt1PmcKyc1bd7d0rz582LPfgE=</diagram></mxfile>"><defs/><g><rect x="11" y="181" width="120" height="50" fill="#e6e6e6" stroke="#000000" stroke-width="2" pointer-events="all"/><g fill="#000000" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="12px"><text x="70.5" y="196.5">TZ</text><text x="70.5" y="210.5">Context</text><text x="70.5" y="224.5">Service</text></g><rect x="11" y="11" width="120" height="140" fill="#e6e6e6" stroke="#000000" stroke-width="2" pointer-events="all"/><g fill="#000000" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="12px"><text x="70.5" y="145.5">NS Agent</text></g><rect x="161" y="11" width="60" height="220" fill="#e6e6e6" stroke="#000000" stroke-width="2" pointer-events="all"/><g fill="#000000" font-family="Tahoma" font-weight="bold" text-anchor="middle" font-size="12px"><text x="190.5" y="225.5">SPM</text></g><path d="M 71 151 L 71 175.76" fill="none" stroke="#00cccc" stroke-width="2" stroke-miterlimit="10" pointer-events="stroke"/><path d="M 71 181.76 L 67 173.76 L 71 175.76 L 75 173.76 Z" fill="#00cccc" stroke="#00cccc" stroke-width="2" stroke-miterlimit="10" pointer-events="all"/></g></svg>
\ No newline at end of file
diff --git a/docs/technical_references/design_docs/secure_partition_manager.rst b/docs/technical_references/design_docs/secure_partition_manager.rst
new file mode 100644
index 0000000..eddec2e
--- /dev/null
+++ b/docs/technical_references/design_docs/secure_partition_manager.rst
@@ -0,0 +1,811 @@
+########################
+Secure Partition Manager
+########################
+This document describes the Secure Partition Manager(`SPM`) implementation
+design in Trusted Firmware-M (`TF-M`).
+
+.. note::
+ - The FF-M in this document refers to the accumulated result of two
+ specifications:
+ `FF-M v1.1 Update <https://developer.arm.com/documentation/aes0039/latest>`_
+ on
+ `FF-M v1.0 <https://developer.arm.com/-/media/Files/pdf/PlatformSecurityArchitecture/Architect/DEN0063-PSA_Firmware_Framework-1.0.0-2.pdf?revision=2d1429fa-4b5b-461a-a60e-4ef3d8f7f4b4&la=en&hash=BE8C59DBC98212591E1F935C2312D497011CD8C7>`_.
+ - The words marked as `interpreted` are defined terms. Find the terms in
+ referenced documents if it is not described in this document.
+
+************
+Introduction
+************
+The service access process of FF-M:
+
+.. figure:: media/tfmdev.*
+ :align: center
+ :name: fig-tfmdev
+ :width: 80%
+
+ FF-M service access process
+
+Secure services (aka `Service`) is the component providing secure
+functionalities in `SPE`, and `Client` is the user of the `Service`. A service
+act as a client when it is accessing its depending services.
+
+Services are grouped into `Secure Partition` (aka `partition`). A partition:
+
+- Contains services with the same purpose.
+- Provides implementation required isolation boundaries.
+- Is a software development unit.
+
+Each service exposes its `Service ID` (`SID`) and `Handle` for client access
+usage. Clients access services by `SID` or `Handle` through FF-M `Client API`.
+Partitions use FF-M `Secure Partition API` when it needs to operate on client
+data or reply to a client.
+
+`SPM` is the centre of an FF-M compliant implementation, which set up and
+maintains a firmware framework that:
+
+- Implements `Client API` and `Secure Partition API`.
+- Manages partition runtime to follow FF-M.
+- Involves necessary implementation-defined items to support the
+ implementation.
+
+SPM interfaces are consist of these two categories:
+
+- FF-M defined API.
+- Extended API to support the implementation.
+
+Both API categories are compliant with FF-M concepts and guidelines. The core
+concept of TF-M SPM surrounds the FF-M defined service management and access
+process. Besides this, another important implementation part is partition
+runtime management.
+
+Partition runtime model
+=======================
+One partition must work under as `ONE` of the runtime models:
+`Inter-process communication` (`IPC`) model or `Secure Function` (`SFN`)
+model.
+
+A partition that runs under the `IPC` model looks like a classic `process`.
