From 2a0dffc4372c061bb86da2fd30207e8eb1f1b5d2 Mon Sep 17 00:00:00 2001
From: Laukik Hase <laukik.hase@espressif.com>
Date: Wed, 31 Dec 2025 11:59:09 +0530
Subject: [PATCH] docs(esp_tee): Update the TEE attestation documentation for
 the PSA interface

---
 docs/doxygen/Doxyfile_esp32c5            |  2 +-
 docs/doxygen/Doxyfile_esp32c6            |  2 +-
 docs/doxygen/Doxyfile_esp32c61           |  2 +-
 docs/doxygen/Doxyfile_esp32h2            |  2 +-
 docs/en/security/tee/tee-attestation.rst | 12 ++++--------
 5 files changed, 8 insertions(+), 12 deletions(-)

diff --git a/docs/doxygen/Doxyfile_esp32c5 b/docs/doxygen/Doxyfile_esp32c5
index ef1c0e0e20..d9a797a88d 100644
--- a/docs/doxygen/Doxyfile_esp32c5
+++ b/docs/doxygen/Doxyfile_esp32c5
@@ -21,5 +21,5 @@ INPUT += \
         $(PROJECT_PATH)/components/esp_phy/include/esp_phy_cert_test.h \
         $(PROJECT_PATH)/components/esp_tee/include/esp_tee.h \
         $(PROJECT_PATH)/components/esp_tee/subproject/components/tee_sec_storage/include/esp_tee_sec_storage.h \
-        $(PROJECT_PATH)/components/esp_tee/subproject/components/tee_attestation/esp_tee_attestation.h \
         $(PROJECT_PATH)/components/esp_tee/subproject/components/tee_ota_ops/include/esp_tee_ota_ops.h \
+        $(PROJECT_PATH)/components/mbedtls/port/include/psa/initial_attestation.h \
diff --git a/docs/doxygen/Doxyfile_esp32c6 b/docs/doxygen/Doxyfile_esp32c6
index 34ad09b032..7b0066b0e3 100644
--- a/docs/doxygen/Doxyfile_esp32c6
+++ b/docs/doxygen/Doxyfile_esp32c6
@@ -19,6 +19,6 @@ INPUT += \
     $(PROJECT_PATH)/components/esp_wifi/include/esp_wifi_he.h \
     $(PROJECT_PATH)/components/esp_tee/include/esp_tee.h \
     $(PROJECT_PATH)/components/esp_tee/subproject/components/tee_sec_storage/include/esp_tee_sec_storage.h \
-    $(PROJECT_PATH)/components/esp_tee/subproject/components/tee_attestation/esp_tee_attestation.h \
     $(PROJECT_PATH)/components/esp_tee/subproject/components/tee_ota_ops/include/esp_tee_ota_ops.h \
+    $(PROJECT_PATH)/components/mbedtls/port/include/psa/initial_attestation.h \
     $(PROJECT_PATH)/components/ulp/lp_core/shared/include/ulp_lp_core_lp_uart_shared.h \
diff --git a/docs/doxygen/Doxyfile_esp32c61 b/docs/doxygen/Doxyfile_esp32c61
index 674784e580..55c59c9fae 100644
--- a/docs/doxygen/Doxyfile_esp32c61
+++ b/docs/doxygen/Doxyfile_esp32c61
@@ -7,5 +7,5 @@ INPUT += \
     $(PROJECT_PATH)/components/esp_phy/include/esp_phy_cert_test.h \
     $(PROJECT_PATH)/components/esp_tee/include/esp_tee.h \
     $(PROJECT_PATH)/components/esp_tee/subproject/components/tee_sec_storage/include/esp_tee_sec_storage.h \
-    $(PROJECT_PATH)/components/esp_tee/subproject/components/tee_attestation/esp_tee_attestation.h \
     $(PROJECT_PATH)/components/esp_tee/subproject/components/tee_ota_ops/include/esp_tee_ota_ops.h \
+    $(PROJECT_PATH)/components/mbedtls/port/include/psa/initial_attestation.h \
diff --git a/docs/doxygen/Doxyfile_esp32h2 b/docs/doxygen/Doxyfile_esp32h2
index 1e2dd24bb5..74b8764e12 100644
--- a/docs/doxygen/Doxyfile_esp32h2
+++ b/docs/doxygen/Doxyfile_esp32h2
@@ -5,5 +5,5 @@ INPUT += \
     $(PROJECT_PATH)/components/esp_phy/include/esp_phy_cert_test.h \
     $(PROJECT_PATH)/components/esp_tee/include/esp_tee.h \
     $(PROJECT_PATH)/components/esp_tee/subproject/components/tee_sec_storage/include/esp_tee_sec_storage.h \
-    $(PROJECT_PATH)/components/esp_tee/subproject/components/tee_attestation/esp_tee_attestation.h \
     $(PROJECT_PATH)/components/esp_tee/subproject/components/tee_ota_ops/include/esp_tee_ota_ops.h \
+    $(PROJECT_PATH)/components/mbedtls/port/include/psa/initial_attestation.h \
diff --git a/docs/en/security/tee/tee-attestation.rst b/docs/en/security/tee/tee-attestation.rst
index 7634d852c1..672067e74c 100644
--- a/docs/en/security/tee/tee-attestation.rst
+++ b/docs/en/security/tee/tee-attestation.rst
@@ -101,8 +101,8 @@ EAT: Claim Table
     * - **Claim**
       - **Description**
       - **Comments**
-    * - Nonce
-      - For protection from Reply Attack. If attestation is initiated by the device, it provides the nonce as part of the attestation request to the Relying Party.
+    * - Authentication Challenge
+      - Challenge data provided by the caller to protect against replay attacks. This is typically a cryptographic nonce (random value) or a hash of data that includes a nonce. When using a data hash, the caller must ensure replay protection by incorporating a nonce into the hashed data.
       -
     * - Client ID
       - Relying Party identification
@@ -176,7 +176,7 @@ Sample EAT in JSON format
       "key_id": "tee_att_key0"
     },
     "eat": {
-      "nonce": -1582119980,
+      "auth_challenge":"dcb9b53143ad6b081dad1a05c7ebda4e314d388762215799cf24ed52e9387678"
       "client_id": 262974944,
       "device_ver": 1,
       "device_id": "e8cddb2a7f9a5a7c61735d6dda26e4bd153c6d772a9be6f26bd321dfe25e0ac8",
@@ -253,8 +253,4 @@ The :example:`tee_attestation <security/tee/tee_attestation>` example demonstrat
 API Reference
 -------------
 
-.. note::
-
-    To use the TEE Attestation APIs in your project, ensure that the :component:`tee_attestation <esp_tee/subproject/components/tee_attestation>` component is listed as a local dependency in the component manager manifest file `idf_component.yml <https://docs.espressif.com/projects/idf-component-manager/en/latest/reference/manifest_file.html>`_. Refer to the :example:`tee_attestation <security/tee/tee_attestation>` example for guidance.
-
-.. include-build-file:: inc/esp_tee_attestation.inc
+.. include-build-file:: inc/initial_attestation.inc