doc: tf-m: remove irrelevant doc set pages

Removed TF-M doc set pages that are not relevant for providing
background info about the TF-M integration in the NCS.
NCSDK-32856. NCSDK-26703.

Signed-off-by: Grzegorz Ferenc <[email protected]>

Author: greg-fer

doc/nrf/glossary.rst

@@ -41,6 +41,12 @@ Glossary
    Application Programming Interface (API)
       A language and message format used by a program to communicate with an operating system, application, or other services.
 
+   Application RoT
+      A concept related to `Platform Security Architecture (PSA)`_ and :term:`Root of Trust (RoT)`.
+      It is the security domain in which additional security services are implemented.
+      In the |NCS|, Trusted Firmware-M (TF-M) implements a set of Application RoT Services.
+      For more information, see :ref:`ug_tfm_architecture_rot_services_application`.
+
    Assisted GNSS (A-GNSS)
       A form of assistance provided to devices trying to obtain a :term:`Global Navigation Satellite System (GNSS)` fix.
       It improves the :term:`Time to First Fix (TTFF)` by utilizing a connection (for example, over cellular) to the internet to retrieve the :term:`almanac data` and :term:`ephemeris data`.
@@ -182,7 +188,7 @@ Glossary
       Most memory and peripherals can be flexibly allocated to cores at compile time.
 
    Cortex Microcontroller Software Interface Standard (CMSIS)
-      A vendor-independent hardware abstraction layer for the Cortex-M processor series that defines generic tool interfaces.
+      A vendor-independent :term:`Hardware Abstraction Layer (HAL)` for the Cortex-M processor series that defines generic tool interfaces.
 
    Cortex-M Security Extensions (CMSE)
       A group term for different security extensions for the Arm Cortex-M33 processor.
@@ -377,6 +383,9 @@ Glossary
    Global Positioning System (GPS)
       A satellite-based radio navigation system that provides its users with accurate location and time information over the globe.
 
+   Hardware Abstraction Layer (HAL)
+      An interface to abstract hardware-oriented operations and provide a set of APIs to the upper layers.
+
    Hardware Flow Control (HWFC)
       A handshaking mechanism used to prevent an overflow of bytes in modems.
       It uses two dedicated pins on the RS-232 connector, :term:`Request to Send (RTS)` and :term:`Clear to Send (CTS)`.
@@ -436,6 +445,10 @@ Glossary
    Isochronous channels (ISO)
       A feature of the :term:`LE Audio` standard that allows for relaying audio data to multiple devices at the same time (isochronously) without having to split the stereo stream.
 
+   Internal Trusted Storage (ITS)
+      One of :term:`Platform RoT` services, which provides trusted storage of key material in internal flash.
+      For more information, see :ref:`ug_tfm_services_its`.
+
    Just In Time Provisioning (JITP)
       A device is provisioned when it first tries to connect to the IoT broker and presents its device certificate.
       Before the first communication, the device is not known to the broker and is not stored in the fleet registry.
@@ -537,6 +550,7 @@ Glossary
    Memory Privilege Controller (MPC)
       Performs security configuration, enforcement, and bus decoding.
       It implements security filtering, checking bus accesses against the configured access properties and blocking any unauthorized accesses.
+      Do not confuse this with Memory Protection Controller from the Arm architecture, which is not used in the |NCS|.
 
    Memory-to-memory Vector Direct Memory Access (MVDMA)
       A peripheral capable of copying data from one memory address to another memory address.
@@ -602,6 +616,11 @@ Glossary
    Noise Factor (NF)
       The relation of the :term:`Signal-to-Noise Ratio (SNR)` in the device input to the SNR in the device output.
 
+   Non-secure image
+      A concept related to :ref:`ug_tfm_security_by_separation`.
+      In the context of the |NCS| and `ARM TrustZone`_, this is a firmware image that is executed in the :term:`Non-Secure Processing Environment (NSPE)`.
+      It is typically built using the ``*/ns`` :ref:`board target variant <app_boards_names>`.
+
    Non-Secure Processing Environment (NSPE)
       One of the two processing environments when using Cortex-M Security Extensions.
       When firmware is separated between NSPE and :term:`Secure Processing Environment (SPE)`, NSPE is used to store the application core firmware.
@@ -701,6 +720,12 @@ Glossary
    Physically Unclonable Function (PUF)
       A function device that exploits inherent randomness introduced during manufacturing to give a physical entity a unique "fingerprint" or a trust anchor.
 
+   Platform RoT
+      A concept related to `Platform Security Architecture (PSA)`_ and :term:`Root of Trust (RoT)`.
+      It is the security domain in which platform-specific services are implemented.
+      In the |NCS|, Trusted Firmware-M (TF-M) implements a set of Platform RoT Services.
+      For more information, see :ref:`ug_tfm_architecture_rot_services_platform`.
+
    Platform Security Architecture Certified (PSA Certified)
       A security certification scheme for Internet of Things (IoT) hardware, software and devices.
 
@@ -736,6 +761,10 @@ Glossary
    Programmable Peripheral Interconnect (PPI)
       It enables peripherals to interact autonomously with each other using tasks and events independently of the CPU.
 
