doc: Remove documentation of SPM and its secure services

Remove documentation of the Secure Partition Manager (SPM) and the secure services it exposed. NCSDK-18319 Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
ivaniushkov · Dec 13, 2022 · a49e3e8 · a49e3e8
1 parent 3732e75
commit a49e3e8
Show file tree

Hide file tree

Showing 25 changed files with 56 additions and 214 deletions.
diff --git a/doc/nrf/drivers/entropy_cc310.rst b/doc/nrf/drivers/entropy_cc310.rst
@@ -16,8 +16,8 @@ You can use the CC310 entropy driver (*entropy_cc310*) to generate random data u
 When used with nRF52840, the CC310 entropy driver gathers entropy by using the CC310 hardware through the :ref:`nrf_cc3xx_platform_readme`.
 When used with nRF5340 or nRF9160, the driver behavior depends on whether it is used in an application with or without Cortex-M Security Extensions (CMSE):
 
-* In an application without CMSE, or when the :ref:`lib_spm` is not used, the CC310 entropy driver gathers entropy by using the CC310 hardware through the :ref:`nrf_cc3xx_platform_readme`.
-* In an application with CMSE, the driver gathers entropy through the :ref:`lib_secure_services` library.
+* In an application without CMSE the CC310 entropy driver gathers entropy by using the CC310 hardware through the :ref:`nrf_cc3xx_platform_readme`.
+* In an application with CMSE, the driver gathers entropy through the PSA Crypto APIs exposed by :ref:`Trusted Firmware-M (TF-M) <ug_tfm>`.
 
 For more details on CMSE, see :ref:`app_boards_spe_nspe`.
 

diff --git a/doc/nrf/includes/spm.txt b/doc/nrf/includes/spm.txt
diff --git a/doc/nrf/known_issues.rst b/doc/nrf/known_issues.rst
@@ -149,10 +149,10 @@ CIA-661: Asset Tracker v2 application configured for LwM2M cannot be built for t
 
   **Workaround:** Use one of the following workarounds for modem traces:
 
-  * Use :ref:`secure_partition_manager` instead of TF-M by setting :kconfig:option:`CONFIG_SPM` to ``y`` and :kconfig:option:`CONFIG_BUILD_WITH_TFM` to ``n``.
+  * Use Secure Partition Manager instead of TF-M by setting ``CONFIG_SPM`` to ``y`` and :kconfig:option:`CONFIG_BUILD_WITH_TFM` to ``n``.
   * Reduce the value of :kconfig:option:`CONFIG_NRF_MODEM_LIB_SHMEM_TRACE_SIZE` to 8 Kb, however, this might lead to loss of modem traces.
 
-  For memfault, use :ref:`secure_partition_manager` instead of TF-M by setting :kconfig:option:`CONFIG_SPM` to ``y`` and :kconfig:option:`CONFIG_BUILD_WITH_TFM` to ``n``.
+  For memfault, use Secure Partition Manager instead of TF-M by setting ``CONFIG_SPM`` to ``y`` and :kconfig:option:`CONFIG_BUILD_WITH_TFM` to ``n``.
 
 Serial LTE Modem
 ================
@@ -186,7 +186,7 @@ NCSDK-15471: Compilation with SUPL client library fails when TF-M is enabled
 
   **Workaround:** Use one of the following workarounds:
 
-  * Use :ref:`secure_partition_manager` instead of TF-M.
+  * Use Secure Partition Manager instead of TF-M.
   * Disable the FPU by setting :kconfig:option:`CONFIG_FPU` to ``n``.
 
 .. rst-class:: v2-2-0 v2-1-2 v2-1-1 v2-1-0 v2-0-2 v2-0-1 v2-0-0 v1-9-2 v1-9-1 v1-9-0 v1-8-0 v1-7-1 v1-7-0 v1-6-1 v1-6-0
@@ -1691,7 +1691,7 @@ Build system
 .. rst-class:: v2-1-2 v2-1-1 v2-1-0 v2-0-2 v2-0-1 v2-0-0 v1-9-2 v1-9-1 v1-9-0 v1-8-0 v1-7-1 v1-7-0 v1-6-1 v1-6-0 v1-5-2 v1-5-1 v1-5-0 v1-4-2 v1-4-1 v1-4-0 v1-3-2 v1-3-1 v1-3-0
 
 NCSDK-6117: Build configuration issues
-  The build configuration consisting of :ref:`bootloader`, :ref:`secure_partition_manager`, and application does not work.
+  The build configuration consisting of :ref:`bootloader`, Secure Partition Manager, and application does not work.
   (The SPM has been deprecated with the |NCS| v2.1.0.)
 