+There is `ONE` thread inside the partition keeps waiting for signals. SPM
+converts the service accessing info from the `Client API` call into messages
+and assert a signal to the partition. The partition calls corresponded service
+function indicated by the signal and its bound message, and reply service
+returned result to the client. The advantages of this model:
+
+- It provides better isolation by limiting the interfaces on data interactive.
+ Data are preferred to be processed in a local buffer.
+- It provides a mechanism for handling multiple service access. There is no
+ memory mapping mechanism in the MCU system, hence it is hard to provide
+ multiple function call contexts when serving multiple-threaded clients if
+ the service access is implemented in a function-call based mechanism. This
+ model converts multiple service accesses into messages, let the partition
+ handles the service access in messages one by one.
+
+The `Secure Function` (`SFN`) model partition is close to a `library`. Each
+service is provided as a function entry inside the partition. SPM launches
+the target service function after the service is found. The whole procedure
+(from client to service function) is a function call. This model:
+
+- Saves the workloads spent on `IPC` scheduling.
+
+Meanwhile, it relaxes the data interactive mechanism, for example, allow
+direct memory access (MMIOVEC). And it is hard to enable multiple-threaded
+clients service access because of multiple call context-maintenance
+difficulties.
+
+An implementation contains only `SFN` partitions fits better in the
+resource-constrained devices, it is called an `SFN model implementation`. And
+it is an `IPC model implementation` when `IPC` partitions exist in the system.
+
+.. note::
+ `IPC model implementation` can handle access to the services in the `SFN`
+ partition.
+
+Components and isolation levels
+===============================
+There are `THREE` isolation levels defined in `FF-M`. These levels can
+fulfil different security requirements by defining different isolation
+boundaries.
+
+.. figure:: media/modelisolation.*
+ :align: center
+ :name: fig-modelisolation
+ :width: 80%
+
+ Components and isolation boundaries
+
+.. note::
+ Concept `ARoT`, `PRoT`, `domain`, and boundaries are in the `FF-M`
+ specification.
+
+Not like an `SPE` client that can call `Client API` to access the secure
+services in one step, an `NSPE` client needs to cross the secure boundaries
+first before calling `Client API`. The component `NS Agent` in
+:numref:`fig-modelisolation` represents `NSPE` clients after they crossed
+the secure boundaries. This could help `SPM` handles the request in a
+unified way instead of care about the special boundaries.
+
+.. note::
+ `NS Agent` is a necessary implementation-defined component out of FF-M
+ specification. `NS Agent` has a dedicated stack because secure and
+ non-secure can not share the stack. It also has dedicated execution bodies.
+ For example, RPC-based `NS Agent` has a while loop that keeps waiting for
+ messages; and Trustzone-based `NS Agent` has veneer code to take over `NSPE`
+ secure call. This makes `NS Agent` is a component more like a `process`.
+ Hence in the simplest implementation (`SFN model implementation` mentioned
+ above), `NS Agent` is the only process in the system, the scheduling
+ logic can be extremely simplified since no other process execution needs to
+ be scheduled. But the scheduling interface is still necessary to SPM, this
+ could help SPM treat both `SFN` and `IPC` model implementation in a unified
+ way.
+
+ Check `NS Agent`_ for details.
+
+Implementation principle
+========================
+The principles for TF-M SPM implementation:
+
+.. important::
+ - SPM can treat these components as the client: NS Agent, SFN Partition,
+ and IPC partition.
+ - These components can provide services: SFN Partition, IPC partition, and
+ built-in services. A built-in service is built up with SPM together.
+ - All partition services must be accessed by `Client API`.
+ - Partitions interact with client data by `Secure Partition API`.
+ - Built-in services are strongly recommended to be accessed by `Client API`.
+ Customized interfaces are restricted.
+ - Built-in services can call SPM internal interfaces directly.
+
+******************
+Runtime management
+******************
+The runtime execution runs among the components, there are **4** runtime
+states:
+
+- `Initializing` state, to set up the SPM runtime environment after system
+ powers up
+- `IDLE` state, when SPM runtime environment is set up and partitions are
+ ready for service access.
+- `Serving` state, when partition is under initializing or service access
+ handling.
+- `Background` state, such as the arrival of secure interrupt or unexpected
+ faults. `Background` state returns to the state it preempts. `Background`
+ state can be nested.
