feat(security): add Security Overview page

- create new Security_overview.rst as the landing page for security
documentation
- provide comprehensive security framework details and features
overview
- add references to Security_overview in platform TOC files (AM62X,
AM62AX, AM62PX, AM62LX)
- add cross-reference links in related security documentation

Signed-off-by: Shiva Tripathi <[email protected]>

Author: shiva-ti

configs/AM62AX/AM62AX_linux_toc.txt

@@ -93,6 +93,7 @@ linux/Foundational_Components/Power_Management/pm_wakeup_sources
 linux/Foundational_Components/Power_Management/pm_sw_arch
 linux/Foundational_Components/Power_Management/pm_debug
 
+linux/Foundational_Components/System_Security/Security_overview
 linux/Foundational_Components/System_Security/SELinux
 linux/Foundational_Components/System_Security/Auth_boot
 

configs/AM62LX/AM62LX_linux_toc.txt

@@ -78,6 +78,7 @@ linux/Foundational_Components/Power_Management/pm_cpuidle
 linux/Foundational_Components/Power_Management/pm_am62lx_low_power_modes
 linux/Foundational_Components/Power_Management/pm_wakeup_sources
 
+linux/Foundational_Components/System_Security/Security_overview
 #linux/Foundational_Components/System_Security/SELinux
 linux/Foundational_Components/System_Security/Auth_boot
 

configs/AM62PX/AM62PX_linux_toc.txt

@@ -98,6 +98,7 @@ linux/Foundational_Components/Power_Management/pm_wakeup_sources
 linux/Foundational_Components/Power_Management/pm_sw_arch
 linux/Foundational_Components/Power_Management/pm_debug
 
+linux/Foundational_Components/System_Security/Security_overview
 linux/Foundational_Components/System_Security/SELinux
 linux/Foundational_Components/System_Security/Auth_boot
 

configs/AM62X/AM62X_linux_toc.txt

@@ -95,6 +95,7 @@ linux/Foundational_Components/Power_Management/pm_wakeup_sources
 linux/Foundational_Components/Power_Management/pm_sw_arch
 linux/Foundational_Components/Power_Management/pm_debug
 
+linux/Foundational_Components/System_Security/Security_overview
 linux/Foundational_Components/System_Security/SELinux
 linux/Foundational_Components/System_Security/Auth_boot
 

