Docs: A bunch of small fixes
- remove "Migration from legacy buildsystem" as obsolete
- update the list of topics in Contribution guide
- update broken links in the Glossary
- add a link to TF-M forum in introduction
- update "Code Sharing" guide
- change warning of usage the default keys
- update mbedTLS repository URL
Signed-off-by: Anton Komlev <anton.komlev@arm.com>
Change-Id: I8a2fa1802fddfa0a098f3999c0fffb5d0d003d06
diff --git a/docs/building/tfm_build_instruction.rst b/docs/building/tfm_build_instruction.rst
index 62521ff..65b60ab 100644
--- a/docs/building/tfm_build_instruction.rst
+++ b/docs/building/tfm_build_instruction.rst
@@ -275,62 +275,6 @@
Note that these map directly to the ``SUITE`` cmake variable used in the
psa-arch-tests documentation.
-.. _Migration from legacy buildsystem:
-
-Migration from legacy buildsystem
----------------------------------
-
-The previous (legacy) cmake buildsystem made use of separate configuration
-files, where now build options are controlled by variables. For ease of
-transition, a table below is provided that maps the legacy files to the current
-variables, in the format of cmake command line parameters.
-
-+------------------------------------------+---------------------------------------+
-| File | Cmake command line |
-+==========================================+=======================================+
-| ConfigDefault.cmake | -DTFM_LIB_MODEL=ON |
-+------------------------------------------+---------------------------------------+
-| ConfigCoreIPC.cmake | <no options> |
-+------------------------------------------+---------------------------------------+
-| ConfigCoreIPCTfmLevel2.cmake | -DTFM_ISOLATION_LEVEL=2 |
-+------------------------------------------+---------------------------------------+
-| ConfigDefaultProfileS.cmake | -DTFM_PROFILE=profile_small |
-+------------------------------------------+---------------------------------------+
-| ConfigDefaultProfileM.cmake | -DTFM_PROFILE=profile_medium |
-+------------------------------------------+---------------------------------------+
-| ConfigRegression.cmake | -DTEST_NS=ON -DTEST_S=ON |
-+------------------------------------------+---------------------------------------+
-| ConfigRegressionIPC.cmake | -DTEST_NS=ON -DTEST_S=ON |
-+------------------------------------------+---------------------------------------+
-| ConfigRegressionIPCTfmLevel2.cmake | -DTEST_NS=ON -DTEST_S=ON |
-| | -DTFM_ISOLATION_LEVEL=2 |
-+------------------------------------------+---------------------------------------+
-| ConfigRegressionProfileS.cmake | -DTFM_PROFILE=profile_small |
-| | -DTEST_NS=ON -DTEST_S=ON |
-+------------------------------------------+---------------------------------------+
-| ConfigRegressionProfileM.cmake | -DTFM_PROFILE=profile_medium |
-| | -DTEST_NS=ON -DTEST_S=ON |
-+------------------------------------------+---------------------------------------+
-| ConfigPsaApiTest.cmake | -DTEST_PSA_API=<test_suite> |
-+------------------------------------------+---------------------------------------+
-| ConfigPsaApiTestIPC.cmake | -DTEST_PSA_API=<test_suite> |
-+------------------------------------------+---------------------------------------+
-| ConfigPsaApiTestIPCTfmLevel2.cmake | -DTEST_PSA_API=<test_suite> |
-| | -DTFM_ISOLATION_LEVEL=2 |
-+------------------------------------------+---------------------------------------+
-| ConfigDefaultProfileM.cmake | -DTFM_PROFILE=profile_medium |
-| + profile_m_config_ext_ps_disabled.cmake | -DTFM_PARTITION_PROTECTED_STORAGE=OFF |
-+------------------------------------------+---------------------------------------+
-
-There has also been some changes to the PSA manifest file generation. The files
-are now generated into a separate tree in the ``<tfm build dir>/generated``
-directory. Therefore they have been removed from the source tree. Any changes
-should be made only to the template files.
-
-The API for the ``tools/tfm_parse_manifest_list.py`` script has also changed
-slightly. It is no longer required to be run manually as it is run as part of
-cmake.
