doc: tfm: add overview of PSA Certified API

Added a new page about the PSA Certified API overview to the TF-M
documentation. The page is based on a DevZone blog.
NCSDK-32263.

Signed-off-by: Grzegorz Ferenc <Grzegorz.Ferenc@nordicsemi.no>
Signed-off-by: Sigurd Hellesvik <Sigurd.Hellesvik@nordicsemi.no>

Author: greg-fer

doc/nrf/links.txt

@@ -226,18 +226,32 @@
 .. _`nRF Connect SDK Add-ons`: https://nrfconnect.github.io/ncs-app-index/
 .. _`ncs-app-index`: https://github.com/nrfconnect/ncs-app-index
 
+.. _`crypto.h`: https://github.com/nrfconnect/sdk-trusted-firmware-m/blob/master/interface/include/psa/crypto.h
+.. _`protected_storage.h`: https://github.com/nrfconnect/sdk-trusted-firmware-m/blob/master/interface/include/psa/protected_storage.h
+.. _`initial_attestation.h`: https://github.com/nrfconnect/sdk-trusted-firmware-m/blob/main/interface/include/psa/initial_attestation.h.in
+
 .. ### Source: arm-software.github.io, armmbed.github.io
 
+.. _`PSA Certified APIs`: https://arm-software.github.io/psa-api/
+
 .. _`PSA Certified Crypto API`: https://arm-software.github.io/psa-api/crypto/
 .. _`psa_generate_random()`: https://arm-software.github.io/psa-api/crypto/1.1/api/ops/rng.html
+.. _`Key Identifiers`: https://arm-software.github.io/psa-api/crypto/1.1/api/keys/ids.html#key-identifiers
+.. _`Keystore Interface`: https://arm-software.github.io/psa-api/crypto/1.1/overview/goals.html#a-keystore-interface
 .. _`PSA Cryptography API 1.0.1`: https://armmbed.github.io/mbed-crypto/1.0.1/html/index.html
-.. _`PSA Certified APIs`: https://arm-software.github.io/psa-api/
 .. _`PSA Certified Crypto API 1.2.1`: https://arm-software.github.io/psa-api/crypto/1.2/
 .. _`PSA Certified Crypto API 1.2 PAKE Extension Final 1`: https://arm-software.github.io/psa-api/crypto/1.2/ext-pake/
 .. _`PSA functions for key management`: https://arm-software.github.io/psa-api/crypto/1.1/api/keys/management.html
+
+.. _`PSA Certified Secure Storage API`: https://arm-software.github.io/psa-api/storage/
 .. _`PSA Certified Secure Storage API 1.0`: https://arm-software.github.io/psa-api/storage/1.0/
+
+.. _`PSA Certified Attestation API`: https://arm-software.github.io/psa-api/attestation/
 .. _`PSA Certified Attestation API 1.0`: https://arm-software.github.io/psa-api/attestation/1.0/
 
+.. _`PSA Certified Firmware Update API`: https://arm-software.github.io/psa-api/fwu/
+
+
 .. ### Source: githubusercontent.com
 
 .. _`raw XML`: https://raw.githubusercontent.com/OpenMobileAlliance/lwm2m-registry/prod/version_history/3300-1_0.xml
@@ -381,6 +395,8 @@
 
 .. _`contact our sales`: https://www.nordicsemi.com/About-us/Contact-Us#Sales_related_questions
 
+.. _`PSA Certified Nordic Products`: https://www.nordicsemi.com/Products/Technologies/Security/Certifications?lang=en#infotabs
+
 .. #### Source: www.nordicsemi.com/Events/
 
 .. _`nRF Connect SDK v2.9.0 webinar`:
@@ -701,7 +717,9 @@
 .. _`nRF9160 DK GPS`:
 .. _`nRF9160 GPS receiver specification`: https://docs.nordicsemi.com/bundle/ps_nrf9160/page/gps.html
 .. _`nRF9160 System Protection Unit`: https://docs.nordicsemi.com/bundle/ps_nrf9160/page/spu.html
+.. _`nRF9160 flash access control`: https://docs.nordicsemi.com/bundle/ps_nrf9160/page/spu.html#ariaid-title4
 .. _`nRF9160 SiP pin configuration`: https://docs.nordicsemi.com/bundle/ref_at_commands/page/REF/at_commands/sip_pin_configuration/sip_pin_configuration.html
+.. _`nRF9160 CRYPTOCELL - Arm TrustZone CryptoCell 310`: https://docs.nordicsemi.com/bundle/ps_nrf9160/page/cryptocell.html
 
