feat(security): add Security Overview page

shiva-ti · shiva-ti · commit c176784a5601 · 2025-11-24T19:40:09.000+05:30
- create new Security_overview.rst as the landing page for security
documentation
- provide comprehensive security framework details and features
overview
- add references to Security_overview in platform TOC files (AM62X,
AM62AX, AM62PX, AM62LX)
- add cross-reference links in related security documentation

Signed-off-by: Shiva Tripathi &lt;s-tripathi1@ti.com&gt;
diff --git a/configs/AM62AX/AM62AX_linux_toc.txt b/configs/AM62AX/AM62AX_linux_toc.txt
@@ -93,6 +93,7 @@ linux/Foundational_Components/Power_Management/pm_wakeup_sources
 linux/Foundational_Components/Power_Management/pm_sw_arch
 linux/Foundational_Components/Power_Management/pm_debug
 
+linux/Foundational_Components/System_Security/Security_overview
 linux/Foundational_Components/System_Security/SELinux
 linux/Foundational_Components/System_Security/Auth_boot
 
diff --git a/configs/AM62LX/AM62LX_linux_toc.txt b/configs/AM62LX/AM62LX_linux_toc.txt
@@ -78,6 +78,7 @@ linux/Foundational_Components/Power_Management/pm_cpuidle
 linux/Foundational_Components/Power_Management/pm_am62lx_low_power_modes
 linux/Foundational_Components/Power_Management/pm_wakeup_sources
 
+linux/Foundational_Components/System_Security/Security_overview
 #linux/Foundational_Components/System_Security/SELinux
 linux/Foundational_Components/System_Security/Auth_boot
 
diff --git a/configs/AM62PX/AM62PX_linux_toc.txt b/configs/AM62PX/AM62PX_linux_toc.txt
@@ -98,6 +98,7 @@ linux/Foundational_Components/Power_Management/pm_wakeup_sources
 linux/Foundational_Components/Power_Management/pm_sw_arch
 linux/Foundational_Components/Power_Management/pm_debug
 
+linux/Foundational_Components/System_Security/Security_overview
 linux/Foundational_Components/System_Security/SELinux
 linux/Foundational_Components/System_Security/Auth_boot
 
diff --git a/configs/AM62X/AM62X_linux_toc.txt b/configs/AM62X/AM62X_linux_toc.txt
@@ -95,6 +95,7 @@ linux/Foundational_Components/Power_Management/pm_wakeup_sources
 linux/Foundational_Components/Power_Management/pm_sw_arch
 linux/Foundational_Components/Power_Management/pm_debug
 
+linux/Foundational_Components/System_Security/Security_overview
 linux/Foundational_Components/System_Security/SELinux
 linux/Foundational_Components/System_Security/Auth_boot
 
