1/'
2 ' Copyright (c) 2023, Arm Limited. All rights reserved.
3 '
4 ' SPDX-License-Identifier: BSD-3-Clause
5 '/
6
7/'
8TF-A with Arm CCA Data Flow Diagram
9'/
10
11@startuml
12digraph tfa_dfd {
13
14    # Arrange nodes from left to right
15    rankdir="LR"
16
17    # Allow arrows to end on cluster boundaries
18    compound=true
19
20    # Default settings for edges and nodes
21    edge [minlen=2 color="#8c1b07"]
22    node [fillcolor="#ffb866" style=filled shape=box fixedsize=true width=1.6 height=0.7]
23
24    # Nodes outside of the trust boundary
25    realm [label="Realm\nClients"]
26    nsec [label="Non-secure\nClients"]
27    sec [label="Secure\nClients"]
28    dbg [label="Debug & Trace"]
29    uart [label="UART"]
30    nvm [label="Non-volatile\nMemory"]
31
32    # Trust boundary cluster
33    subgraph cluster_trusted{
34        graph [style=dashed color="#f22430"]
35
36        # HW IPs cluster
37        subgraph cluster_ip{
38            label ="Hardware IPs";
39            graph [style=filled color="#000000" fillcolor="#ffd29e"]
40
41            rank="same"
42            gic [label="GIC" width=1.2 height=0.5]
43            mmu [label="MMU" width=1.2 height=0.5]
44            etc [label="..." shape=none style=none height=0.5]
45        }
46
47        # TF-A cluster
48        subgraph cluster_tfa{
49            label ="TF-A";
50            graph [style=filled color="#000000" fillcolor="#faf9cd"]
51
52            bl1 [label="Boot ROM\n(BL1)" fillcolor="#ddffb3"];
53            bl2 [label="Trusted Boot\nFirmware\n(BL2)" fillcolor="#ddffb3" height=1]
54            bl31 [label="TF-A Runtime\n(BL31)" fillcolor="#ddffb3"]
55        }
56
57        # HES cluster
58        subgraph cluster_hes{
59            label ="Arm CCA HES";
60            graph [style=filled color="#000000" fillcolor="#ffd29e"]
61
62            hes [label="Hardware\nEnforced Security"]
63        }
64    }
65
66    # Interactions between nodes
67
68    # -- The following lines are copied from tfa_dfd.puml and must not be
69    #    changed, at the risk of invalidating DF* references.
70    nvm -> bl31 [lhead=cluster_tfa label="DF1"]
71    uart -> bl31 [dir="both" lhead=cluster_tfa label="DF2"]
72    dbg -> bl2 [dir="both" lhead=cluster_tfa label="DF3"]
73    sec -> bl2 [dir="both" lhead=cluster_tfa label="DF4"]
74    nsec -> bl1 [dir="both" lhead=cluster_tfa, label="DF5"]
75    bl2 -> mmu [dir="both" ltail=cluster_tfa lhead=cluster_ip label="DF6"]
76
77    # -- The following lines are new for Arm CCA DFD.
78    bl2 -> hes [dir="both" ltail=cluster_tfa lhead=cluster_hes label="DF7"]
79    realm -> bl2 [dir="both" lhead=cluster_tfa label="DF8"]
80}
81
82@enduml
83