-
*******************
TF-M build examples
*******************
diff --git a/docs/contributing/code_review_guide.rst b/docs/contributing/code_review_guide.rst
index 72df4b3..fa36cf7 100644
--- a/docs/contributing/code_review_guide.rst
+++ b/docs/contributing/code_review_guide.rst
@@ -210,7 +210,7 @@
============== ====================================================
Topic Justification
============== ====================================================
-Boot bl2/*
+Boot `bl2/*` or `bl1/*`
Build For build system related purpose.
Docs All \*.rst changes.
Dualcpu Dual-cpu related changes.
@@ -222,8 +222,9 @@
Partition Name Specific partition related changes.
Service Multiple service related changes.
Service Name Specific service related changes.
-SPM secure_fw/spm/*
-SPRTL secure-fw/partitions/lib/runtime/*
+SPM `secure_fw/spm/*`
+SPRTL `secure-fw/partitions/lib/runtime/*`
+Tool `tools` folder or `tf-m-tools` repo
============== ====================================================
.. note::
@@ -234,4 +235,4 @@
--------------
-*Copyright (c) 2020-2021, Arm Limited. All rights reserved.*
+*Copyright (c) 2020-2022, Arm Limited. All rights reserved.*
diff --git a/docs/glossary.rst b/docs/glossary.rst
index 83e283d..f80c614 100644
--- a/docs/glossary.rst
+++ b/docs/glossary.rst
@@ -90,9 +90,8 @@
for ARMv8-M.
TBSA-M
- Trusted Base System Architecture for Armv6-M, Armv7-M and Armv8-M.
- TBSA term. See `Trusted Base System Architecture for Armv6-M, Armv7-M
- and Armv8-M`_
+ Trusted Base System Architecture for M.
+ TBSA term. See `Trusted Base System Architecture for M`_
MPC
Memory Protection Controller:
@@ -127,16 +126,18 @@
.. rubric:: Reference
-| `PSA Firmware_Framework for M`_
+| `Firmware Framework for M (FF-M)`_
-.. _PSA Firmware_Framework for M: https://pages.arm.com/psa-resources-ff.html
+.. _Firmware Framework for M (FF-M):
+ https://www.arm.com/architecture/security-features/platform-security
-.. _PSA term: `PSA Firmware_Framework for M`_
+.. _PSA term: `Firmware Framework for M (FF-M)`_
-| `Trusted Base System Architecture for Armv6-M, Armv7-M and Armv8-M`_
+| `Trusted Base System Architecture for M`_
-.. _Trusted Base System Architecture for Armv6-M, Armv7-M and Armv8-M: https://pages.arm.com/psa-resources-tbsa-m.html
+.. _Trusted Base System Architecture for M:
+ https://www.arm.com/architecture/security-features/platform-security
--------------
-*Copyright (c) 2017-2020, Arm Limited. All rights reserved.*
+*Copyright (c) 2017-2022, Arm Limited. All rights reserved.*
diff --git a/docs/introduction/readme.rst b/docs/introduction/readme.rst
index efffcf9..3bdda6f 100644
--- a/docs/introduction/readme.rst
+++ b/docs/introduction/readme.rst
@@ -79,6 +79,9 @@
For this release, feedback is requested via email to
`tf-m@lists.trustedfirmware.org <tf-m@lists.trustedfirmware.org>`__.
+A bi-weekly technical forum is available for discussion on any technical topics
+online. Welcome to join `TF-M Forum <https://www.trustedfirmware.org/meetings/tf-m-technical-forum>`__.
