-
Notifications
You must be signed in to change notification settings - Fork 33
Expand file tree
/
Copy pathterms
More file actions
93 lines (50 loc) · 3.65 KB
/
terms
File metadata and controls
93 lines (50 loc) · 3.65 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
.. SPDX-FileCopyrightText: Copyright 2020-2023 Arm Limited and/or its affiliates <open-source-office@arm.com>
.. SPDX-License-Identifier: CC-BY-SA-4.0 AND LicenseRef-Patent-license
.. scterm:: Implementation Defined
Behavior that is not defined by the this specification, but is defined and documented by individual implementations.
Firmware developers can choose to depend on :sc:`IMPLEMENTATION DEFINED` behavior, but must be aware that their code might not be portable to another implementation.
.. term:: PSA
Platform Security Architecture
.. term:: Root of Trust
:abbr: RoT
This is the minimal set of software, hardware and data that is implicitly trusted in the platform --- there is no software or hardware at a deeper level that can verify that the Root of Trust is authentic and unmodified.
.. term:: Platform Root of Trust
:abbr: PRoT
The overall trust anchor for the system. This ensures the platform is securely booted and configured, and establishes the secure environments required to protect security services. See :cite-title:`PSM`.
.. term:: Immutable Platform Root of Trust
Part of the :term:`Platform Root of Trust`, which is inherently trusted. This refers to the hardware and firmware that cannot be updated on a production device. See :cite-title:`PSM`.
.. term:: Updatable Platform Root of Trust
Part of the :term:`Platform Root of Trust` firmware that can be updated following manufacturing. See :cite-title:`PSM`.
.. term:: Application Root of Trust
This is the security domain in which additional security services are implemented. See :cite-title:`PSM`.
.. term:: Secure Processing Environment
:abbr: SPE
This is the security domain that includes the :term:`Platform Root of Trust` and the :term:`Application Root of Trust` domains.
.. term:: Non-secure Processing Environment
:abbr: NSPE
This is the security domain outside of the :term:`Secure Processing Environment`. It is the Application domain, typically containing the :term:`application firmware` and hardware.
.. term:: Application firmware
The main application firmware for the platform, typically comprising an Operating System (OS) and application tasks. On a platform with isolation, the application firmware runs in the :term:`NSPE`.
.. term:: Update client
Software component that is responsible for downloading firmware updates to the device. The Update client is part of the :term:`application firmware`.
.. term:: MPU
Memory protection unit
.. term:: Over-the-Air
:abbr: OTA
The procedure where a device downloads an update from a remote location ("over the air").
.. term:: Secure boot
Secure boot is technology to provide a chain of trust for all the components during boot.
.. term:: OEM
Original equipment manufacturer
.. term:: PKI
Public-key infrastructure
.. term:: Manifest
Firmware image metadata that is signed with a cryptographic key. The manifest can be bundled within the firmware image, or detached from it.
See :secref:`manifest`.
.. term:: Volatile staging
A component with volatile staging does not preserve a firmware image that is in the :term:`staging area` after a reboot.
A component without volatile staging preserves a prepared candidate firmware image after a reboot. It is :scterm:`implementation defined` whether a partially prepared image in the staging area is retained after a system reset.
See `PSA_FWU_FLAG_VOLATILE_STAGING`.
.. term:: Staging area
A region within the firmware store used for a firmware image that is being transferred to the device. Once transfer is complete, the image in the staging area can be verified during installation.
See :secref:`arch-firmware-store`.