Go to section:
The following platform security resources help developers to achieve PSA Certified on Arm-based platforms. All resources on this page are designed for M- and A-profile IoT-devices and are developed and made freely available by Arm and its partners.
A set of free, editable example Threat Models and Security Analyses (TMSA) for three common IoT use cases
Asset Tracker TMSADownload bundle
Smart Water Meter TMSADownload bundle
Network cameraTMSADownload bundle
A set of freely available hardware and firmware specifications to design-in the necessary security requirements for M- and A-profile IoT devices
Top-level requirements for secure design of all products, outlining the key goals for designing products with known security properties. We recommend security leads to read this document first.Download
Platform Security Boot Guide
This specification, formerly called Trusted Boot and Firmware Update (PSA-TBFU), outlines the system and firmware technical requirements for firmware boot and update.
Platform Security Requirements
This document specifies the bare-minimum security requirements expected of System-on-Chips (SoC) across multiple markets.
Authenticated Debug Access Control Specification
This specification defines an extensible method for how to build strong authentication into the debug process.
Platform security for M-profile architecture:
Firmware Framework for M
Specification for a standard programming environment and fundamental Root of Trust (RoT) for secure applications on an M-profile product.
The FF-M Extensions document introduces a set of updates and extensions to the Firmware Framework for M specification (DEN 0063). This separate extensions document is to enable wider review and feedback on the proposed changes. When the proposed extensions are sufficiently stable, they will be integrated into the latest version 1.1 of DEN0063.Download
Trusted Base System Architecture for M
Specification for hardware requirements for Armv8-M products, including best practice recommendations for Armv6-M and Armv7-M.
Platform security for A-profile architecture:
Firmware Framework for A
Specification for a standard programming environment and fundamental Root of Trust (RoT) for secure applications on an A-profile product.
Trusted Base System Architecture for A
Specification for hardware and firmware requirements when designing systems based on Armv8-A processors.
An open-source firmware reference implementation, PSA Functional APIs, and an API test suite. Providing developers with a trusted code base that complies with platform security specifications, and security APIs that create a consistent interface to underlying Root of Trust hardware.
Provides reference implementation of secure world software to implement threat mitigations defined in common use cases
Provides reference implementation of secure world software for Armv7-A and Armv8-A processors.
Cryptography API provides symmetric and asymmetric key, Hash, RNG, and key storage services with support for different key lifetime policies.Download
Secure Storage API
Supports data protection services on the device, providing integrity and confidentiality protectionDownload
Provides a way to obtain a health check token from the device, attesting of its components and serial numbersDownload
Firmware Update API
Defines a standard firmware interface for installing firmware updatesDownload
API developer facing codes
Access PSA API developer facing codes on GithubAccess on GitHub
API test suite
A test suite to verify the correct implementation of APIs in your systemAccess on GitHub
PSA Certified is an independent evaluation and certification scheme developed by Arm and its security partners. The scheme tests and certifies that products meet PSA Certified security requirements.
Learn more about PSA Certified, access more resources, and find out how to get started with the certification process.Visit PSA Certified
History and evolution of platform security
PSA Certified is a security framework for the IoT sector. Initially introduced by Arm in 2017 as the Platform Security Architecture or PSA, it was designed to help developers build in the right levels of security to connected IoT devices. It has since evolved into a four-step process and, in 2019, Arm joined other industry leaders in founding PSA Certified. PSA Certified is an architecture-independent framework that can be used with any instruction set architecture. Arm provides a wide range of architectures and other resources that help our partners to use the PSA Certified framework and obtain certification.
2017 – Arm launches Platform Security Architecture (PSA) as a three-step framework – analyze, architect, implement – aimed at raising the standards of security across the IoT-device sector. The framework offers freely available threat models and security analysis documentation (analyze), hardware and firmware M-profile architecture specifications (architect), and OS reference implementation code, APIs and an API test suite (implement).
2018 – Arm identifies a need to test and certify systems being developed to PSA specifications/standards. Arm and industry leaders start developing PSA Certified – an architecture-agnostic evaluation and certification program, that encompasses an additional fourth step in the security framework – certify.
2019 – Arm and six other co-founders launch PSA Certified. Arm expands its architecture specifications to include A-profile architecture IoT devices, offering both hardware and firmware architecture specifications for both M-profile (lower-power IoT and embedded) and A-profile (high-performance IoT) devices.
2020 – Arm documentation, designed to help partners achieve PSA Certified on Arm-based platforms, is collated under the heading ‘platform security’. This heading replaces the earlier terms ‘Platform Security Architecture’ and ‘PSA’ to avoid confusion with the PSA Certified scheme. All Arm resources are now referred to as ‘platform security’ resources. Platform security resources provide the Arm-based route to PSA Certified.
2021 – Existing platform security documentation is being advanced and new documentation is being developed for other markets. PSA Certified has silicon vendors, system software providers and device manufacturers all working to navigate the complexities of IoT security. With over 60 PSA Certified products from over 30 partners, best practice security is implemented across the industry.