feat(security): add Security Overview page

- create new Security_overview.rst as the landing page for security
documentation
- provide comprehensive security framework details and features
overview
- add references to Security_overview in platform TOC files (AM62X,
AM62AX, AM62PX, AM62LX)
- add cross-reference links in related security documentation

Signed-off-by: Shiva Tripathi <[email protected]>

Author: shiva-ti

configs/AM62AX/AM62AX_linux_toc.txt

@@ -93,6 +93,7 @@ linux/Foundational_Components/Power_Management/pm_wakeup_sources
 linux/Foundational_Components/Power_Management/pm_sw_arch
 linux/Foundational_Components/Power_Management/pm_debug
 
+linux/Foundational_Components/System_Security/Security_overview
 linux/Foundational_Components/System_Security/SELinux
 linux/Foundational_Components/System_Security/Auth_boot
 

configs/AM62LX/AM62LX_linux_toc.txt

@@ -78,6 +78,7 @@ linux/Foundational_Components/Power_Management/pm_cpuidle
 linux/Foundational_Components/Power_Management/pm_am62lx_low_power_modes
 linux/Foundational_Components/Power_Management/pm_wakeup_sources
 
+linux/Foundational_Components/System_Security/Security_overview
 #linux/Foundational_Components/System_Security/SELinux
 linux/Foundational_Components/System_Security/Auth_boot
 

configs/AM62PX/AM62PX_linux_toc.txt

@@ -98,6 +98,7 @@ linux/Foundational_Components/Power_Management/pm_wakeup_sources
 linux/Foundational_Components/Power_Management/pm_sw_arch
 linux/Foundational_Components/Power_Management/pm_debug
 
+linux/Foundational_Components/System_Security/Security_overview
 linux/Foundational_Components/System_Security/SELinux
 linux/Foundational_Components/System_Security/Auth_boot
 

configs/AM62X/AM62X_linux_toc.txt

@@ -95,6 +95,7 @@ linux/Foundational_Components/Power_Management/pm_wakeup_sources
 linux/Foundational_Components/Power_Management/pm_sw_arch
 linux/Foundational_Components/Power_Management/pm_debug
 
+linux/Foundational_Components/System_Security/Security_overview
 linux/Foundational_Components/System_Security/SELinux
 linux/Foundational_Components/System_Security/Auth_boot
 

source/linux/Foundational_Components/Kernel/Kernel_Drivers/Crypto/DTHEv2.rst

@@ -1,4 +1,5 @@
 .. _DTHEv2-Crypto-Accelerator:
+.. _crypto-accelerator:
 
 ######
 Crypto

source/linux/Foundational_Components/Kernel/Kernel_Drivers/Crypto/SA2UL_OMAP.rst

@@ -1,3 +1,6 @@
+.. _SAUL-Crypto-Accelerator:
+.. _crypto-accelerator:
+
 ######
 Crypto
 ######