   **Workaround:** Either include MCUboot in the build or use MCUboot instead of the immutable bootloader.
@@ -1865,15 +1865,15 @@ Secure Partition Manager (SPM)
 .. rst-class:: v2-2-0 v2-1-2 v2-1-1 v2-1-0 v2-0-2 v2-0-1 v2-0-0 v1-9-2 v1-9-1 v1-9-0 v1-8-0 v1-7-1 v1-7-0 v1-6-1 v1-6-0 v1-5-2 v1-5-1 v1-5-0 v1-4-2 v1-4-1 v1-4-0 v1-3-2 v1-3-1 v1-3-0
 
 NCSIDB-114: Default logging causes crash
-  Enabling default logging in the :ref:`secure_partition_manager` sample makes it crash if the sample logs any data after the application has booted (for example, during a SecureFault, or in a secure service).
+  Enabling default logging in the Secure Partition Manager sample makes it crash if the sample logs any data after the application has booted (for example, during a SecureFault, or in a secure service).
   At that point, RTC1 and UARTE0 are non-secure.
 
   **Workaround:** Do not enable logging and add a breakpoint in the fault handling, or try a different logging backend.
 
 .. rst-class:: v1-6-1 v1-6-0 v1-5-2 v1-5-1 v1-5-0 v1-4-2 v1-4-1 v1-4-0 v1-3-2 v1-3-1 v1-3-0 v1-2-1 v1-2-0 v1-1-0
 
 NCSDK-8232: Secure Partition Manager and application building together
-  It is not possible to build and program :ref:`secure_partition_manager` and the application individually.
+  It is not possible to build and program Secure Partition Manager and the application individually.
 
 .. rst-class:: v1-5-2 v1-5-1 v1-5-0
 
@@ -2653,22 +2653,22 @@ TF-M is not supported for Thingy:91 v1.5.0 and lower versions
 NCSDK-15382: TF-M uses more RAM compared to SPM in the minimal configuration
   TF-M uses 64 KB of RAM in the minimal configuration, while SPM uses 32 KB of RAM.
 
-  **Workaround:** Free up memory in the application if needed or keep :kconfig:option:`CONFIG_SPM` enabled in the application.
+  **Workaround:** Free up memory in the application if needed or keep ``CONFIG_SPM`` enabled in the application.
 
 .. rst-class:: v2-0-2 v2-0-1 v2-0-0
 
 NCSDK-15379: TF-M does not support FP Hard ABI
   TF-M does not support enabling the Float Point Hard Application Binary Interface configuration enabled with :kconfig:option:`CONFIG_FP_HARDABI`.
 
-  **Workaround:** Use :kconfig:option:`CONFIG_FP_SOFTABI` or keep :kconfig:option:`CONFIG_SPM` enabled in the application.
+  **Workaround:** Use :kconfig:option:`CONFIG_FP_SOFTABI` or keep ``CONFIG_SPM`` enabled in the application.
 
 .. rst-class:: v2-0-2 v2-0-1 v2-0-0
 
 NCSDK-15345: TF-M does not support non-secure partitions in external flash
   TF-M does not support configuring a non-secure partition in external flash, such as non-secure storage or MCUboot secondary partition.
   Partitions that TF-M will attempt to configure as non-secure are: ``tfm_nonsecure``, ``nonsecure_storage``, and ``mcuboot_secondary``.
 
-  **Workaround:** Do not put non-secure partitions in external flash or keep :kconfig:option:`CONFIG_SPM` enabled in the application.
+  **Workaround:** Do not put non-secure partitions in external flash or keep ``CONFIG_SPM`` enabled in the application.
 
