Docs: Move debug authentication documentation
The documentation for the debug authentication configuration was
originally placed to the integration guide of the platform service,
to which it is completely unrelated. Move the text to the documentation
of the platform folder.
Change-Id: I58f5c121052f0aba2c014b00d983faff739ce2fe
Signed-off-by: Mate Toth-Pal <mate.toth-pal@arm.com>
diff --git a/platform/readme.rst b/platform/readme.rst
index 87729ca..f9d48a5 100644
--- a/platform/readme.rst
+++ b/platform/readme.rst
@@ -48,6 +48,32 @@
has to provide for TF-M's Platform Service. For details see
``docs/user_guides/services/tfm_platform_integration_guide.rst``
+*****************************
+Debug authentication settings
+*****************************
+
+A platform may provide the option to configure debug authentication. TF-M core
+calls the HAL function ``enum tfm_plat_err_t tfm_spm_hal_init_debug(void)``
+which configures debug authentication based on the following defines:
+
+ - `DAUTH_NONE`: Debugging the system is not enabled.
+ - `DAUTH_NS_ONLY`: Invasive and non invasive debugging of non-secure code is
+ enabled.
+ - `DAUTH_FULL`: Invasive and non-invasive debugging of non-secure and secure
+ code is enabled.
+ - `DAUTH_CHIP_DEFAULT`: The debug authentication options are used that are set
+ by the chip vendor.
+
+The desired debug authentication configuration can be selected by setting one of
+the options above to the cmake command with the
+`-DDEBUG_AUTHENTICATION="<define>"` option. The default value of
+`DEBUG_AUTHENTICATION` is `DAUTH_CHIP_DEFAULT`.
+
+.. Note::
+ ``enum tfm_plat_err_t tfm_spm_hal_init_debug(void)`` is called during the
+ TF-M core initialisation phase, before initialising secure partition. This
+ means that BL2 runs with the chip default setting.
+
***********
Sub-folders
***********
@@ -67,4 +93,4 @@
--------------
-*Copyright (c) 2017-2019, Arm Limited. All rights reserved.*
+*Copyright (c) 2017-2020, Arm Limited. All rights reserved.*