One of the goals of Trusted Substrate is to implement technologies in various projects so that creating WP.29 or NIST 800 compliant products is as simple and fast as possible.
On the implementation quality and performance side, there are a number of specifications or recommendations that are considered:
PSA product certification level 3 readiness
Some markets such as automotive have boot time constraints that result in firmware performance constraints
Another goal of Trusted Substrate is to implement technologies in various firmware and non firmware projects to reach those performance and quality requirements.
On the feature/behavior side, some operating system or hypervisor level services may rely on firmware or secure firmware facilities such as
Global Platform compliant TEE interface
Other candidates under consideration
Microsoft OpenEnclave as a richer Application - TEE application framework
FIDO device onboarding and provisioning
GSA device lifecycle management (standardization of keys/secrets/certification/fuses provisioning at manufacturing time)
So it is a goal of the Trusted Substrate to implement technologies in various firmware and non firmware projects to have present operating systems or hypervisors with consistent behavior.
Combining all those requirements, Trusted Substrate ambition is to enable industrial grade off-the-shelf operating systems and hypervisors to run as is on compliant platforms and greatly augment supported platforms for vertical market targeted distributions such as Oniro, Civil Infrastructure Platform, Automotive Grade Linux, OpenIL, Scientific Linux and its derivatives as well as LEDGE Reference Platform and other commercial versions.
All platform independent and Arm specifications related recipes will be folded in to meta-arm layer, while market specific recipes (WP.29 or others) will be maintained in meta-trustedsubstrate.
Trusted Substrate-IR (yet to be formally defined)
IR stands for "IoT Ready". The definition of IoT is very board and can apply to single core or tens of cores platforms with multiple 10Gbps ethernet ports.
"IoT Ready" platforms may have strict boot time, security, safety readiness requirements.
ES stands for Embedded Server. It differs from SR (Server Ready) with less hardware requirements. Operationally it may though require more security protections as ES will be exposed out of data centers.
ES is more applicable to Telecom edge for instance while IR (see above) is more applicable to industrial/automotive.