+
.. _Cortex-M33: https://developer.arm.com/Processors/Cortex-M33
.. _Cortex-M23: https://developer.arm.com/Processors/Cortex-M23
.. _Cortex-M55: https://developer.arm.com/Processors/Cortex-M55
@@ -88,4 +91,4 @@
--------------
-*Copyright (c) 2017-2021, Arm Limited. All rights reserved.*
+*Copyright (c) 2017-2022, Arm Limited. All rights reserved.*
diff --git a/docs/technical_references/design_docs/code_sharing.rst b/docs/technical_references/design_docs/code_sharing.rst
index 2312861..5f11bb5 100644
--- a/docs/technical_references/design_docs/code_sharing.rst
+++ b/docs/technical_references/design_docs/code_sharing.rst
@@ -183,7 +183,7 @@
is a requirement to share them among binaries. Therefore, a short patch was
created for the mbed-crypto library, which "globalises" these function pointers:
-`lib/ext/mbedcrypto/0005-Enable-crypto-code-sharing-between-independent-binar.patch`
+`lib/ext/mbedcrypto/0002-Enable-crypto-code-sharing-between-independent-binar.patch`
The patch need to manually applied in the mbedtls repo, if code sharing is
enabled. The patch has no effect on the functional behaviour of the
@@ -202,7 +202,7 @@
to not need to list all the shared symbols by name. Only a simple pattern
has to be provided, which matches the beginning of the symbol's name.
Matching symbols will be shared. Examples are in :
- `bl2/src/shared_symbol_template.txt`
+ `bl2/shared_symbol_template.txt`
- Provision of the addresses of shared symbols to the linker during the SPE
build process.
- The resolution of symbol collisions during SPE linking. Because mbed-crypto
@@ -218,9 +218,9 @@
By the following two functions:
- - `compiler_create_shared_code()`: Extract and filter shared symbol addresses
+ - `target_share_symbols()`: Extract and filter shared symbol addresses
from MCUboot.
- - `compiler_link_shared_code()`: Link shared code to the SPE and resolve symbol
+ - `target_link_shared_code()`: Link shared code to the SPE and resolve symbol
conflict issues.
ARMCLANG
@@ -263,11 +263,11 @@
+------------------+----------+--------+----------+--------+----------+--------+
| | ARMCLANG | GNUARM | ARMCLANG | GNUARM | ARMCLANG | GNUARM |
+------------------+----------+--------+----------+--------+----------+--------+
-| CODE_SHARING=OFF | 122268 | 124572 | 75936 | 75996 | 50336 | 50224 |
+| CODE_SHARING=OFF | 122268 | 124572 | 75936 | 75996 | 50336 | 50224 |
+------------------+----------+--------+----------+--------+----------+--------+
-| CODE_SHARING=ON | 113264 | 115500 | 70400 | 70336 | 48840 | 48988 |
+| CODE_SHARING=ON | 113264 | 115500 | 70400 | 70336 | 48840 | 48988 |
+------------------+----------+--------+----------+--------+----------+--------+
-| Difference | 9004 | 9072 | 5536 | 5660 | 1496 | 1236 |
+| Difference | 9004 | 9072 | 5536 | 5660 | 1496 | 1236 |
+------------------+----------+--------+----------+--------+----------+--------+
If MCUboot image encryption support is enabled then saving could be up to
@@ -364,4 +364,4 @@
--------------
-*Copyright (c) 2020, Arm Limited. All rights reserved.*
\ No newline at end of file
+*Copyright (c) 2020-2022, Arm Limited. All rights reserved.*
\ No newline at end of file
diff --git a/docs/technical_references/design_docs/ff_isolation.rst b/docs/technical_references/design_docs/ff_isolation.rst
index cdc98d1..e1bbaca 100644
--- a/docs/technical_references/design_docs/ff_isolation.rst
+++ b/docs/technical_references/design_docs/ff_isolation.rst
@@ -47,7 +47,7 @@
Services within one or more PSA RoT Secure Partitions. But if the PSA RoT
Services needs to be accessed by NSPE or Application RoT of Trust Services
must be implemented in a Secure Partitions (Please refer to chapter 2.4 -
- "RoT Services" of `PSA Firmware_Framework for M`_).
+ "RoT Services" of `Firmware Framework for M (FF-M)`_).
The implementation in this design treats the PSA RoT Secure Partition in the
PSA RoT domain to follow `L3.3` above and relax `L3.2` for PSA RoT Secure
Partition under isolation level 3.
@@ -62,11 +62,11 @@
.. note::
In general, assets include not only ROM/RAM and peripherals. For the detail
information about the memory assets and peripheral, please
- refer to `PSA Firmware_Framework for M`_.
