Easily Implement Security Best Practices into Your IoT Product

PSA Certified focuses on making security best practices freely accessible and easy to implement for the whole industry. The PSA Certified ecosystem contributes security architecture specifications, open PSA Functional APIs and a reference implementation of the PSA Root of Trust to give you all the requirements you need to build security directly into your IoT product.

Overview Documentation

Specifications

Whilst PSA Certified is architecture agnostic, we recognize that you may need architecture specific documentation to guide the way. The PSA Certified founders and ecosystem contribute specifications to guide the necessary hardware and firmware security requirements for products. These include system and firmware technical requirements, specifications for a Root of Trust and hardware requirements. We anticipate this section to encompass different architectures over time.

PSA Functional APIs

The PSA Certified ecosystem provides freely available APIs, the PSA Functional APIs, which provide a consistent developer experience for developers regardless of hardware implementations of the Root of Trust. Three PSA Functional APIs are available; Crypto, Secure Storage and Attestation. Compliance to these APIs can be assessed through PSA Functional API Certification.

PSA Certified Approved Reference Implementation

The ecosystem provides a PSA Certified approved reference implementation of the PSA Root of Trust. This supports adoption of PSA Certified and provides security functions over a wide variety of hardware platforms.

At PSA Certified Level 2 and PSA Certified Level 3 the Protection Profile has a security requirement for the PSA-RoT to provide an attestation method. The reference implementation used in Trusted Firmware-M is Entity Attestation Token (EAT). EAT provides a method for remote entities to request and receive trustworthy information (a set of claims) on the device that has been created in the trusted part of the system (PSA-RoT), signed by a private key. EAT has been standardized by IETF and helps build trust between devices and cloud based services. Find out more about it and access the source code below.