 .. _`nWP044 - Best practices for cellular IoT development LTE technology`: https://docs.nordicsemi.com/bundle/nwp_044/page/WP/nwp_044/lte_technology.html
 .. _`nWP044 - Best practices for cellular IoT development`: https://docs.nordicsemi.com/bundle/nwp_044/page/WP/nwp_044/intro.html
@@ -765,10 +783,13 @@
 .. _`nRF54L15 DK User Guide`: https://docs.nordicsemi.com/bundle/ug_nrf54l15_dk/page/UG/nRF54L15_DK/intro/intro.html
 .. _`nRF54L15 Debugger signals`: https://docs.nordicsemi.com/bundle/ps_nrf54L15/page/tampc.html#ariaid-title6
 .. _`nRF54L15 Security`: https://docs.nordicsemi.com/bundle/ps_nrf54L15/page/chapters/security.html
+.. _`nRF54L15 feature access control`: https://docs.nordicsemi.com/bundle/ps_nrf54L15/page/spu.html#ariaid-title8
 
 .. _`nRF53 Series`: https://docs.nordicsemi.com/category/nrf-53-series
 
 .. _`nRF5340 Product Specification`: https://docs.nordicsemi.com/bundle/ps_nrf5340/page/keyfeatures_html5.html
+.. _`nRF5340 CRYPTOCELL — Arm TrustZone CryptoCell 312`: https://docs.nordicsemi.com/bundle/ps_nrf5340/page/cryptocell.html
+
 .. _`nRF5340 DK User Guide`: https://docs.nordicsemi.com/bundle/ug_nrf5340_dk/page/UG/dk/intro.html
 .. _`Execute in place page in the nRF5340 Product Specification`: https://docs.nordicsemi.com/bundle/ps_nrf5340/page/qspi.html#d1789e363
 .. _`nRF5340 DK Compatibility Matrix`: https://docs.nordicsemi.com/bundle/comp_matrix_nrf5340/page/COMP/nrf5340/nrf5340_comp_matrix.html
@@ -1536,6 +1557,9 @@
 .. _`PSA Certified IoT Security Framework`: https://www.psacertified.org/what-is-psa-certified/using-psa-certified/
 .. _`What is a Root of Trust?`: https://www.psacertified.org/blog/what-is-a-root-of-trust/
 .. _`Device Attestation and Entity Attestation Tokens Explained`: https://www.psacertified.org/blog/what-is-an-entity-attestation-token/
+.. _`PSA Certified development resources`: https://www.psacertified.org/development-resources/
+.. _`PSA Certified foundational training course`: https://www.psacertified.org/development-resources/psa-certified-foundational-training-course/
+
 
 .. ### Source: etsi.org
 

doc/nrf/releases_and_maturity/releases/release-notes-changelog.rst

@@ -111,6 +111,7 @@ Security
     * Support for HKDF-Expand and HKDF-Extract in CRACEN.
     * Support for Ed25519ph(HashEdDSA) to CRACEN.
     * Documentation page about the :ref:`ug_tfm_architecture`.
+    * Documentation page about the :ref:`ug_psa_certified_api_overview`.
 
   * Updated:
 

doc/nrf/security/tfm/images/psa_certified_api_general.png

@@ -8,15 +8,11 @@ Trusted Firmware-M in the |NCS|
    :depth: 2
 
 Nordic Semiconductor recommends following `Platform Security Architecture (PSA)`_ for product development to ensure appropriate security implementation in IoT devices.
-PSA offers the `PSA Certified IoT Security Framework`_ for securing connected devices, which consists of four steps:
 
-* Analyze the threats that have the potential to compromise your device and generate a set of security requirements based on these risks.
-* Architect the right level of security for your product by using unique security requirements to identify and select components and specifications.
-* Implement the trusted components and firmware, making use of high-level APIs to build-in security and create an interface to the hardware Root of Trust (RoT).
-* Certify device, platform, or silicon by following independent security evaluation.
+Trusted Firmware-M (TF-M) is the reference implementation of PSA, which follows `PSA Certified IoT Security Framework`_ for securing connected devices.
+For more information about the framework, see the :ref:`ug_psa_certified_api_overview` page.
 
-Trusted Firmware-M (TF-M) is the reference implementation of PSA.
-It provides a reference design of a Secure Processing Environment (SPE) for Arm M-profile architectures.
+TF-M provides a reference design of a Secure Processing Environment (SPE) for Arm M-profile architectures.
 The SPE relies on security by separation to protect sensitive assets and code.
 TF-M also provides security services to the application, such as Protected Storage, Cryptography, and Attestation.
 
@@ -37,4 +33,5 @@ For more information about TF-M, see the `Trusted Firmware-M documentation <TF-M
 
    tfm_architecture
    processing_environments
+   psa_certified_api_overview
    tfm