 .. rst-class:: v2-1-2 v2-1-1 v2-1-0 v2-0-2 v2-0-1 v2-0-0 v1-9-2 v1-9-1 v1-9-0 v1-8-0
 
@@ -2706,7 +2706,7 @@ NCSDK-14590: Usage fault in interrupt handlers when using FPU extensions
 NCSDK-15443: TF-M cannot be booted by MCUboot without enabling :kconfig:option:`CONFIG_MCUBOOT_CLEANUP_ARM_CORE` in MCUboot
   TF-M cannot be booted by MCUboot unless MCUboot cleans up the ARM hardware state to reset values before booting TF-M.
 
-  **Workaround:** Upgrade MCUboot with :kconfig:option:`CONFIG_MCUBOOT_CLEANUP_ARM_CORE` enabled or keep :kconfig:option:`CONFIG_SPM` enabled in the application.
+  **Workaround:** Upgrade MCUboot with :kconfig:option:`CONFIG_MCUBOOT_CLEANUP_ARM_CORE` enabled or keep ``CONFIG_SPM`` enabled in the application.
 
 .. rst-class:: v1-9-2 v1-9-1 v1-9-0
 

diff --git a/doc/nrf/libraries/networking/fota_download.rst b/doc/nrf/libraries/networking/fota_download.rst
@@ -51,7 +51,7 @@ To do this, provide two paths in the ``file`` argument, separated by a space cha
 * The first entry must point to the second-stage upgradable bootloader variant linked against the S0 partition.
 * The second entry must point to the second-stage upgradable bootloader variant linked against the S1 partition.
 
-When an upgradeable bootloader, like MCUboot, is included in the project, the FOTA download library uses the :ref:`lib_secure_services` library to detect the active second-stage upgradable bootloader partition (S0 or S1).
+When an upgradeable bootloader, like MCUboot, is included in the project, the FOTA download library uses :ref:`Trusted Firmware-M (TF-M) <ug_tfm>` to detect the active second-stage upgradable bootloader partition (S0 or S1).
 If the ``file`` argument contains a space character, it is internally updated to contain only the entry that corresponds to the non-active slot.
 This updated path is then used to download the image.
 A device reset triggers the second-stage upgradable bootloader to copy the image from the update bank to the non-active slot.

diff --git a/doc/nrf/libraries/others/memfault_ncs.rst b/doc/nrf/libraries/others/memfault_ncs.rst
@@ -47,7 +47,6 @@ To get access to all the benefits, like up to 100 free devices connected, regist
    When building applications with :ref:`Trusted Firmware-M <ug_tfm>` (TF-M), the faults resulting from memory access in secure regions are not caught by Memfault's fault handler.
    Instead, they are handled by TF-M.
    This means that those faults are not reported to the Memfault platform.
-   You can configure your application to use the :ref:`secure_partition_manager` instead of TF-M if you prefer all such faults to be reported to the Memfault platform.
 
 Configuration
 *************

diff --git a/doc/nrf/libraries/others/secure_services.rst b/doc/nrf/libraries/others/secure_services.rst
diff --git a/doc/nrf/libraries/others/spm.rst b/doc/nrf/libraries/others/spm.rst
diff --git a/doc/nrf/releases/release-notes-0.3.0.rst b/doc/nrf/releases/release-notes-0.3.0.rst
@@ -96,7 +96,7 @@ nRF9160
 * Added target nRF52840_PCA10090 (used when compiling for the nRF9160 DK Board Controller).
 * Added the following samples:
 
-  * :ref:`secure_partition_manager`:
+  * Secure Partition Manager:
     This sample provides a reference implementation of a first-stage boot firmware.
     The sample configures resources for the secure domain and boots an application from the non-secure domain.
   * **at_client**:

diff --git a/doc/nrf/releases/release-notes-0.4.0.rst b/doc/nrf/releases/release-notes-0.4.0.rst
@@ -111,7 +111,7 @@ Common libraries
 
   * :ref:`lib_download_client` - downloads files over HTTP and reports back the progress (as data fragments) to the application
   * Nordic CoAP library - ported to the |NCS|
-  * :ref:`lib_spm` (replacing Secure Boot) - configures security attributions for the flash, SRAM, and peripherals
+  * Secure Partition Manager (SPM) (replacing Secure Boot) - configures security attributions for the flash, SRAM, and peripherals
 
