The Platform Security Architecture (PSA) is a holistic set of threat models, security analyses, hardware and firmware architecture specifications, and an open source firmware reference implementation. PSA provides a recipe, based on industry best practice, that allows security to be consistently designed in, at both a hardware and firmware level.
PSA is a contribution from Arm to the entire IoT ecosystem, from chip designers and device developers to cloud and network infrastructure providers and software vendors.
PSA is scalable for all connected devices, offering common ground rules and a more economical approach to building more secure devices.
Shifting the economics of security
Security is top of the agenda for anyone involved in the IoT industry. However, it is a difficult and potentially costly area to get right. With billions of connected devices and ever-greater complexity comes an increased threat of attack and the need to secure the data and infrastructure of the 'things' at multiple levels.
Arm provides an array of hardware IP and firmware to create more secure devices. Arm aims, with these enabling technologies, to make security quicker, easier and more affordable to design in, providing scalable security at the very heart of the device.
In addition, we are providing a reference open source firmware implementation, available at www.trustedfirmware.org, to further minimize costs.
Security across the entire value chain
By defining a foundational framework, PSA will help to bring a more consistent, best practice approach to security. This will have impact beyond just device hardware and software designers, as companies involved in deploying and managing IoT at large scale will benefit from consistency around key security principles, such as device identification and a trusted boot sequence.
PSA is architecture agnostic, but we have prioritized the Armv8-M architecture, such as implemented in Cortex-M23 and M33 devices.
To find out more about the specifics of PSA, read the whitepaper or view the PSA webinar:PSA overview whitepaper PSA webinar
Enabling 3 phases of creating more secure devices
PSA has three major components
What does PSA do?
- Designed to secure low cost IoT devices, where a full Trusted Execution Environment (TEE) would not be appropriate.
- PSA protects sensitive assets (keys, credentials and firmware) by separating these from the application firmware and hardware.
- PSA defines a Secure Processing Environment (SPE) for this data, the code that manages it and its trusted hardware resources.
- PSA is architecture agnostic and can be implemented on Cortex-M, Cortex-R and Cortex-A-based devices.
- The initial focus is Cortex-M-based devices.
- PSA specifies interfaces to decouple components:
- Enables reuse of components in other device platforms.
- Reduces integration effort.
- Partners can provide alternative implementations:
- Necessary to address different cost, footprint, regulatory or security needs.
- PSA provides an architectural specification:
- Hardware, firmware and process requirements and interfaces.
Example of IoT device implementation
- OEMs can choose their preferred implementations.
- Trusted Firmware-M will be a new OSS project:
- To reduce rework across our partners.
- To speed up device or component validation against standards such as Common Criteria EAL.
- Open to any RTOS and other partners.