Arm TechCon always serves as a timely place to give an update on PSA and PSA Certified, as it’s where the scheme all began two years ago. It’s been a busy year for the PSA ecosystem, as at Embedded World in February, we introduced PSA Certified as the final stage of the Platform Security Architecture (PSA) framework. If you’re new to PSA Certified, it was created by six companies, to provide an independent yard-stick measurement for security. It features three progressive levels of certification, allowing everyone in the ecosystem to understand the level of security robustness of a product.
The PSA Certified team have been delighted with the progress we’ve had so far this year, with over 25 products certified already, and we’re continuing to see the ecosystem embracing security. Let’s take a look at the key milestones for all three of the certification levels and what’s to come in the next year…
Level 1 Certification Continues to Gain Momentum
PSA Certified Level 1 certification assesses a set of critical security questions to ensure fundamental security requirements have been considered and designed into a device. Level 1 can be completed by the whole ecosystem, with specific security questions for chip vendors, OS providers and OEMs.
At the launch of PSA Certified Level 1, a number of partners, who had been designing products in line with the PSA framework and specifications, were ready to share their certified products. Since then, PSA Certified has continued to gain momentum, with key players in the industry joining the certification scheme.
We are really excited to share that Renesas Electronics Corporation, a leading supplier of advanced semiconductor solutions, has become the latest certified partner. They have achieved Level 1 certification of the Renesas Advanced (RA) Family of 32-bit Arm Cortex-M microcontrollers. These products deliver optimized performance, connectivity, peripheral IP and a flexible software package along with certified security measures to enable the next generation of embedded solutions for a wide range of verticals.
This week we’re also announcing that Korean company Security Platform Inc (SPI) have achieved PSA Certified Level 1 accreditation for their smart meter module and that NXM have received PSA Certified Level 1 accreditation for their autonomous security platform.
It is essential that the whole ecosystem is bought into the PSA Certified program, creating a common standard for the industry. PSA Certified has received an increase of applications from original equipment manufacturers (OEMs) showing an interest in Level 1 certification, we’re excited to see it moving further up the supply chain.
PSA Certified Level 2 Laboratory Testing
Level 2 certification was also announced at Embedded World, with a vision to launch the certification scheme later this year. PSA Certified Level 2 will provide laboratory-based penetration testing of IoT chips with a PSA Root of Trust (PSA-RoT) security component.
A lot of progress has been made on the certification scheme and the we are continuing to work with a number of partners to ensure they are ready for testing.
To create a frictionless experience for PSA Certified Level 2, Arm has provided an example security target for Level 2 certification, based on Trusted Firmware-M and the Arm Musca development board which is being used for ‘pipe cleaning’. We are also in the process of finalising the 1.0 version of protection profile documents which will be available in the PSA Certified resources.
We’ve already had interest from a number of companies who are looking to complete PSA Certified Level 2 in the coming months, so watch this space.
Level 3 soon to become a reality
With Level 1 and 2 in flight, we have been turning our attention to PSA Certified Level 3, which will provide a substantial level of robustness and security. The Level 3 certification protection profile is being reviewed by the PSA Certified team with a view for testing to be ready for use in the second half of 2020.
Functional APIs continuing to ease the developer journey
The PSA APIs provide developers with access from the main firmware application to the security services on any PSA-compliant platform, making their code portable and understandable everywhere.
Functional API Certification continues to be an integral part of PSA Certified, providing a test suite for PSA APIs and encouraging widespread use of the PSA-RoT. Certified partners can access the APIs, run the test and, upon successful completion, use the functional API logo.
PSA beyond IoT device security
While PSA Certified continues to gain momentum and become a common language for IoT device security, new avenues are being explored for PSA. Many of the PSA documents were made with constrained IoT in mind, however a lot of the principles map to other segments. One avenue that is being explored is how the PSA framework maps to the infrastructure edge and how you can make use of it. Arm and its ecosystem are continuing to invest to provide the documents needed to make this as frictionless as possible, including threat models and documentation to get started.
It’s not over yet…
A lot has happened in the last eight months, and PSA Certified continues to develop and evolve. Keep up with the latest news by checking in on the PSA Certified blog. If you’re interested in the certification scheme or want to find out more about how you can get involved, contact us here.