Key documents

Security Model
Platform Security Boot Guide
Platform Security Requirements


Go to section:

Analyze | Architect | Implement | Certify

The following platform security resources help developers to achieve PSA Certified on Arm-based platforms. All resources on this page are designed for M- and A-profile IoT-devices and are developed and made freely available by Arm and its partners.

Analyze

A set of free, editable example Threat Models and Security Analyses (TMSA) for three common IoT use cases

Asset Tracker TMSA
Download bundle

Smart Water Meter TMSA
Download bundle

Network cameraTMSA
Download bundle

Architect

A set of freely available hardware and firmware specifications to design-in the necessary security requirements for M- and A-profile IoT devices

Security Model

Top-level requirements for secure design of all products, outlining the key goals for designing products with known security properties. We recommend security leads to read this document first.

Download

Platform Security Boot Guide

(BOOT-PSG)
This specification, formerly called Trusted Boot and Firmware Update (PSA-TBFU), outlines the system and firmware technical requirements for firmware boot and update.

Download

Platform Security Requirements

(PSR)
This document specifies the bare-minimum security requirements expected of System-on-Chips (SoC) across multiple markets.

Download

Authenticated Debug Access Control Specification

(ADAC)
This specification defines an extensible method for how to build strong authentication into the debug process.

Download

Platform security for M-profile architecture:

Firmware Framework for M

(FF-M)
Specification for a standard programming environment and fundamental Root of Trust (RoT) for secure applications on an M-profile product.

Download

FF-M Extensions

The FF-M Extensions document introduces a set of updates and extensions to the Firmware Framework for M specification (DEN 0063). This separate extensions document is to enable wider review and feedback on the proposed changes. When the proposed extensions are sufficiently stable, they will be integrated into the latest version 1.1 of DEN0063.

Download

Trusted Base System Architecture for M

(TBSA-M)
Specification for hardware requirements for Armv8-M products, including best practice recommendations for Armv6-M and Armv7-M.

Download

Platform security for A-profile architecture:

Firmware Framework for A

(FF-A)
Specification for a standard programming environment and fundamental Root of Trust (RoT) for secure applications on an A-profile product.

Download

Trusted Base System Architecture for A

(TBSA-A)
Specification for hardware and firmware requirements when designing systems based on Armv8-A processors.

Download

Firmware architecture for firmware updates on A-class devices

This document defines the standard infrastructure to enable robust FW updates on A-class products.

Download

Implement

An open-source firmware reference implementation, PSA Functional APIs, and an API test suite. Providing developers with a trusted code base that complies with platform security specifications, and security APIs that create a consistent interface to underlying Root of Trust hardware.

Trusted Firmware-M

(TF-M)
Provides reference implementation of secure world software to implement threat mitigations defined in common use cases

Visit Trusted Firmware

Trusted Firmware-A

(TF-A)
Provides reference implementation of secure world software for Armv7-A and Armv8-A processors.

Visit Trusted Firmware

Cryptography API

Cryptography API provides symmetric and asymmetric key, Hash, RNG, and key storage services with support for different key lifetime policies.

Download

Secure Storage API

Supports data protection services on the device, providing integrity and confidentiality protection

Download

Attestation API

Provides a way to obtain a health check token from the device, attesting of its components and serial numbers

Download

Firmware Update API

Defines a standard firmware interface for installing firmware updates

Download

API developer facing codes

Access PSA API developer facing codes on Github

Access on GitHub

API test suite

A test suite to verify the correct implementation of APIs in your system

Access on GitHub

Certify

PSA Certified is an independent evaluation and certification scheme developed by Arm and its security partners. The scheme tests and certifies that products meet PSA Certified security requirements.

Certify

Learn more about PSA Certified, access more resources, and find out how to get started with the certification process.

Visit PSA Certified

Arm support

Arm training courses are available to help you realize maximum performance with lowest risk and fast time-to-market. Find out more about our specific training courses for Threat Modelling and security IP.

Arm training courses  Open a support case