+
+The state transition diagram:
+
+.. figure:: media/spestate.*
+ :align: center
+ :name: fig-spestate
+ :width: 70%
+
+ SPE runtime execution states
+
+Initializing
+============
+The goal of TF-M initializing is to perform necessary initialization and
+move to the `Serving`_ state. This state starts with platform-specific power
+on sequence, then `SPM` takes over the execution to perform these operations:
+
+#. A preparation initialization process before SPM runtime initialization.
+#. SPM runtime initialization.
+#. A post initialization happens after the SPM runtime initialization and
+ before the first partition gets launched.
+
+.. note::
+ These procedures and their sub-routines are recommended to be applied with
+ execution measurement mechansim to mitigate the `Hardware Fault Injection`
+ attack.
+
+Preparation initialization
+--------------------------
+The purpose of this preparation initialization is to provide a chance for
+performing those security required but generic platform power-on skipped
+operations, such as:
+
+- Restrict `SPM` execution, for example, set up memory overflow settings for
+ SPM runtime memory, or set code out of SPM as un-executable, even though
+ SPM is a privileged component in general.
+
+.. note::
+ The ``logging``-related peripheral can be set up **AT THIS STEP**, if
+ logging is enabled and it needs peripheral support. There is no standalone
+ initializing HAL API proposed for logging, so here is an ideal place for
+ initializing them.
+
+This procedure is abstracted into one `HAL`, and a few example procedures
+are implemented as its sub-routines for reference:
+
+- Architecture extensions initialization, Check chapter
+ `Architecture security settings`_ for detailed information.
+- Isolation and lifecycle initialization.
+
+The load isolation boundaries need to be set up here, such as SPE/NSPE
+boundary, and ARoT/PRoT boundary if isolation level 2 is applied.
+
+The lifecycle is initiated by a secure bootloader usually. And in this stage
+of SPM initializing, SPM double-checks the lifecycle set up status (following
+a specific lifecycle management guidelines). Note that the hardware debugger
+setting can be part of lifecycle settings.
+
+.. important::
+ Double-check debugger setting when performing a product release.
+
+SPM runtime initialization
+--------------------------
+This procedure initializes necessary runtime operations such as memory
+allocator, loading partitions and partition-specific initialization
+(binding partitions with platform resources).
+
+The general processes:
+
+#. Initialize runtime functionalities, such as memory allocator.
+#. Load partitions by repeating below steps:
+
+ * Find a partition load information.
+ * Allocate runtime objects for this partition.
+ * Link the runtime objects with load information.
+ * Init partition contexts (Thread and call context).
+ * Init partition isolation boundaries (MMIO e.g.).
+ * Init partition interrupts.
+
+After no more partitions to be loaded, the SPM runtime is set up but
+partitions' initialization routines have not run yet - the partition runtime
+context is initialized for the routine call.
+
+The partition initialization routine is a special service that serves SPM
+only, because:
+
+- SPM needs to call the initialization routine, just like it calls into
+ the service routine.
+- The partition initialization routine can access its depending services.
+ Putting initialization routine in the same runtime environment as common
+ service routines can avoid special operations.
+
+Hence a `Partition initialization client` needs to be created to initialize
+the SFN partitions, because:
+
+- `SPM runtime initialization` happen inside a special runtime environment
+ compare to the partition runtime execution, then an environment switching
+ is needed.
+- IPC partitions are initialized by the scheduler and dependencies are
+ handled by signals and messages asynchronously, hence IPC partitions can
+ process the dependencies by their own.
+
+The `Partition initialization client` is created differently based on the
+implementation runtime model:
+
+- A SFN client is created under the SFN model implementation.
+- A IPC client is created under the IPC model implementation. This client
+ thread has the highest priority.
+
+As the other partitions, the client is created with context standby, and it
+is executed after the `Post initialization`_ stage.
+
+Post initialization
+-------------------
+Platform code can change specific partition settings in this procedure before
+partitions start. A few SPM API is callable at this stage, such as set a
+signal into a specific partition, or customized peripheral settings.
+
+Serving
+=======
+Two execution categories work under this state:
+
+- `Partition initialization routine execution`_.
+- `Secure service access`_.
+
+This state indicates the serving is ongoing. It is mainly the service routine
+execution, plus a few SPM executions when SPM API gets called.
