Remove HarmonyOS writeups

Signed-off-by: Amit Kucheria <amit.kucheria.ext@huawei.com>

Remove HarmonyOS writeups
Signed-off-by: Amit Kucheria <amit.kucheria.ext@huawei.com>
f2455172 · Amit Kucheria · Gururaj Shetty · eef8fc76 · f2455172 · eef8fc76
Commit f2455172 authored 4 years ago by Amit Kucheria Committed by Gururaj Shetty 4 years ago
--- a/overview/README.rst
+++ b/overview/README.rst
@@ -8,6 +8,4 @@
   
   
   about-openharmony
-   technical-features
-   system-security
   
--- a/overview/figures/.gitkeep
+++ b/overview/figures/.gitkeep
--- a/overview/figures/architecture.png
+++ b/overview/figures/architecture.png
--- a/overview/figures/data_management.png
+++ b/overview/figures/data_management.png
--- a/overview/figures/device_virtual.png
+++ b/overview/figures/device_virtual.png
--- a/overview/figures/muti-device.png
+++ b/overview/figures/muti-device.png
--- a/overview/figures/system_security.jpg
+++ b/overview/figures/system_security.jpg
--- a/overview/figures/task_scheduling.png
+++ b/overview/figures/task_scheduling.png
--- a/overview/figures/virtual_bus.png
+++ b/overview/figures/virtual_bus.png
--- a/overview/system-security.rst
+++ b/overview/system-security.rst
-.. include:: ../definitions.rst
-
-System Security
-===============
-
-|main_project_name|-powered distributed devices ensure that the right person uses the right data through the right device.
-
- Ensure the right person by performing distributed collaborative identity authentication.
- Ensure the right device by building a trusted operating environment on the distributed device.
- Ensure the right data by implementing classified and hierarchical management of data transmitted across devices.
-
-Right Person
------------
-
-In the distributed scenario, the right person refers to an authenticated user who accesses the data or uses the service. The right person is the prerequisite for preventing illegal data access or user privacy breach. |main_project_name| implements distributed collaborative identity authentication in the following ways:
-
- **Zero-trust model**: Implements user authentication and data access control. When a user attempts to access data across devices or perform a service operation with a high security level (for example, operating a security protection device), |main_project_name| authenticates the user to ensure that the user is authorized to perform the operation.
-
- **Multi-factor authentication**: Associates authentication credentials that identify the same user on different devices to improve authentication accuracy.
-
- **Collaborative authentication**: Decouples identity authentication from hardware so that identity authentication and data collection can be done on different devices to implement resource pooling as well as capability collaboration and sharing. This allows the right device to do the right thing and makes it possible for devices with a high security level to assist devices with a low security level in authenticating users.
-
-Right Device
------------
-In the distributed scenario, the right person using the right device is the prerequisite to safeguard effective user data security on virtual devices and prevent user privacy breach.
-
- **Secure boot** : |main_project_name| ensures from the source that the system firmware and applications running on each virtual device from the source are intact and untampered with. With secure boot, |main_project_name| protects image packages of device vendors from being replaced maliciously, thereby ensuring user data security and privacy.
-
- **TEE** : |main_project_name| provides a hardware-based Trusted Execution Environment (TEE) to prevent data leakage of sensitive personal data when they are stored or processed. As the hardware of distributed devices varies in security capabilities, security issues may arise if sensitive personal data of users is stored and processed by devices with a low security level. To address this issue, |main_project_name| uses formal verification methods, which are an effective mathematical approach to validate system correctness, to secure the TEE microkernel. This helps the microkernel successfully achieve a CC EAL5+ certification for a commercial OS kernel.
-
- **Device certificate authentication**: |main_project_name| preconfigures a public key infrastructure (PKI) device certificate in the TEE of a device so that the device can prove its security capabilities to other virtual devices. The device certificate ensures that the device is one that was manufactured legally. The certification is preconfigured during device production and proves that the device was manufactured legally. The private key of the certification is written and securely stored in the TEE and can only be used in the TEE. When sensitive user data (such as keys and encrypted biometrics) needs to be transmitted between devices, a secure channel is established between their TEEs only after the device security has been proven using the device certificate. The below figure shows how the device certificate is used.
-
-.. figure:: figures/system_security.jpg
-   :scale: 50
-   :align: center
-
-   Figure 1 Using the device certificate
-
-Right Data
----------
-
-To ensure that the right data is used by the right person, |main_project_name| protects data security and privacy throughout the entire lifecycle, from data generation and storage to data use, transmission, and destruction. This ensures that personal data and privacy as well as confidential data (such as keys) are strictly protected against disclosure.
-
- **Data generation**: Data is categorized and classified in compliance with local laws and regulations, and different protection levels are configured for the data based on the classification. For data granted with a specific protection level, security protection is implemented based on the corresponding security policy throughout the entire lifecycle. The access control system of the super virtual device supports tag-based access control policies, which ensure that data can be stored, used, and transmitted only on virtual devices that are able to provide effective security protection.
