Glossary of terms and abbreviations

AAPCS

ARM Architecture Procedure Call Standard: The AAPCS defines how subroutines can be separately written, separately compiled, and separately assembled to work together. It describes a contract between a calling routine and a called routine

Application RoT

PSA term. The security domain in which additional security services are implemented. Also referred as ARoT.

HAL

Hardware Abstraction Layer: Interface to abstract hardware-oriented operations and provides a set of APIs to the upper layers.

ITS
Internal Trusted Storage

One of PSA services provided by TF-M.

MPC

Memory Protection Controller: Bus slave-side security controller for memory regions.

MPU

Memory Protection Unit: Hardware component providing privilege control.

NSPE

Non Secure Processing Enviroment: PSA term. In TF-M this means non secure domain typically running an OS using services provided by TF-M.

PPC

Peripheral Protection Controller: Bus slave-side security controller for peripheral access.

PS
Protected Storage

One of PSA services provided by TF-M.

PSA

PSA term. Platform Security Architecture.

PSA RoT

PSA term. This defines the most trusted security domain within a PSA system. Also referred as PRoT.

PSA-FF

PSA term. Platform Security Architecture Firmware Framework.

PSA-FF-M

PSA term. Platform Security Architecture Firmware Framework for M.

RoT

Root of Trust: PSA term. This is the minimal set of software, hardware and data that is implicitly trusted in the platform — there is no software or hardware at a deeper level that can verify that the Root of Trust is authentic and unmodified.

RoT Service

PSA term. A set of related security operations that are implemented in a Secure Partition.

S/NS

Secure/Non-secure: The separation provided by TrustZone hardware components in the system.

SAU

Secure Attribution Unit: Hardware component providing isolation between Secure, Non-secure Callable and Non-secure addresses.

SFN

Secure Function: The function entry to a secure service. Multiple SFN per SS are permitted.

SP
Secure Partition

A logical container for secure services.

SPE

Secure Processing Environment: PSA term. In TF-M this means the secure domain protected by TF-M.

SPM
Secure Partition Manager

The TF-M component responsible for enumeration, management and isolation of multiple Secure Partitions within the TEE.

SPRT

Secure Partition Runtime: The TF-M component responsible for Secure Partition runtime functionalities.

SPRTL

Secure Partition Runtime Library: A library contains the SPRT code and data.

SS

Secure Service: A component within the TEE that is atomic from a security/trust point of view, i.e. which is viewed as a single entity from a TF-M point of view.

SVC

SuperVisor Call: ARMv7M assembly instruction to call a privileged handler function

TBSA-M

Trusted Base System Architecture for M. TBSA term. See Trusted Base System Architecture for M

TFM
TF-M

Trusted Firmware-M or Trusted Firmware for M-class. ARM TF-M provides a reference implementation of secure world software for ARMv8-M.

Reference


Copyright (c) 2017-2024, Arm Limited. All rights reserved.