+
+.. important::
+ The service access process introduce in this chapter
+ (Such as `Secure service access`_) is abstracted from the FF-M
+ specification. Reference the FF-M specification for the details of each
+ step.
+
+Partition initialization routine execution
+------------------------------------------
+The partition initialization routines get called. One partition may access its
+depending services during initializing, then this procedure is a
+`Secure service access`_.
+
+The initialization routine gets called initially by
+`Partition initialization client`, also can be called by Client API before
+service access, if the target partition is not initialized but a service
+access request is raised by one client.
+
+Secure service access
+---------------------
+The process of service access:
+
+#. A `client` calls an FF-M Client API.
+#. `SPM` validates inputs and looks up for the targeted service.
+#. `SPM` constructs the request to be delivered under a proper runtime
+ mechanism.
+#. The target service gets executed. It can perform internal executions or
+ access depending services to prepare the response. It also can wait for
+ specific signals.
+#. The target service calls FF-M Secure Partition API to request a reply to
+ the client.
+#. SPM delivers the response to the client, and the API called by the client
+ returns.
+
+The mechanism of how SPM interact with the target partition depends on the
+partition runtime model.
+
+- Access to a service in an SFN partition is a function call, which does not
+ switch the current process indicator.
+- Access to a service in an IPC partition leads to scheduling, which switches
+ the current process indicator.
+- When the execution roams between components because of a function call or
+ scheduling, the isolation boundaries NEED to be switched if there are
+ boundaries between components.
+
+.. figure:: media/hybridruntime.*
+ :align: center
+ :name: fig-hybridruntime
+ :width: 60%
+
+No matter what kind of partition a client is trying to access, the SPM API is
+called firstly as it is the interface for service access. There are two ABI
+types when calling SPM API: Cross-boundary or No-cross-boundary.
+
+Calling SPM API
+---------------
+SPM is placed in the PRoT domain. It MAY have isolation boundaries under
+particular isolation levels. For example:
+
+- There are boundaries between ARoT components and SPM under isolated level 2
+ and 3.
+
+Then API SPM provided needs to support the function call (no boundary
+switching) and cross-boundary call. A direct call reaches the API entrance
+directly, while a cross-boundary call needs a mechanism (Supervisor call e.g.)
+to cross the boundary first before reaching the API entrance.
+
+.. figure:: media/twocalltypes.*
+ :align: center
+ :name: fig-twocalltypes
+ :width: 60%
+
+ SPM call types
+
+SPM internal execution flow
+---------------------------
+SPM internal execution flow as shown in diagram:
+
+.. figure:: media/abi_scheduler.*
+ :align: center
+ :name: fig-abi_scheduler
+ :width: 60%
+
+ SPM API runtime
+
+The process:
+
+- PSA API gets called by one of the ABI mentioned in the last chapter as
+ `ABI 1` in the diagram.
+- The unified API Handler calls FF-M and backend subroutines in sequence.
+- The `FF-M` subroutine performs `FF-M` defined operations.
+- The backend operations perform target partition runtime model decided
+ operations. For example, enqueue message into the target partition under
+ the IPC runtime model, or prepare to call context with the message as the
+ parameters under the SFN runtime model.
+- API Handler triggers different ABI based on the result of the backends.
+
+The API handler:
+
+- Can process the `PROGRAMMER_ERROR` in a unified place.
+- Can see the prepared caller and callee context, with exited SPM context. It
+ is an ideal place for subsequent operations such as context switching.
+
+A example code:
+
+.. code-block:: c
+
+ void abi(void *p)
+ {
+ status = spm_api(p);
+ /*
+ * Now both the caller and calle context are
+ * managed by spm_api.
+ */
+ if (status == ACTION1) {
+ /*
+ * Check if extra operations are required
+ * instead of a direct return.
+ */
+ exit_action1();
+ }
+ }
+
+The explanation about `Scheduler Lock`:
+
+Some FF-M API runs as a generic thread to prevent long time exclusive
+execution. When a preemption happens, a new partition thread can call SPM API
+again, makes SPM API nested. It needs extra memory in SPM to be allocated to
+store the preempted context. Lock the scheduler while SPM API is executing can
+ensure SPM API complete execution after preemption is handled. There can be
+multiple ways to lock the scheduler:
+
+- Set a scheduler lock.
+- Set SPM API thread priority as the highest.