-
- **Data storage**: Data with different security levels are stored in partitions with corresponding security protection capabilities to ensure data security. In addition, seamless cross-device key mobility and access control are supported throughout the lifecycle of keys for distributed, collaborative identity authentication and data sharing.
-
- **Data usage**: Sensitive user data can only be used in a hardware-based TEE of distributed virtual devices, thereby ensuring data security and privacy.
-
- **Data transmission**: To ensure secure data flow between virtual devices, each device must be reliable and trusted. Trust relationship is established among multiple virtual devices paired by using a HUAWEI ID. A secure channel will be established between virtual devices only after the trust relationship is verified, so that data can be transmitted securely. If two devices need to communicate with each other, they must be authenticated based on their identity credentials. After a successful authentication, an encrypted channel will be established for communication between the devices.
-
- **Data destruction**: Data destruction is implemented by destroying keys. Data is stored on virtual devices based on keys. To destruct data completely, you only need to destroy the keys protecting the data.
--- a/overview/technical-features.rst
+++ b/overview/technical-features.rst
-.. include:: ../definitions.rst
-
-Technical Features
-##################
-
-Hardware Collaboration and Resource Sharing
-===========================================
-
-Distributed Virtual Bus
-----------------------
-
-Distributed virtual bus is a unified base for interconnection among devices. It powers devices with distributed communication capabilities. With such capabilities, devices can quickly discover and connect to each other, allowing efficient task distribution and data transmission. Figure 1 shows the diagram of distributed virtual bus.
-
-.. figure:: figures/virtual_bus.png
-
-   Figure 1 Distributed virtual bus
-
-Distributed Device Virtualization
---------------------------------
-
-The distributed device virtualization platform enables cross-device resource convergence, device management, and data processing so that multiple devices jointly function as a super virtual device. This platform virtualizes devices and fully utilizes their advantages by assigning the most appropriate hardware to execute particular user tasks. This ensures continuity of services while migrating between different devices. Figure 2 shows the diagram of distributed device virtualization.
-
-.. figure:: figures/device_virtual.png
-
-   Figure 2 Distributed device virtualization
-
-Distributed Data Management
---------------------------
-
-Distributed data management leverages distributed virtual bus to manage application data and user data distributed on different devices. Under such management, user data is no longer bound to a single physical device, and service logic is separated from data storage. As your applications are running across devices, their data is seamlessly transmitted from one device to another, therefore creating a foundation for consistent and smooth user experience. Figure 3 shows the diagram of distributed data management.
-
-.. figure:: figures/data_management.png
-
-   Figure 3 Distributed data management
-
-Distributed Task Scheduling
---------------------------
-
-Distributed task scheduling is designed based on technical features such as distributed virtual bus, distributed data management, and distributed profile. It builds a unified distributed service management mechanism (including service discovery, synchronization, registration, and invocation), and supports remote startup, remote invocation, remote connection, and migration of applications across devices. This way, your applications can select a suitable device to perform distributed tasks based on the capabilities, locations, running status, and resource usage of different devices, as well as user habits and intentions.
-
-.. figure:: figures/task_scheduling.png
-
-   Figure 4 Distributed task scheduling
-
-
-One-Time Development for Multi-Device Deployment
------------------------------------------------
-
-|main_project_name| provides the application, ability, and UI frameworks, which allow you to reuse service and UI logic during application development. This way, you can develop your applications once, and then deploy them across a broad range of devices, improving your development efficiency. Figure 5 shows the diagram of one-time development and multi-device deployment.
-
-.. figure:: figures/muti-device.png
-
-   Figure 5 One-time development and multi-device deployment
-
-Unified OS for Flexible Deployment
----------------------------------
-
-|main_project_name| leverages component-based and miniaturized-oriented designs to allow on-demand deployment for diversified devices, adapting to different hardware resources and business characteristics. Specifically, component dependencies are automatically generated based on the cross-compilation toolchain to form a tree diagram illustrating component dependencies, facilitating convenient development and making development available for various devices, regardless of their hardware capabilities.
-
- **On-demand component selection**: You can select required components based on hardware forms and requirements.
-
- **Mutable function set configuration**: You can tailor function sets for each component based on hardware resources and function requirements. For example, you have an option of configuring only certain components for the UI framework.
-
- **Associative inter-component dependencies**: You can have inter-component dependencies automatically generated based on the cross-compilation toolchain. For example, if you select components for the UI framework, their associative graphics engine-specific components will be automatically selected.