Arm TechCon always serves as a timely place to give an update on PSA and PSA Certified, as it’s where the scheme all began two years ago. It’s been a busy year for the PSA ecosystem, as at Embedded World in February, we introduced PSA Certified as the final stage of the Platform Security Architecture (PSA) framework. If you’re new to PSA Certified, it was created by six companies, to provide an independent yard-stick measurement for security. It features three progressive levels of certification, allowing everyone in the ecosystem to understand the level of security robustness of a product.
Since the launch of PSA Certified in February, we’ve been delighted to see the program being embraced by the IoT ecosystem. As the program has been gathering significant momentum, TrustCB has recently been appointed as the official certification body and scheme manager for PSA Certified.
In celebration of this news, we’ve opened a limited offer*, whereby we’re helping to lower the cost of Level 1 certification and Level 2 lab-based evaluations, by eliminating the Certification Body fees.**
To register your interest in this limited offer, please make sure it’s clearly indicated it in the application form, which is sent to email@example.com when you place an order with a test laboratory for PSA Certified evaluation. TrustCB will let you know if the offer is still available for your certification.
*This offer is only available for a limited number of certifications and may end without warning
**The developer will need to agree fees with a test laboratory separately.
We are pleased to announce that TrustCB has been appointed as the certification body and scheme manager for PSA Certified. TrustCB has been been selected for its strong experience in operating high assurance certification bodies and scheme management.
As we prepare for PSA Certified Level 2 partners, and the introduction of the PSA Certified Level 3 scheme in the next year, TrustCB will be an important part of the team, enabling partners to achieve higher levels of security assurance and robustness in IoT.
PSA Certified scheme has two types of certification and hence there are two logos available:
The first, PSA Certified, is for products passing the security evaluation by the test lab and awards a logo with a padlock in the middle of a green diamond and indicates the achieved level of product certification (level 1, 2 or 3).
The second is awarded to products that use the PSA Developer APIs and pass the test suites, “PSA Functional API Certified”, this is indicated by a logo without the padlock.
Solutions with the “Functional API” logo use some well-designed, high level, easy to use APIs to interface to the PSA Root of Trust security functions such as crypto services, attestation, secure storage and secure boot. Chip vendors and RTOS providers supporting the APIs will help device makers and software developers make use of the PSA RoT trusted services in a secure and consistent way and help provide secure foundations for IoT products at scale.
To facilitate chip vendors and software developers adopt the APIs at a pace that fits in with their product development cadence as well as accommodating legacy solutions, the PSA JSA members have decided to keep the two parts of the certification scheme independent for the rest of 2019. This means that PSA Certified Level 1 certification can be achieved with optional API compliance.
To realise the full value of PSA Certified it is highly recommended that chip vendors, software providers and OEMs make use of both parts of the scheme: PSA Certified and PSA Functional API Certified (the API compliance part).
Building trust in Internet of Things (IoT) devices is a critical enabler of IoT services at scale. If we trust the device then we can trust the data from that device and use that to drive new business insights and services in IoT. At the heart of device trust is the newly announced PSA Certified initiative.
At Embedded World in Nuremberg this year, we announced the creation of the PSA CertifiedTM program, the final stage of the Arm Platform Security Architecture (PSA). The program offers an independent security evaluation scheme for chips, OSes and devices developed to PSA specifications. It was an exciting week onsite at the show and we’re excited to share some of highlights with you below.
Arm has joined with leading security laboratories and silicon vendors to bring the promise of trusted IoT devices one step closer. PSA Certified™ enables IoT solution builders to establish the security and authenticity of the data collected from a diverse world of IoT devices.
Free test suites will also unlock the hardware security of the latest silicon platforms to software and OS developers. Functional API certification will make it easier to build secure applications from established and secure software building blocks.