+
+Backend service messaging
+-------------------------
+A message to service is created after the target service is found and the
+target partition runtime model is known. The preparation before ABI triggers
+the final accessing:
+
+- The message is pushed into partition memory under a specific ABI mechanism
+ if the target partition model is `SFN` and there are boundaries between SPM
+ and the target partition. After this, requests a specific call type to the
+ SPM ABI module.
+- The target service routine is get called with the message parameter if
+ there are no boundaries between SPM and the target partition and the
+ partition runtime is `SFN`.
+- The message is queued into the partition message list if the target
+ partition runtime model is `IPC`.
+- IPC partition replies to the client by `psa_reply`, which is another SPM API
+ call procedure.
+- SFN partition return triggers an implied `psa_reply`, which is also another
+ SPM API call procedure.
+
+.. note::
+ The backends also handle the isolation boundary switching.
+
+Sessions and contexts
+---------------------
+FF-M API allows multiple sessions for a service if the service is classic
+connection-based. The service can maintain multiple local session data and use
+`rhande` in the message body to identify which client this session is bound
+with.
+
+But this does not mean when an ongoing service accessing is preempted,
+another service access request can get a chance for new access. This is
+because of the limited context storage - supporting multiple contexts in a
+common service costs much memory, and runtime operations(allocation and
+re-location). Limited the context content in the stack only can mitigate the
+effort, but this requirement requires too much for the service development.
+
+The implementation-decisions are:
+
+- IPC partitions handles messages one by one, the client get blocked before
+ the service replying to the client.
+- The client is blocked when accessing services are handling a service
+ request in an SFN partition.
+
+ABI type summary
+----------------
+The interface type is decided by the runtime model of the target component.
+Hence PSA API has two types of ABI: `Cross-boundary ABI` and
+`Function call ABI`. After SPM operations, one more component runtime type
+shows up: The IPC partition, hence `schedule` is the mechanism when accessing
+services inside an IPC partition.
+
+.. figure:: media/spmabitypes.*
+ :align: center
+ :name: fig-spmabi
+ :width: 60%
+
+ ABI types
+
+.. note::
+ The API that does not switch context returns directly, which is not
+ covered in the above diagram.
+
+IDLE state
+==========
+The `IDLE state` can be represented by the `NS Agent` action:
+
+- Launching NSPE software (Trustzone case, e.g.), or send a signal to NSPE
+ software (RPC case, e.g.).
+
+It is because `NS Agent` is the last component being initialized in the
+system. Its execution indicates other partitions' initialization has
+accomplished.
+
+Background state
+================
+Background execution can happen at any time when the arrival of interrupts or
+execution faults. An ongoing background execution indicates the state is a
+`Background state`. The characteristics:
+
+- The background state has a higher execution priority than other states -
+ other states stall when the background state is executing.
+- Background execution can be nested. For example, an
+ interrupt handler can preempt an ongoing interrupt execution.
+- Particular partition code can be involved in the background state, for
+ example, the `First Level Interrupt Handler (FLIH)` of one partition.
+- Background state MUST return to the state it preempts.
+
+.. note::
+ Interrupt handling is a common background state example. Check Interrupt
+ design document for details.
+
+******************************
+Practical implementation items
+******************************
+This chapter describes the practical implementation contents.
+
+.. important::
+ Arm M-profile architecture is the default hardware architecture when
+ describing architecture-specific items.
+
+The general M-profile programming is not involved in this document. The
+following chapters introduce the mandatory settings for security
+requirements.
+
+Architecture security settings
+==============================
+When an `Armv8m Security Extension` (Aka `Trustzone-M`) is available in the
+system, these settings are required to be set:
+
+- The MSPLIM needs to be set correctly to prevent stack overflow.
+- The exception handler priority needs to be decided.
+- Boost the secure handler mode priority to prevent NSPE from preempting SPE
+ handler mode execution(`AIRCR.PRIS`).
+- Disable NSPE hardware faults when a secure fault is happening. Trap in the
+ secure fault with the highest priority can be a valid option.
+- Push seals on the stack top when a stack is allocated (`TFMV-1`). Also
+ check `Stack seal`_ chapter for details.
+
+Besides `Armv8m Security Extension`, these settings need to care when
+`Floatpoint Extension` is enabled for partition usage:
+
+- `FPCCR.TS`, `FPCCR.CLRONRET` and `FPCCR.CLRONRETS` need to be set when
+ booting.
