PSA Certified

In 2017, Arm Holdings created Platform Security Architecture (PSA), a standard for IoT security. It was built to include an array of specifications such as threat models, security analyses, hardware and firmware architecture specifications, and an open-source firmware reference implementation. It aimed to become an industry-wide security component, with built-in security functions for both software and device manufacturers. In 2018, the first IoT threat models and PSA documents were published. The certification of PSA Certified launched at Embedded World in 2019, where Level 1 Certification was presented to chip vendors. A draft of Level 2 protection was presented at the same time. Six of the seven founding stakeholders created the PSA Certified specifications, which are now make up the PSA Joint Stakeholders Agreement. The stakeholders are Arm Holdings, Brightsight, CAICT, Prove & Run, Riscure and UL. TrustCB became the seventh PSA Certified JSA member, acting as an independent Certification Body for the scheme. Out of the six other founding members, four are security test laboratories, which includes Brightsight, CAICT, Riscure and UL. The first PSA Certified Level 2 certificates were issued to chip vendors in February 2020. The first PSA Certified Level 3 certificate was issued in March 2021. ==Certification==

The PSA Joint Stakeholders Agreement outlines how members can create a worldwide standard for IoT security that enables the electronic industry to have an easy to understand security scheme. The security certification scheme documents enable a security-by-design approach to a diverse set of IoT products. The scheme starts with a security assessment of the chip and its Root of Trust (RoT) and then builds outwards to the system software and device application code. PSA Certified specifications are implementation and architecture agnostic so can be applied to any chip, software or device. Functional API certification A high-level set of APIs are provided by the PSA-RoT to abstract the trusted hardware and firmware used by different chip vendors. These APIs include: • PSA Cryptography API • PSA Attestation API • PSA Storage API Open source API test suites are available to check compliance for PSA Functional API Certification. An open-source implementation of the PSA Root of Trust APIs is provided by the TrustedFirmware.org project. == Levels ==

Level 1 The first level of security certification for PSA Certified is Level 1, aimed at chip vendors, software platforms and device manufacturers. The certification consists of questions, document review and an interview by one of the certification labs. Level 2 The mid-level security certification involves testing by a security lab, focusing on source code review and the PSA Root of Trust (PSA-RoT), over the course of a month to attain the level 2 certification. This process focuses on carefully defined attack methods and utilizes a set evaluation methodology. It also ensures hardware must support PSA-RoT functions and is therefore aimed at chip vendors. According to Forbes, they believed Level 2 was likely to become the most common level for consumer IoT applications. Level 3 The final level extends the criteria of Level 2 to include protection against various physical attacks and side-channel attacks. ==References==