diff mbox series

arm/trusted-services: include documentation

Message ID 20221013154740.3368442-1-Anton.Antonov@arm.com
State New
Headers show
Series arm/trusted-services: include documentation | expand

Commit Message

Anton Antonov Oct. 13, 2022, 3:47 p.m. UTC 
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
---
 documentation/trusted-services.md | 53 +++++++++++++++++++++++++++++++
 1 file changed, 53 insertions(+)
 create mode 100644 documentation/trusted-services.md

Comments

Jon Mason Oct. 13, 2022, 7:23 p.m. UTC | #1 
On Thu, 13 Oct 2022 16:47:40 +0100, Anton Antonov wrote:
> 


Applied, thanks!

[1/1] arm/trusted-services: include documentation
      commit: 90f9e1241b8332fb79b0fe77d1f3e407be9b8576

Best regards,
diff mbox series

Patch

diff --git a/documentation/trusted-services.md b/documentation/trusted-services.md
new file mode 100644
index 00000000..e3cee6b3
--- /dev/null
+++ b/documentation/trusted-services.md
@@ -0,0 +1,53 @@ 
+# The Trusted Services: framework for developing root-of-trust services
+
+  meta-arm layer includes recipes for [Trusted Services][1] Secure Partitions and Normal World applications
+in `meta-arm/recipes-security/trusted-services`
+
+## Secure Partitions recipes
+
+We define dedicated recipes for all supported Trusted Services (TS) Secure Partitions.
+These recipes produce ELF and DTB files for SPs.
+These files are automatically included into optee-os image accordingly to defined MACHINE_FEATURES.
+
+### How to include TS SPs
+
+To include TS SPs into optee-os image you need to add into MACHINE_FEATURES
+features for each [Secure Partition][2] you would like to include:
+
+| Secure Partition  | MACHINE_FEATURE |
+| ----------------- | --------------- |
+| Attestation       | ts-attesation   |
+| Crypto            | ts-crypto       |
+| Internal Storage  | ts-its          |
+| Protected Storage | ts-storage      |
+| se-proxy          | ts-se-proxy     |
+| smm-gateway       | ts-smm-gateway  |
+
+Other steps depend on your machine/platform definition:
+
+1. For communications between Secure and Normal Words Linux kernel option `CONFIG_ARM_FFA_TRANSPORT=y`
+is required. If your platform doesn't include it already you can add `arm-ffa` into MACHINE_FEATURES.
+
+2. optee-os might require platform specific OP-TEE build parameters (for example what SEL the SPM Core is implemented at).
+You can find examples in `meta-arm/recipes-security/optee/optee-os_%.bbappend` for qemuarm64-secureboot machine
+and in `meta-arm-bsp/recipes-security/optee/optee-os-n1sdp.inc` and `meta-arm-bsp/recipes-security/optee/optee-os-corstone1000-common.inc`
+for N1SDP and Corstone1000 platforms accordingly.
+
+3. trusted-firmware-a might require platform specific TF-A build parameters (SPD and SPMC details on the platform).
+See `meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend` for qemuarm64-secureboot machine
+and in `meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-n1sdp.inc` and
+`meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc` for N1SDP and Corstone1000 platforms.
+
+## Normal World applications
+
+  Optionally for testing purposes you can add `packagegroup-ts-tests` and `packagegroup-ts-tests-psa` package groups into your image.
+They include [Trusted Services test and demo tools][3]
+
+## OEQA Trusted Services tests
+
+  meta-arm also includes Trusted Service OEQA tests which can be used for automated testing.
+See `ci/trusted-services.yml` for an example how to include them into an image.
+
+[1] https://trusted-services.readthedocs.io/en/integration/overview/introduction.html
+[2] https://trusted-services.readthedocs.io/en/integration/developer/deployments/secure-partitions.html
+[3] https://trusted-services.readthedocs.io/en/integration/developer/deployments/test-executables.html