+- `CPACR.CP10` and `CPACR.CP11` need to be set when booting.
+
+.. important::
+ Floatpoint usage is prohibited in SPM and background execution.
+
+Stack seal
+----------
+When Trustzone-M is applied, the architecture specification recommends sealing
+the secure stack by:
+
+- Push two `SEAL` values (`0xFEF5EDA5`) at the stack bottom, when a stack is
+ allocated.
+- Push two `SEAL` values on the stack pointer which is going to be switched
+ out.
+
+Check architecture specification and vulnerability `TFMV-1` for details.
+
+Trustzone-M reentrant
+---------------------
+The Trustzone-M has characteristics that:
+
+- SPE keeps the last assigned stack pointer value when execution leaves SPE.
+- SPE execution can be preempted by NSPE which causes an execution left.
+
+It is possible that NSPE preemption caused a second thread calls into SPE and
+re-uses the secure stack contains the first thread's context, which obviously
+causes information leakage and runtime state inconsistent.
+
+Armv8.1-M provides the hardware setting `CCR_S.TRD` to prevent the reentrant.
+On an Armv8.0-M architecture, extra software logic needs to be added at the
+veneer entry:
+
+- Check if the local stack points to a `SEAL` when veneer code get executed.
+
+.. code-block:: c
+
+ /* This is a theoretical code that is not in a real project. */
+ veneer() {
+ content = get_sp_value();
+ if (context != SEAL) /* Error if reentrant detected */
+ error();
+ }
+
+SPM Runtime ABI
+===============
+This chapter describes the runtime implementation of SPM.
+
+Scheduling
+----------
+The scheduling logic is put inside the PendSV mode. PendSV mode's priority
+is set as one level higher than the default thread mode priority. If
+`Trustzone-M` is present, the priority is set as the lowest just above NS
+exception priority to prevent a preemption in secure exceptions.
+
+PendSV is an ideal place for scheduling logic, because:
+
+- An interrupt triggered scheduling during PendSV execution lead to another
+ PendSV execution before exception return to the thread mode, which can find
+ the latest run-able thread.
+
+Function call ABI
+-----------------
+In the diagram :numref:`fig-abi_scheduler`, the ABI can have two basic
+types: cross-boundary and direct call (No-cross-boundary).
+
+When applying `SVCall` (`SVC`) as the cross-boundary mechanism, the
+implementation can be straight like:
+
+- The SVC handler calls SPM internal routines, and eventually back to the
+ handler before an exit.
+
+Under the IPC model implementation, to re-use `ABI 2` in `No-cross-boundary`,
+a software ABI needs to be provided.
+
+While under the SFN model plus isolation level 1, both `ABI 1` and `ABI 2` can
+be a direct function call.
+
+NS Agent
+========
+The `NS Agent`(`NSA`) forwards NSPE service access request to SPM. It is a
+special `partition` that:
+
+- It does not provide FF-M aligned secure services.
+- It runs with the second-lowest priority under `IPC model implementation`
+ (The IDLE thread has the lowest priority).
+- It has isolation boundaries and an individual stacks.
+- It requires specific services and mechanisms compared to common partitions.
+
+There are two known types for NS Agent:
+
+- Trustzone-M based.
+- Remote Procedure Call (RPC) based.
+
+This process is put inside the ARoT domain, to prevent assign unnecessary
+PRoT permissions to the NSPE request parsing logic.
+
+Trustzone-M specific
+--------------------
+The functionalities of a Truszone-M specific NSA is:
+
+- Launch NSPE when booting.
+- Wait in the veneer code, and get executed when NSPE accesses services.
+
+As there may be multiple NSPE threads calling into SPE, and SPM wants to
+identify them, special mechanisms can be proposed to provide the identification.
+Check specific NS ID client ID or context related documents for details.
+
+.. figure:: media/tzcontext.*
+ :align: center
+ :name: fig-tzcontext
+ :width: 40%
+
+ TZ NSA and specific service
+
+RPC specific
+------------
+Compare to Trustzone-M NSA, RPC NSA looks closer to a generic partition:
+
+- It has a message loop, keep waiting for RPC events.
+- It converts received RPC events into FF-M API call to target services.
