PSA Certified Level 2 provides a laboratory evaluation of a PSA Root of Trust (PSA-RoT) to provide evidence that it can protect against scalable software attacks. Evaluation Labs use vulnerability analysis and penetration testing of the PSA-RoT to establish if the nine security requirements of the PSA-RoT Protection Profile have been met.
Time-boxed evaluation (ANSSI CSPN style) provides an efficient evaluation at reasonable cost. A fixed evaluation lab effort of 25 days can be done off the critical path from a product development point of view.
Moving from “trust me” to independent lab-based testing and review from the PSA Certified Certification Body provides customers with security assurance suitable for many mass market IoT solutions.
Once a PSA-RoT is certified, multiple companies can use it in different use cases and markets.
PSA Certified Level 2 At a Glance
PSA Root of Trust
Seven – detailed in the PSA-RoT Protection Profile
|Security Functional Requirements||
Nine – detailed in the PSA-RoT Protection Profile
25 days* – white box evaluation
Chips can achieve certification of PSA Certified Level 1 and PSA Certified Level 2 at once, because PSA Certified Level 2 assesses both requirements.
*The elapsed calendar time may differ depending on available resources and interactions with the certification body. The 25 days of evaluation efforts includes Security Target review, vulnerability assessment, test plan, testing and write-up of the Evaluation Technical Report.
For Device Manufacturers Using PSA Certified Level 2 Chips in End Products:
Cryptographic keys stored in the PSA-RoT should be unique per device to prevent creation of a honeypot for physical attacks, including side-channel attacks.
For further information on the attack methods for PSA Certified Level 2 evaluation, contact an evaluation lab.
PSA Certified Level 2 RoT Component
Showcase RoT components that provide protection against scalable, remote software attacks, by aligning to a sub-set of the PSA Certified Level 2 security functional requirements. This process uses the SESIP protection profiles and allows you to achieve an official PSA Certified certificate.