improved docs

Signed-off-by: pietfried <[email protected]>
EVerest · Mar 19, 2024 · 24915b1 · 24915b1
1 parent 72913df
commit 24915b1
Showing 1 changed file with 24 additions and 28 deletions.
diff --git a/modules/EvseSecurity/doc.rst b/modules/EvseSecurity/doc.rst
@@ -1,47 +1,37 @@
 .. _everest_modules_handwritten_EvseSecurity:
 
-..  This file is a placeholder for an optional single file handwritten documentation for 
-    the EvseSecurity module.
-    Please decide weather you want to use this single file,
-    or a set of files in the doc/ directory.
-    In the latter case, you can delete this file.
-    In the former case, you can delete the doc/ directory.
-    
-..  This handwritten documentation is optional. In case
-    you do not want to write it, you can delete this file
-    and the doc/ directory.
-
-..  The documentation can be written in reStructuredText,
-    and will be converted to HTML and PDF by Sphinx.
-
 ====================================
 EvseSecurity
 ====================================
 
 :ref:`Link <everest_modules_EvseSecurity>` to the module's reference.
 
-This module implements the `evse_security` interface. It wraps the functionality of the `libevse-security` to provide access to security-related operations to other Everest modules such as OCPP and ISO15118. These modules require similar security-related operations and shared access to certificates and keys, which this module facilitates. For detailed information about the provided functionality, please refer to the README within the `libevse-security`.
+This module implements the [evse_security](https://github.com/EVerest/everest-core/blob/main/interfaces/evse_security.yaml) interface. It wraps the functionality of the [libevse-security](https://github.com/EVerest/libevse-security) to provide access to security-related operations to other Everest modules such as OCPP and ISO15118. These modules require similar security-related operations and shared access to certificates and keys, which this module facilitates. For detailed information about the provided functionality, please refer to the README within the [libevse-security](https://github.com/EVerest/libevse-security).
 
 CA Certificate Domains
 =======================
+
 The combination of ISO15118 and OCPP defines several CA certificate domains for charging stations, addressed and covered by this module:
-- V2G root: Trust anchor for ISO15118 TLS communication between the charging station and the electric vehicle.
-- CSMS root: Trust anchor for TLS communication between the charging station and OCPP CSMS.
-- MF root: Trust anchor of the manufacturer to verify firmware updates.
-- MO root: Trust anchor of the Mobility Operator domain to verify contract certificates.
+
+    * V2G root: Trust anchor for ISO15118 TLS communication between the charging station and the electric vehicle.
+    * CSMS root: Trust anchor for TLS communication between the charging station and OCPP CSMS.
+    * MF root: Trust anchor of the manufacturer to verify firmware updates.
+    * MO root: Trust anchor of the Mobility Operator domain to verify contract certificates.
 
 Module Configuration
 =====================
 
 The following instructions describe how to configure the module parameters mainly for two domains: OCPP communication and ISO15118 communication.
 
 Configuration for OCPP
-======================
+----------------------
+
 In OCPP and OCPP security profiles, the security level of the connection is specified as follows:
-- SecurityProfile 0: Unsecure transport without Basic Authentication
-- SecurityProfile 1: Unsecure transport with Basic Authentication
-- SecurityProfile 2: TLS with Basic authentication
-- SecurityProfile 3: TLS with client-side certificates
+
+    * SecurityProfile 0: Unsecure transport without Basic Authentication
+    * SecurityProfile 1: Unsecure transport with Basic Authentication
+    * SecurityProfile 2: TLS with Basic authentication
+    * SecurityProfile 3: TLS with client-side certificates
 
 Only when security profiles 2 or 3 are used, the configuration of this module is relevant for OCPP communication. In this case, the charging station acts as a TLS client.
 
@@ -52,14 +42,20 @@ Note: The OCPP modules in Everest can be configured to also trust the operating
 If security profile 3 is used, the ``csms_leaf_cert_directory`` and ``csms_leaf_key_directory`` need to be configured. These parameters specify the directory where the client certificate and key for the mTLS connection are located. New client CSMS certificates can be installed using the ``update_leaf_certificate`` command with the CSMS domain specified.
 
 Configuration for ISO15118
-==========================
+--------------------------
+
 For ISO15118 communication, the charging station provides a server endpoint to which the electric vehicle connects. The communication may be secured using TLS. If TLS is required/configured, correct configuration of the ``secc_leaf_cert_directory`` and ``secc_leaf_key_directory`` is required. These directories are used to locate the server certificate and key for the ISO15118 TLS server provided by the charging station.
 
 Private Key Password
-====================
+--------------------
+
 If private keys are generated in the process of generating a certificate signing request (CSR), the private keys are not encrypted with a password. Therefore, no password needs to be configured if all certificates are installed using the ``generate_certificate_signing_request`` and ``update_leaf_certificate`` commands. If existing certificates and private keys are to be installed, the ``private_key_password`` parameter specifies the password for encrypted private keys. Please note that only one value can be configured for possibly multiple encrypted private keys.
 
 More about CSMS, V2G, MO and MF Bundles
-=======================================
-The ``v2g_ca_bundle`` is used to verify the installation of SECC leaf certificates using the ``update_leaf_certificate`` command. The ``csms_ca_bundle`` is used to verify the installation of CSMS leaf certificates using the ``update_leaf_certificate`` command. The ``mo_ca_bundle`` is used to verify contract certificates provided by the electric vehicle as part of the ISO15118 Plug & Charge process. The ``mf_ca_bundle`` is used to verify firmware update files. New root certificates can be installed in the specified domain using the ``install_ca_certificate`` command.
+---------------------------------------
 
+* The ``v2g_ca_bundle`` is used to verify the installation of SECC leaf certificates using the ``update_leaf_certificate`` command. 
+* The ``csms_ca_bundle`` is used to verify the installation of CSMS leaf certificates using the ``update_leaf_certificate`` command.
+* The ``mo_ca_bundle`` is used to verify contract certificates provided by the electric vehicle as part of the ISO15118 Plug & Charge process.
+* The ``mf_ca_bundle`` is used to verify firmware update files.
+New root certificates can be installed in the specified domain using the ``install_ca_certificate`` command.