+
+And compared to generic partitions, the differences are:
+
+- It parses RPC messages to know which NSPE thread is accessing services.
+ Hence it needs special interfaces to help SPM to identify the NSPE clients.
+- It needs to check NSPE client memory and map to local before calling SPM API.
+- It cannot be blocked during API calls, which affects handling the RPC
+ requests.
+
+Partition
+=========
+A partition is a set of services in the same scope. Services are generally
+implemented as functions, and the partition exposes the services in different
+ways bases on the partition model: `IPC` or `SFN`.
+
+A partition build generates these outputs:
+
+- A partition load information, used by SPM.
+- A partition program containing service interface and logic, typically a
+ library.
+- An optional service API set for easier client usage, by encapsulating
+ the low-level `FF-M` Client API. These API needs to be integrated
+ into client space.
+
+Partition loading
+-----------------
+SPM needs to set up runtime objects to manage partitions by parsing the load
+information of partitions. In general, the partition load information is
+stored in a const memory are can be random read directly, hence SPM can direct
+link runtime objects to the load information without a copy operation. This
+is called a `Static Load` mechanism.
+
+Each partition has different numbers of dependencies and services, this makes
+the load information size of each partition is different, it would be hard
+to put such variable size elements in an array. The solution here is putting
+these elements in a dedicated section, for SPM enumerating while loading.
+Each partition can define variable size load information type bases on the
+common load info type.
+
+The common load information:
+
+.. code-block:: c
+
+ struct partition_load_info_t {
+ uint32_t psa_ff_ver; /* Encode the version with magic */
+ int32_t pid; /* Partition ID */
+ uint32_t flags; /* ARoT/PRoT, SFN/IPC, priority */
+ uintptr_t entry; /* Entry point */
+ size_t stack_size; /* Stack size */
+ size_t heap_size; /* Heap size */
+ uint32_t ndeps; /* Dependency number */
+ uint32_t nservices; /* Service number */
+ uint32_t nassets; /* Asset numbers */
+ uint32_t nirqs; /* Number of IRQ owned by Partition */
+ };
+
+ And the example for a specific partition load info:
+ struct partition_example_load_info_t {
+ struct partition_load_info_t ldi; /* Common info info */
+ uint32_t deps[10]; /* Dependencies */
+ /* ... other infos ... */
+ };
+
+Peripheral binding
+------------------
+A partition can declare multiple peripherals (Interrupts are part of
+peripherals). The peripherals binding process:
+
+- The tooling references symbols in a fixed pattern in the partition load
+ information.
+- The HAL implementation needs to provide the symbols being referenced.
+- SPM calls HAL API to bind the partition info with devices When the partition
+ gets loading.
+- The platform HAL acknowledges the binding if validation pass on SPM given
+ load information.
+
+***************************
+Integration and development
+***************************
+These modules are expected to be object/library level modularised, each
+module should be generated into object/library at build time:
+
+.. list-table:: Object level modularization
+ :header-rows: 1
+ :widths: 40 60
+
+ * - Name
+ - Description
+ * - SPM
+ - All SPM related modules such as SPM, system, and so on.
+ * - Platform
+ - Platform sources are switchable.
+ * - Services and Secure Partition
+ - These items should be standalone.
+ * - Service Runtime Library
+ - This is a shared runtime library.
+
+HAL
+===
+The HAL here mainly refers to the SPM HAL. The SPM HAL implementation is
+running with the same privilege level and hardware mode with SPM. The
+implementation is object level modularized with SPM.
+
+Check the `HAL` design document for details.
+
+Configurations
+==============
+The same TF-M code base is flexible to address different implementation
+requirements, from the simplest device with isolation level 1 to the most
+complicated device with isolation level 3 and optional isolation rules.
+
+These configurations are set by switches, during the build time, as runtime
+support costs extra resources. The common configurations are named `profile`.
+There are several profiles defined.
+
+*******
+History
+*******
+
+.. list-table:: Revision
+ :header-rows: 1
+ :widths: 20 80
+
+ * - Date
+ - Description
+ * - 2021 Apr-Sep
+ - Updated to cover the implementation for `FF-M v1.1` features.
+ * - 2018
+ - Created as 'TF-M Inter-Process Communication' which is deprecated as
+ this document covers whole SPM content.
+
+--------------
+
+*Copyright (c) 2021, Arm Limited. All rights reserved.*