 
 Crypto
@@ -188,7 +188,7 @@ Documentation
   * :ref:`app_event_manager` and :ref:`nrf_profiler`
   * :ref:`at_cmd_parser_readme`, :ref:`at_params_readme`, and :ref:`modem_info_readme`
   * :ref:`lib_download_client`
-  * :ref:`lib_spm`
+  * Secure Partition Manager (SPM)
   * :ref:`st25r3911b_nfc_readme`
   * :ref:`dfu_smp_readme` and :ref:`lbs_readme`
 

diff --git a/doc/nrf/releases/release-notes-1.0.0.rst b/doc/nrf/releases/release-notes-1.0.0.rst
@@ -130,7 +130,7 @@ Secure Partition Manager (SPM) library
     * :file:`secure_services.c` resides in secure firmware (SPM).
     * :file:`secure_services.h` declares functions that can be called from non-secure firmware.
 
-  * :ref:`lib_spm` now exposes secure entry functions by default.
+  * Secure Partition Manager (SPM) now exposes secure entry functions by default.
   * Added reboot as a secure service. The reboot secure service is called when the non-secure firmware calls ``sys_reboot()``.
 
 * PWM0-3 added as non-secure.
@@ -211,7 +211,7 @@ Documentation
   * nRF9160:
 
     * nRF9160: Secure Services
-    * :ref:`secure_partition_manager`
+    * Secure Partition Manager
     * nRF9160: AWS FOTA
     * :ref:`lte_sensor_gateway`
 
@@ -230,12 +230,12 @@ Documentation
 
   * nRF9160:
 
-    * :ref:`lib_spm`
+    * Secure Partition Manager (SPM)
     * ``at_cmd`` library
     * :ref:`lib_download_client`
     * :ref:`lib_aws_fota`
     * :ref:`lib_fota_download`
-    * :ref:`lib_secure_services`
+    * Secure Services
 
   * Bluetooth Low Energy:
 

diff --git a/doc/nrf/releases/release-notes-1.1.0.rst b/doc/nrf/releases/release-notes-1.1.0.rst
@@ -182,7 +182,7 @@ Updated libraries
 
   * Dropped the nRF Connect SDK copy of the MQTT library and adopted Zephyr's :ref:`zephyr:mqtt_socket_interface` library instead.
 
-* :ref:`lib_spm`:
+* Secure Partition Manager (SPM):
 
   * Added a new non-secure-callable function :c:func:`spm_firmware_info`.
 
@@ -470,7 +470,7 @@ Documentation
     * :ref:`nfc_t4t_apdu_readme`
     * :ref:`nfc_t4t_isodep_readme`
     * :ref:`nrf_profiler`
-    * :ref:`lib_secure_services`
+    * Secure Services
 
 
 * Added or updated the following documentation:
@@ -567,7 +567,7 @@ NFC
 Build system
 ============
 
-* It is not possible to build and program :ref:`secure_partition_manager` and the application individually.
+* It is not possible to build and program Secure Partition Manager and the application individually.
 
 nrfxlib
 =======

diff --git a/doc/nrf/releases/release-notes-1.2.0.rst b/doc/nrf/releases/release-notes-1.2.0.rst
@@ -150,7 +150,7 @@ Updated libraries
   * Added the ``CONFIG_DOWNLOAD_CLIENT_MAX_TLS_FRAGMENT_SIZE`` option that allows to configure fragment sizes for TLS connections and non-TLS connections independently.
   * Added support for using non-default ports.
 
-* :ref:`lib_spm`:
+* Secure Partition Manager (SPM):
 
   * Updated the security attribution to configure the peripherals NRF_REGULATORS and NRF_WDT as Non-secure.
   * Added the RTC0 peripheral (as Non-Secure).
@@ -584,7 +584,7 @@ NFC
 Build system
 ============
 
-* It is not possible to build and program :ref:`secure_partition_manager` and the application individually.
+* It is not possible to build and program Secure Partition Manager and the application individually.
 
 nrfxlib
 =======