+   Protected Storage (PS)
+      One of :term:`Application RoT` services, which provides secure storage with encryption, integrity protection, and rollback protection for non-secure applications.
+      For more information, see :ref:`tfm_partition_ps`.
+
    Protocol Data Unit (PDU)
       Information transferred as a single unit between peer entities of a computer network and containing control and address information or data.
       PDU mode is one of the two ways of sending and receiving SMS messages.
@@ -830,6 +859,14 @@ Glossary
       A dedicated :term:`Domain` which executes a pre-compiled firmware component that is signed by Nordic Semiconductor.
       It exposes security services to the other domains through an Interprocess Communication interface.
 
+   Secure image
+      A concept related to :ref:`ug_tfm_security_by_separation`.
+      In the context of the |NCS| and `ARM TrustZone`_, this is a firmware image that is provided by Trusted Firmware-M and executed in the :term:`Secure Processing Environment (SPE)`.
+      It is typically built using the ``*/ns`` :ref:`board target variant <app_boards_names>`.
+
+   Secure partition
+      A memory partition used to store the data of the :term:`Secure Processing Environment (SPE)`.
+
    Serial Peripheral Interface (SPI)
       An interface bus commonly used to send data between microcontrollers and small peripherals such as shift registers, sensors, and SD cards.
 

doc/nrf/links.txt

@@ -1667,6 +1667,7 @@
 .. _`ARM Platform Security Model 1.1`: https://developer.arm.com/documentation/den0128/0101b/
 .. _`Trusted Base System Architecture for M (TBSA-M) Specification`: https://developer.arm.com/-/media/Arm%20Developer%20Community/PDF/PSA/DEN0083_PSA_TBSA-M_1.0-bet2.pdf?revision=5f9de99f-a7b5-4851-b041-f698521bf6bf
 .. _`Platform Security Architectures`: https://www.arm.com/architecture/security-features/platform-security
+.. _`Memory Protection Controllers`: https://developer.arm.com/documentation/102803/0000/Functional-Description/Memory-Protection-Controllers
 
 .. ### Source: psacertified.org
 

doc/nrf/releases_and_maturity/releases/release-notes-changelog.rst

@@ -163,6 +163,9 @@ Trusted Firmware-M
     nRF54L05 does not support TF-M.
     nRF54L10 supports TF-M experimentally.
 
+* Removed several documentation pages from the :ref:`tfm_wrapper` section that were misleading or not relevant for understanding the TF-M integration in the |NCS|.
+  The section now includes only pages that provide background information about TF-M design that are relevant for the |NCS|.
+
 Protocols
 =========
 

doc/tfm/wrapper.rst

@@ -1,30 +1,32 @@
 .. _tfm_wrapper:
 
-Trusted Firmware-M documentation
-################################
+Trusted Firmware-M reference documentation
+##########################################
 
-This section includes the official `Trusted Firmware-M (TF-M) <https://www.trustedfirmware.org/projects/tf-m/>`_ documentation.
-It is provided for reference only and is intended for the developers working on the integration of TF-M in the nRF Connect SDK.
+This section includes a selection of pages from the official `Trusted Firmware-M (TF-M) <https://www.trustedfirmware.org/projects/tf-m/>`_ documentation.
+The pages are published as-is using the sources from the downstream `TF-M repository <https://github.com/nrfconnect/sdk-trusted-firmware-m>`_.
 
-The section renders the content of the `official TF-M documentation <https://trustedfirmware-m.readthedocs.io/en/latest/index.html>`_ as-is using the sources from the downstream `TF-M repository <https://github.com/nrfconnect/sdk-trusted-firmware-m>`_.
+The pages provide background information about some of the aspects of `TF-M integration in the nRF Connect SDK <https://docs.nordicsemi.com/bundle/ncs-latest/page/nrf/security/tfm/index.html>`_.
+Use these pages for reference only.
 
-For information on how TF-M is integrated in the nRF Connect SDK, see the `Security section in the nRF Connect SDK documentation <https://docs.nordicsemi.com/bundle/ncs-latest/page/nrf/security.html>`_.
+.. note::
+   Not all TF-M features mentioned in this section are used by the nRF Connect SDK.
+   For more information, see `TF-M support and limitations in the nRF Connect SDK <https://docs.nordicsemi.com/bundle/ncs-latest/page/nrf/security/tfm/tfm_supported_services.html>`_.
+
+For the complete TF-M upstream documentation, visit the `official TF-M documentation website <https://trustedfirmware-m.readthedocs.io/en/latest/index.html>`_.
 
 .. toctree::
    :maxdepth: 1
    :caption: Contents
 
    introduction/index.rst
-   getting_started/index.rst
    security/index.rst
-   releases/index.rst
-   roadmap.rst
-   glossary.rst
-   platform/index.rst
-   building/tfm_build_instruction.rst
-   configuration/index.rst
-   integration_guide/index.rst
+   configuration/profiles/index.rst
+   integration_guide/source_structure/source_structure.rst
+   integration_guide/spm_backends.rst
+   integration_guide/tfm_fpu_support.rst
+   integration_guide/tfm_secure_irq_integration_guide.rst
+   integration_guide/platform_provisioning.rst
+   integration_guide/branch_protection.rst
+   integration_guide/services/index.rst
    design_docs/index.rst
-   contributing/index.rst
-   contributing/lic.rst
-   contributing/dco.rst