For Chips That Protect Against Scalable, Remote Software Attacks

PSA Certified Level 2 provides a laboratory evaluation of a PSA Root of Trust (PSA-RoT) to provide evidence that it can protect against scalable software attacks. Evaluation Labs use vulnerability analysis and penetration testing of the PSA-RoT to establish if the nine security requirements of the PSA-RoT Protection Profile have been met.

Time-efficient Testing

Time-boxed evaluation (ANSSI CSPN style) provides an efficient evaluation at reasonable cost. A fixed evaluation lab effort of 25 days can be done off the critical path from a product development point of view.

Independent Assurance

Moving from “trust me” to independent lab-based testing and review from the PSA Certified Certification Body provides customers with security assurance suitable for many mass market IoT solutions.

Widespread Applicability

Once a PSA-RoT is certified, multiple companies can use it in different use cases and markets.

PSA Certified Level 2 At a Glance

AudienceChip vendors
ScopePSA Root of Trust
ThreatsSeven – detailed in the PSA-RoT Protection Profile
Security Functional RequirementsNine – detailed in the PSA-RoT Protection Profile
Evaluation Effort25 days* – white box evaluation

Chips can achieve certification of PSA Certified Level 1 and PSA Certified Level 2 at once, because PSA Certified Level 2 assesses both requirements.

*The elapsed calendar time may differ depending on available resources and interactions with the certification body. The 25 days of evaluation efforts includes Security Target review, vulnerability assessment, test plan, testing and write-up of the Evaluation Technical Report.

Attack Methods Assessed

The PSA Certified Level 2 evaluation methodology:

  •  Inspired by ANSSI CSPN, a practical, time-limited approach to penetration testing 

The PSA-RoT Protection Profile focuses on:

  • Scalable software attacks (see Attack Method document for details)
  • Establishing nine lab-tested security functional requirements are met

For Device Manufacturers Using PSA Certified Level 2 Chips in End Products:

Cryptographic keys stored in the PSA-RoT should be unique per device to prevent creation of a honeypot for physical attacks, including side-channel attacks.

For further information on the attack methods for PSA Certified Level 2 evaluation, contact an evaluation lab.

Getting Started

PSA Certified Level 2 evaluation process

Pre-Certification

PSA Certified Level 2 Ready reflects the unique requirements in the security ecosystem. It offers a pre-certification assessment for development systems with significant investment in security and assesses a sub-set of security requirements.

PSA Certified Level 2 Ready speeds the route to more comprehensive PSA Certified Level 2 certification of development systems.