/'
 ' Copyright (c) 2023, Arm Limited. All rights reserved.
 '
 ' SPDX-License-Identifier: BSD-3-Clause
 '/

/'
TF-A with Arm CCA Data Flow Diagram
'/

@startuml
digraph tfa_dfd {

    # Arrange nodes from left to right
    rankdir="LR"

    # Allow arrows to end on cluster boundaries
    compound=true

    # Default settings for edges and nodes
    edge [minlen=2 color="#8c1b07"]
    node [fillcolor="#ffb866" style=filled shape=box fixedsize=true width=1.6 height=0.7]

    # Nodes outside of the trust boundary
    realm [label="Realm\nClients"]
    nsec [label="Non-secure\nClients"]
    sec [label="Secure\nClients"]
    dbg [label="Debug & Trace"]
    uart [label="UART"]
    nvm [label="Non-volatile\nMemory"]

    # Trust boundary cluster
    subgraph cluster_trusted{
        graph [style=dashed color="#f22430"]

        # HW IPs cluster
        subgraph cluster_ip{
            label ="Hardware IPs";
            graph [style=filled color="#000000" fillcolor="#ffd29e"]

            rank="same"
            gic [label="GIC" width=1.2 height=0.5]
            mmu [label="MMU" width=1.2 height=0.5]
            etc [label="..." shape=none style=none height=0.5]
        }

        # TF-A cluster
        subgraph cluster_tfa{
            label ="TF-A";
            graph [style=filled color="#000000" fillcolor="#faf9cd"]

            bl1 [label="Boot ROM\n(BL1)" fillcolor="#ddffb3"];
            bl2 [label="Trusted Boot\nFirmware\n(BL2)" fillcolor="#ddffb3" height=1]
            bl31 [label="TF-A Runtime\n(BL31)" fillcolor="#ddffb3"]
        }

        # HES cluster
        subgraph cluster_hes{
            label ="Arm CCA HES";
            graph [style=filled color="#000000" fillcolor="#ffd29e"]

            hes [label="Hardware\nEnforced Security"]
        }
    }

    # Interactions between nodes

    # -- The following lines are copied from tfa_dfd.puml and must not be
    #    changed, at the risk of invalidating DF* references.
    nvm -> bl31 [lhead=cluster_tfa label="DF1"]
    uart -> bl31 [dir="both" lhead=cluster_tfa label="DF2"]
    dbg -> bl2 [dir="both" lhead=cluster_tfa label="DF3"]
    sec -> bl2 [dir="both" lhead=cluster_tfa label="DF4"]
    nsec -> bl1 [dir="both" lhead=cluster_tfa, label="DF5"]
    bl2 -> mmu [dir="both" ltail=cluster_tfa lhead=cluster_ip label="DF6"]

    # -- The following lines are new for Arm CCA DFD.
    bl2 -> hes [dir="both" ltail=cluster_tfa lhead=cluster_hes label="DF7"]
    realm -> bl2 [dir="both" lhead=cluster_tfa label="DF8"]
}

@enduml