source/linux/Foundational_Components/System_Security/Security_overview.rst

@@ -0,0 +1,86 @@
+.. _Security_overview:
+
+###############
+Device Security
+###############
+
+=================
+Security Overview
+=================
+
+The |__PART_FAMILY_DEVICE_NAMES__| SoC offers a comprehensive set of 
+security features that protect embedded Linux applications. This guide 
+offers a starting point to understand and implement these capabilities 
+as part of product development, with the following advantages:
+
+* **Hardware-backed security** - Leverages built-in security hardware 
+  for robust protection
+* **Defense in-depth** - Implements security at multiple level including
+  hardware, firmware, software to protect against wide range of attacks
+* **Industry standards compliance** - Incorporates security measures
+  like secure boot, TrustZone, and crypto acceleration that can help meet
+  requirements in standards such as IEC 62443 and NIST guidelines
+* **Flexible implementation** - Allows security features that can be 
+  tailored to specific application needs
+
+================
+Security Domains
+================
+
+Below is an overview of the security framework's main domains:
+
+.. figure:: ./images/security_framework.png
+
+These security domains create a chain of trust protecting the 
+|__PART_FAMILY_DEVICE_NAMES__| SoC from boot through runtime and storage,
+ensuring system integrity and data confidentiality.
+
+=============================
+Security Features at a Glance
+=============================
+
+The following table lists some of the key Security Features:
+
+.. ifconfig:: CONFIG_part_variant in ('AM62LX')
+
+  +-------------------------+-----------------------------------------------------------+--------------------------------------+
+  | **Security Feature**    | **Description**                                           | **Links**                            |
+  +=========================+===========================================================+======================================+
+  | **Authenticated Boot**  | Verifies each boot component to ensure only authorized    | :ref:`auth_boot_guide`               |
+  |                         | code executes on the device                               |                                      |
+  +-------------------------+-----------------------------------------------------------+--------------------------------------+
+  | **Crypto Acceleration** | Hardware driver support for cryptographic algorithms      | :ref:`crypto-accelerator`            |
+  +-------------------------+-----------------------------------------------------------+--------------------------------------+
+  | **Key Management**      | Tools for secure key provisioning                         | :ref:`key-writer-lite-label`         |
+  +-------------------------+-----------------------------------------------------------+--------------------------------------+
+  | **Secure Storage**      | Protection mechanisms for sensitive data                  | :ref:`secure-storage-with-rpmb`      |
+  +-------------------------+-----------------------------------------------------------+--------------------------------------+
+  | **Trusted Execution**   | Implementation of secure monitor (EL3) firmware that      | :ref:`foundational-components-atf`   |
+  |                         | manages the secure boot process and TrustZone transitions |                                      |
+  +                         +-----------------------------------------------------------+--------------------------------------+
+  |                         | Trusted Execution Environment that enables isolated       | :ref:`foundational-components-optee` |
+  |                         | execution of security-sensitive applications and services |                                      |
+  +-------------------------+-----------------------------------------------------------+--------------------------------------+
+
+.. ifconfig:: CONFIG_part_variant in ('AM62X', 'AM62PX', 'AM62AX')
+
+  +-------------------------+-----------------------------------------------------------+--------------------------------------+
+  | Security Feature        | Description                                               | Links                                |
+  +=========================+===========================================================+======================================+
+  | **Authenticated Boot**  | Verifies each boot component to ensure only authorized    | :ref:`auth_boot_guide`               |
+  |                         | code executes on the device                               |                                      |
+  +-------------------------+-----------------------------------------------------------+--------------------------------------+
+  | **Crypto Acceleration** | Hardware driver support for cryptographic algorithms      | :ref:`crypto-accelerator`            |
+  +-------------------------+-----------------------------------------------------------+--------------------------------------+
+  | **Secure Storage**      | Protection mechanisms for sensitive data                  | :ref:`secure-storage-with-rpmb`      |
+  +-------------------------+-----------------------------------------------------------+--------------------------------------+
+  | **SELinux**             | Kernel security module providing policy-based access      | :ref:`selinux_guide`                 |
+  |                         | control for processes, files, and system objects          |                                      |
+  +-------------------------+-----------------------------------------------------------+--------------------------------------+
+  | **Trusted Execution**   | Implementation of secure monitor (EL3) firmware that      | :ref:`foundational-components-atf`   |
+  |                         | manages the secure boot process and TrustZone transitions |                                      |
+  +                         +-----------------------------------------------------------+--------------------------------------+
+  |                         | Trusted Execution Environment that enables isolated       | :ref:`foundational-components-optee` |
+  |                         | execution of security-sensitive applications and services |                                      |
+  +-------------------------+-----------------------------------------------------------+--------------------------------------+
+

source/linux/Foundational_Components/System_Security/images/security_framework.png

@@ -75,6 +75,7 @@ of entropy can work around these issues.
 
    $ make CROSS_COMPILE="$CROSS_COMPILE_32" CROSS_COMPILE64="$CROSS_COMPILE_64" PLATFORM=k3-|__OPTEE_PLATFORM_FLAVOR__| CFG_ARM64_core=y CFG_WITH_SOFTWARE_PRNG=y
 
+.. _secure-storage-with-rpmb:
 
 Secure Storage with RPMB (For HS)
 *********************************

source/linux/Foundational_Components_OPTEE.rst

@@ -7,6 +7,7 @@ Security
 .. toctree::
    :maxdepth: 5
 
+   Foundational_Components/System_Security/Security_overview
    Foundational_Components_Migration_Guide
    Foundational_Components_Secure_Boot
    Foundational_Components/System_Security/SELinux