Platform Security Architecture

The Platform Security Architecture (PSA) is a holistic set of threat models, security analyses, hardware and firmware architecture specifications, and an open source firmware reference implementation. PSA provides a recipe, based on industry best practice, that allows security to be consistently designed in, at both a hardware and firmware level.

PSA is a contribution from Arm to the entire IoT ecosystem, from chip designers and device developers to cloud and network infrastructure providers and software vendors.

PSA is scalable for all connected devices, offering common ground rules and a more economical approach to building more secure devices.

Professional Services Automation Benefits.

Shifting the economics of security

Security is top of the agenda for anyone involved in the IoT industry. However, it is a difficult and potentially costly area to get right. With billions of connected devices and ever-greater complexity comes an increased threat of attack and the need to secure the data and infrastructure of the 'things' at multiple levels.

Arm provides an array of hardware IP and firmware to create more secure devices. Arm aims, with these enabling technologies, to make security quicker, easier and more affordable to design in, providing scalable security at the very heart of the device.

In addition, we are providing a reference open source firmware implementation, available at, to further minimize costs.


Security across the entire value chain

By defining a foundational framework, PSA will help to bring a more consistent, best practice approach to security. This will have impact beyond just device hardware and software designers, as companies involved in deploying and managing IoT at large scale will benefit from consistency around key security principles, such as device identification and a trusted boot sequence.

PSA is architecture agnostic, but we have prioritized the Armv8-M architecture, such as implemented in Cortex-M23 and M33 devices.

To find out more about the specifics of PSA, read the whitepaper or view the PSA webinar:

PSA overview whitepaper PSA webinar

Enabling 3 phases of creating more secure devices

PSA has three major components


Threat Models and Security Analyses (TMSAs) Documentation.

Learn more



Architecture specifications for firmware and hardware.

Learn more



An open source implementation, Trusted Firmware-M.

Learn more


New PSA Security Model block diagram

New What does PSA do block diagram

What does PSA do?

  • Designed to secure low cost IoT devices, where a full Trusted Execution Environment (TEE) would not be appropriate.
  • PSA protects sensitive assets (keys, credentials and firmware) by separating these from the application firmware and hardware.
  • PSA defines a Secure Processing Environment (SPE) for this data, the code that manages it and its trusted hardware resources.
  • PSA is architecture agnostic and can be implemented on Cortex-M, Cortex-R and Cortex-A-based devices.
  • The initial focus is Cortex-M-based devices.

New PSA standardized interfaces block diagram

Standardized interfaces

  • PSA specifies interfaces to decouple components:
    • Enables reuse of components in other device platforms.
    • Reduces integration effort.
  • Partners can provide alternative implementations:
    • Necessary to address different cost, footprint, regulatory or security needs.
  • PSA provides an architectural specification:
    • Hardware, firmware and process requirements and interfaces.

Platform Security Architecture IOT Implementation Diagram.

Example of IoT device implementation

  • OEMs can choose their preferred implementations.
  • Trusted Firmware-M will be a new OSS project:
    • To reduce rework across our partners.
    • To speed up device or component validation against standards such as Common Criteria EAL.
  • Open to any RTOS and other partners.

Want to know more about Security on Arm?

Learn more