diff --git a/source/linux/Foundational_Components/Kernel/Kernel_Drivers/Crypto/SA2UL_OMAP.rst b/source/linux/Foundational_Components/Kernel/Kernel_Drivers/Crypto/SA2UL_OMAP.rst
@@ -1,3 +1,5 @@
+.. _SAUL-Crypto-Accelerator:
+
 ######
 Crypto
 ######
diff --git a/source/linux/Foundational_Components/System_Security/Security_overview.rst b/source/linux/Foundational_Components/System_Security/Security_overview.rst
@@ -0,0 +1,85 @@
+.. _Security_overview:
+
+########
+Overview
+########
+
+=================
+Security Overview
+=================
+
+The |__PART_FAMILY_DEVICE_NAMES__| SoC offers a comprehensive set of 
+security features that protect embedded Linux applications. This guide 
+offers a starting point to understand and implement these capabilities 
+as part of product development, with the following advantages:
+
+* **Hardware-backed security** - Leverages built-in security hardware 
+  for robust protection
+* **Defense in-depth** - Creates many layers of security to protect 
+  against various threats
+* **Industry standards compliance** - Implements security features that 
+  help meet regulatory requirements
+* **Flexible implementation** - Allows security features that can be 
+  tailored to specific application needs
+
+================
+Security Domains
+================
+
+Below is an overview of the security framework's main domains:
+
+.. figure:: ./images/security_framework.png
+
+These security domains create a chain of trust protecting the 
+|__PART_FAMILY_DEVICE_NAMES__| from boot through runtime and storage, 
+ensuring system integrity and data confidentiality.
+
+=============================
+Security Features at a Glance
+=============================
+
+The following table lists some of the key Security Features:
+
+.. ifconfig:: CONFIG_part_variant in ('AM62LX')
+
+  +-------------------------+-----------------------------------------------------------+--------------------------------------+
+  | **Security Feature**    | **Description**                                           | **Links**                            |
+  +=========================+===========================================================+======================================+
+  | **Authenticated Boot**  | Verifies each boot component to ensure only authorized    | :ref:`auth_boot_guide`               |
+  |                         | code executes on the device                               |                                      |
+  +-------------------------+-----------------------------------------------------------+--------------------------------------+
+  | **Crypto Acceleration** | Hardware driver support for cryptographic algorithms      | :ref:`DTHEv2-Crypto-Accelerator`     |
+  +-------------------------+-----------------------------------------------------------+--------------------------------------+
+  | **Key Management**      | Tools for secure key provisioning                         | :ref:`key-writer-lite-label`         |
+  +-------------------------+-----------------------------------------------------------+--------------------------------------+
+  | **Secure Storage**      | Protection mechanisms for sensitive data                  | :ref:`secure-storage-with-rpmb`      |
+  +-------------------------+-----------------------------------------------------------+--------------------------------------+
+  | **Trusted Execution**   | Implementation of secure monitor (EL3) firmware that      | :ref:`foundational-components-atf`   |
+  |                         | manages the secure boot process and TrustZone transitions |                                      |
+  +                         +-----------------------------------------------------------+--------------------------------------+
+  |                         | Trusted Execution Environment that enables isolated       | :ref:`foundational-components-optee` |
+  |                         | execution of security-sensitive applications and services |                                      |
+  +-------------------------+-----------------------------------------------------------+--------------------------------------+
+
+.. ifconfig:: CONFIG_part_variant not in ('AM62LX')
+
+  +-------------------------+-----------------------------------------------------------+--------------------------------------+
+  | Security Feature        | Description                                               | Links                                |
+  +=========================+===========================================================+======================================+
+  | **Authenticated Boot**  | Verifies each boot component to ensure only authorized    | :ref:`auth_boot_guide`               |
+  |                         | code executes on the device                               |                                      |
+  +-------------------------+-----------------------------------------------------------+--------------------------------------+
+  | **Crypto Acceleration** | Hardware driver support for cryptographic algorithms      | :ref:`SAUL-Crypto-Accelerator`       |
+  +-------------------------+-----------------------------------------------------------+--------------------------------------+
+  | **Secure Storage**      | Protection mechanisms for sensitive data                  | :ref:`secure-storage-with-rpmb`      |
+  +-------------------------+-----------------------------------------------------------+--------------------------------------+
+  | **SELinux**             | Kernel security module providing policy-based access      | :ref:`selinux_guide`                 |
+  |                         | control for processes, files, and system objects          |                                      |
+  +-------------------------+-----------------------------------------------------------+--------------------------------------+
+  | **Trusted Execution**   | Implementation of secure monitor (EL3) firmware that      | :ref:`foundational-components-atf`   |
+  |                         | manages the secure boot process and TrustZone transitions |                                      |
+  +                         +-----------------------------------------------------------+--------------------------------------+
+  |                         | Trusted Execution Environment that enables isolated       | :ref:`foundational-components-optee` |
+  |                         | execution of security-sensitive applications and services |                                      |
+  +-------------------------+-----------------------------------------------------------+--------------------------------------+
+
diff --git a/source/linux/Foundational_Components/System_Security/images/security_framework.png b/source/linux/Foundational_Components/System_Security/images/security_framework.png
diff --git a/source/linux/Foundational_Components_OPTEE.rst b/source/linux/Foundational_Components_OPTEE.rst
@@ -75,6 +75,7 @@ of entropy can work around these issues.
 
    $ make CROSS_COMPILE="$CROSS_COMPILE_32" CROSS_COMPILE64="$CROSS_COMPILE_64" PLATFORM=k3-|__OPTEE_PLATFORM_FLAVOR__| CFG_ARM64_core=y CFG_WITH_SOFTWARE_PRNG=y
 
+.. _secure-storage-with-rpmb:
 
 Secure Storage with RPMB (For HS)
 *********************************
diff --git a/source/linux/Foundational_Components_Security.rst b/source/linux/Foundational_Components_Security.rst
@@ -7,6 +7,7 @@ Security
 .. toctree::
    :maxdepth: 5
 
+   Foundational_Components/System_Security/Security_overview
    Foundational_Components_Migration_Guide
    Foundational_Components_Secure_Boot
    Foundational_Components/System_Security/SELinux

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,5 @@`
	`1`	`+.. _SAUL-Crypto-Accelerator:`
	`2`	`+`
`1`	`3`	`######`
`2`	`4`	`Crypto`
`3`	`5`	`######`