source/linux/Foundational_Components/Kernel/Kernel_Drivers/Crypto/SA2UL_OMAP.rst

@@ -1,3 +1,5 @@
+.. _SAUL-Crypto-Accelerator:
+
 ######
 Crypto
 ######

source/linux/Foundational_Components/System_Security/Security_overview.rst

@@ -0,0 +1,81 @@
+.. _Security_overview:
+
+##########
+Overview
+##########
+
+.. rubric:: Security Overview
+
+The |__PART_FAMILY_DEVICE_NAMES__| SoC provides a comprehensive set of 
+security features that protect embedded Linux applications. This guide 
+offers a starting point to understand and implement these capabilities 
+as part of product development, with the following advantages:
+
+* **Hardware-backed security** - Leverages built-in security hardware 
+  for robust protection
+* **Defense in depth** - Creates multiple layers of security to protect 
+  against various threats
+* **Industry standards compliance** - Implements security features that 
+  help meet regulatory requirements
+* **Flexible implementation** - Allows security features that can be 
+  tailored to specific application needs
+
+.. rubric:: Security Domains  
+
+Below is an overview of the security framework's main domains:
+
+.. figure:: ./images/security_framework.png
+
+Together, these security domains provide a comprehensive security 
+architecture that protects the |__PART_FAMILY_DEVICE_NAMES__| at 
+all stages of operation - from boot to runtime to data storage - 
+creating a chain of trust that helps maintain system integrity 
+and data confidentiality.
+
+.. rubric:: Security Features at a Glance
+
+The following table lists some of the key Security Features:
+
+.. ifconfig:: CONFIG_part_variant in ('AM62LX')
+
+  +-------------------------+-----------------------------------------------------------+--------------------------------------+
+  | **Security Feature**    | **Description**                                           | **Links**                            |
+  +=========================+===========================================================+======================================+
+  | **Authenticated Boot**  | Verifies each boot component to ensure only authorized    | :ref:`auth_boot_guide`               |
+  |                         | code executes on the device                               |                                      |
+  +-------------------------+-----------------------------------------------------------+--------------------------------------+
+  | **Crypto Acceleration** | Hardware driver support for cryptographic algorithms      | :ref:`DTHEv2-Crypto-Accelerator`     |
+  +-------------------------+-----------------------------------------------------------+--------------------------------------+
+  | **Key Management**      | Tools for secure key provisioning                         | :ref:`key-writer-lite-label`         |
+  +-------------------------+-----------------------------------------------------------+--------------------------------------+
+  | **Secure Storage**      | Protection mechanisms for sensitive data                  | :ref:`secure-storage-with-rpmb`      |
+  +-------------------------+-----------------------------------------------------------+--------------------------------------+
+  | **Trusted Execution**   | Implementation of secure monitor (EL3) firmware that      | :ref:`foundational-components-atf`   |
+  |                         | manages the secure boot process and TrustZone transitions |                                      |
+  +                         +-----------------------------------------------------------+--------------------------------------+
+  |                         | Trusted Execution Environment that enables isolated       | :ref:`foundational-components-optee` |
+  |                         | execution of security-sensitive applications and services |                                      |
+  +-------------------------+-----------------------------------------------------------+--------------------------------------+
+
+.. ifconfig:: CONFIG_part_variant not in ('AM62LX')
+
+  +-------------------------+-----------------------------------------------------------+--------------------------------------+
+  | Security Feature        | Description                                               | Links                                |
+  +=========================+===========================================================+======================================+
+  | **Authenticated Boot**  | Verifies each boot component to ensure only authorized    | :ref:`auth_boot_guide`               |
+  |                         | code executes on the device                               |                                      |
+  +-------------------------+-----------------------------------------------------------+--------------------------------------+
+  | **Crypto Acceleration** | Hardware driver support for cryptographic algorithms      | :ref:`SAUL-Crypto-Accelerator`       |
+  +-------------------------+-----------------------------------------------------------+--------------------------------------+
+  | **Secure Storage**      | Protection mechanisms for sensitive data                  | :ref:`secure-storage-with-rpmb`      |
+  +-------------------------+-----------------------------------------------------------+--------------------------------------+
+  | **SELinux**             | Kernel security module providing policy-based access      | :ref:`selinux_guide`                 |
+  |                         | control for processes, files, and system objects          |                                      |
+  +-------------------------+-----------------------------------------------------------+--------------------------------------+
+  | **Trusted Execution**   | Implementation of secure monitor (EL3) firmware that      | :ref:`foundational-components-atf`   |
+  |                         | manages the secure boot process and TrustZone transitions |                                      |
+  +                         +-----------------------------------------------------------+--------------------------------------+
+  |                         | Trusted Execution Environment that enables isolated       | :ref:`foundational-components-optee` |
+  |                         | execution of security-sensitive applications and services |                                      |
+  +-------------------------+-----------------------------------------------------------+--------------------------------------+
+

source/linux/Foundational_Components/System_Security/images/security_framework.png

@@ -75,6 +75,7 @@ of entropy can work around these issues.
 
    $ make CROSS_COMPILE="$CROSS_COMPILE_32" CROSS_COMPILE64="$CROSS_COMPILE_64" PLATFORM=k3-|__OPTEE_PLATFORM_FLAVOR__| CFG_ARM64_core=y CFG_WITH_SOFTWARE_PRNG=y
 
+.. _secure-storage-with-rpmb:
 
 Secure Storage with RPMB (For HS)
 *********************************

source/linux/Foundational_Components_OPTEE.rst

@@ -7,6 +7,7 @@ Security
 .. toctree::
    :maxdepth: 5
 
+   Foundational_Components/System_Security/Security_overview
    Foundational_Components_Migration_Guide
    Foundational_Components_Secure_Boot
    Foundational_Components/System_Security/SELinux