From 9fd27a8031f4f015732dfdbc92316cfb2eec1cb7 Mon Sep 17 00:00:00 2001
From: Brad Campbell <bradjc5@gmail.com>
Date: Fri, 10 May 2024 12:43:57 -0400
Subject: [PATCH] doc: trd: storage: few more sentences

---
 doc/reference/trd-storage.md | 26 +++++++++++++++++++++++---
 1 file changed, 23 insertions(+), 3 deletions(-)

diff --git a/doc/reference/trd-storage.md b/doc/reference/trd-storage.md
index 3a3b528bc6..688fd75ae0 100644
--- a/doc/reference/trd-storage.md
+++ b/doc/reference/trd-storage.md
@@ -14,8 +14,7 @@ Application Persistent Data Storage and Permissions
 Abstract
 -------------------------------
 
-This document is in full compliance with
-[TRD1][TRD1].
+This document is in full compliance with [TRD1][TRD1].
 
 1 Introduction
 -------------------------------
@@ -60,11 +59,32 @@ There are three types of permissions:
 
 
 
-3 Requirements
+4 Requirements
 -------------------------------
 
 
 1. Applications are given separate write, read, and modify permissions.
+2. The label stored with the persistent data is the application's short AppID.
+3. Applications without a `ShortId::Unique` cannot access (i.e.,
+   read/write/modify) any persistent storage.
+4. How permissions are mapped to applications must be customizable for different
+   Tock kernels.
+
+
+5 Kernel Enforcement
+-------------------------------
+
+It is not feasible to implement all persistent storage APIs through the core
+kernel (i.e., in trusted code). Instead, the kernel provides an API to retrieve
+the storage permissions for a specific process. Capsules then use these
+permissions to enforce restrictions on storage access.
+
+6 Specifying Permissions
+-------------------------------
+
+Different users and different kernels will use different methods for determining
+the persistent storage access permissions for different applications (and by
+extensions the running process for that application).