+ refer to `Firmware Framework for M (FF-M)`_.
Memory Asset Class
------------------
-There are 3 memory asset classes defined in `PSA Firmware_Framework for M`_:
+There are 3 memory asset classes defined in `Firmware Framework for M (FF-M)`_:
- Code
- Constant data
@@ -388,16 +388,16 @@
Appendix
========
-| `PSA Firmware_Framework for M`_
+| `Firmware Framework for M (FF-M)`_
-.. _PSA Firmware_Framework for M:
+.. _Firmware Framework for M (FF-M):
https://www.arm.com/architecture/security-features/platform-security
-| `Trusted Base System Architecture for Armv6-M, Armv7-M and Armv8-M`_
+| `Trusted Base System Architecture for M (TBSA-M)`_
-.. _Trusted Base System Architecture for Armv6-M, Armv7-M and Armv8-M:
- https://www.arm.com/architecture/security-features/platform-security
+.. _Trusted Base System Architecture for M (TBSA-M):
+ https://www.arm.com/architecture/security-features/platform-security
--------------
-*Copyright (c) 2020-2021, Arm Limited. All rights reserved.*
+*Copyright (c) 2020-2022, Arm Limited. All rights reserved.*
diff --git a/docs/technical_references/design_docs/profiles/tfm_profile_small.rst b/docs/technical_references/design_docs/profiles/tfm_profile_small.rst
index fef3dcc..ff6d3df 100644
--- a/docs/technical_references/design_docs/profiles/tfm_profile_small.rst
+++ b/docs/technical_references/design_docs/profiles/tfm_profile_small.rst
@@ -699,7 +699,7 @@
.. [4] `Platform Security Model 1.1 <https://developer.arm.com/documentation/den0128/latest>`_
-.. [5] `PSA analyze stage <https://developer.arm.com/architectures/security-architectures/platform-security-architecture#analyze>`_
+.. [5] `PSA analyze stage <https://www.arm.com/architecture/security-features#analyze>`_
.. [6] `AES-CCM Cipher Suites for Transport Layer Security (TLS) <https://tools.ietf.org/html/rfc6655>`_
diff --git a/docs/technical_references/design_docs/tfm_crypto_design.rst b/docs/technical_references/design_docs/tfm_crypto_design.rst
index 1acecf7..a532c76 100644
--- a/docs/technical_references/design_docs/tfm_crypto_design.rst
+++ b/docs/technical_references/design_docs/tfm_crypto_design.rst
@@ -189,7 +189,7 @@
References
----------
-.. [1] ``mbed-crypto`` repository which holds the PSA Crypto API specification and the Mbed Crypto reference implementation: \ https://github.com/ARMmbed/mbed-crypto
+.. [1] ``mbed-crypto`` repository which holds the PSA Crypto API specification and the Mbed Crypto reference implementation: \ https://github.com/Mbed-TLS
--------------
diff --git a/docs/technical_references/design_docs/tfm_secure_boot.rst b/docs/technical_references/design_docs/tfm_secure_boot.rst
index 9b7c1e2..0535b23 100644
--- a/docs/technical_references/design_docs/tfm_secure_boot.rst
+++ b/docs/technical_references/design_docs/tfm_secure_boot.rst
@@ -48,8 +48,9 @@
A default RSA key pair is stored in the repository, public key is in ``keys.c``
and private key is in ``root-RSA-3072.pem``.
-.. Warning::
- DO NOT use them in production code, they are exclusively for testing!
+.. Danger::
+ DO NOT use the default keys in a production code, they are exclusively
+ for testing!
The private key must be stored in a safe place outside of the repository.
``imgtool.py`` (found in the ``scripts`` directory in the MCUBoot repository,
@@ -416,7 +417,7 @@
``SWAP_USING_SCRATCH`` or ``SWAP_USING_MOVE``, an image is needed in
the primary image area as well, to trigger the update.
- .. Warning::
+ .. Danger::
DO NOT use the ``enc-rsa2048-pub.pem`` key in production code, it is
exclusively for testing!