PSA Certified: Difference between revisions
Content deleted Content added
Rescuing 1 sources and tagging 0 as dead.) #IABot (v2.0.9.3) (Whoop whoop pull up - 12987 |
→Industry adoption: Link |
||
| (12 intermediate revisions by 12 users not shown) | |||
| Line 22: | Line 22: | ||
}} |
}} |
||
'''Platform Security Architecture (PSA) Certified''' is a security [[certification]] scheme for [[Internet of Things]] (IoT) hardware, software and devices. It was created by [[Arm Holdings]], Brightsight, CAICT, Prove & Run, Riscure, TrustCB and [[UL (safety organization)|UL]] as part of a global partnership. |
'''Platform Security Architecture (PSA) Certified''' is a security [[certification]] scheme for [[Internet of Things]] (IoT) hardware, software, and devices. It was created by [[Arm Holdings]], Brightsight, CAICT, Prove & Run, Riscure, TrustCB, and [[UL (safety organization)|UL]] as part of a global partnership. |
||
[[Arm Holdings]] first brought forward the PSA specifications in 2017 to outline common standards for IoT security<ref name=engadget>{{cite web |last1=Dent |first1=Steve |title=Google and others back Internet of Things security push |url=https://www.engadget.com/2017-10-23-google-arm-internet-of-things-security.html |publisher=[[Engadget]] |date=October 23, 2017}}</ref> with PSA Certified |
[[Arm Holdings]] first brought forward the PSA specifications in 2017 to outline common standards for IoT security,<ref name=engadget>{{cite web |last1=Dent |first1=Steve |title=Google and others back Internet of Things security push |url=https://www.engadget.com/2017-10-23-google-arm-internet-of-things-security.html |publisher=[[Engadget]] |date=October 23, 2017}}</ref> with the PSA Certified Assurance Scheme launching two years later in 2019. |
||
==History== |
==History== |
||
In 2017, |
In 2017, Arm Holdings introduced the Platform Security Architecture (PSA), a framework designed to enhance the security of Internet of Things (IoT) devices and services. PSA emerged as a comprehensive standard, incorporating various elements such as threat models, security analyses, and architectural specifications for hardware and firmware. It also included an open-source firmware reference implementation. The primary objective of PSA was to establish a baseline for security in the IoT sector, catering to the needs of both software and device manufacturers. |
||
Over time, PSA evolved into PSA Certified, a more structured, four-stage framework. This development aimed to provide IoT designers with a systematic approach to ensuring security. The framework categorized security into different levels, each offering varying degrees of assessment and assurance. |
|||
PSA has since evolved to become PSA Certified, a four-stage framework which can be used by IoT designers for security practices.<ref>{{cite web |last1=Khan |first1=Jeremy |title=SoftBank's ARM Makes Bid to Standardize IoT Security Industry |url=https://www.bloomberg.com/news/articles/2017-10-23/softbank-s-arm-makes-bid-to-standardize-iot-security-industry |publisher=[[Bloomberg News|Bloomberg]] |date=October 23, 2017}}</ref> The framework included different levels of trust, with each level contains a different level of assessment, with progressively increasing security assurances.<ref name=zdnet>{{cite web |last1=Condon |first1=Stephanie |title=Arm partners with testing labs to provide IOT security certification |url=https://www.zdnet.com/article/arm-partners-with-testing-labs-to-provide-iot-security-certification/ |publisher=[[ZDNet]] |date=February 25, 2019}}</ref> |
|||
The initial PSA documents and IoT threat models were released in 2018, marking a significant step in standardizing IoT security. |
|||
In 2018, the first IoT threat models and PSA documents were published.<ref>{{cite web |last1=Williams |first1=Chris |title=Arm PSA IoT API? BRB... Toolbox of tech to secure net-connected kit opens up some more |url=https://www.theregister.co.uk/2018/10/17/arm_psa_iot/ |publisher=[[TheRegister]] |date=October 17, 2018}}</ref> |
|||
The formal certification process for PSA Certified was launched at Embedded World in 2019. This event saw the introduction of Level 1 certification, primarily targeting chip vendors. Concurrently, a draft outlining Level 2 protection was also presented. |
|||
The certification of PSA Certified launched at Embedded World in 2019,<ref name=electronicsweekly>{{cite web |last1=Hayes |first1=Caroline |title=Embedded World: Arm introduces fourth security element to PSA |url=https://www.electronicsweekly.com/market-sectors/internet-of-things/arm-introduces-fourth-security-element-psa-2019-02/ |publisher=[[Electronics Weekly]] |date=February 25, 2019}}</ref> where Level 1 Certification was presented to chip vendors. A draft of Level 2 protection was presented at the same time.<ref name=eetimes>{{cite web |title=PSA Certified–building trust, building value |url=https://www.eetimes.com/psa-certified-building-trust-building-value/ |publisher=[[EE Times]] |date=March 4, 2019}}</ref> |
|||
PSA Certified was further strengthened by the collaboration of seven founding stakeholders, including Arm Holdings, Brightsight, CAICT, Prove & Run, Riscure, UL, and TrustCB. TrustCB joined as an independent certification body for the scheme, while the other stakeholders, four of which are security test laboratories, contributed to the creation of the PSA Certified specifications under the PSA Joint Stakeholders Agreement. |
|||
The PSA Certified ecosystem expanded in 2021 with the addition of Applus+ and ECSEC, two notable security test labs. |
|||
Security test labs Applus+ and ECSEC joined PSA Certified in 2021.<ref>{{cite web |title=Applus+ joins the PSA Certified scheme, as a security lab for IoT-device chips |url=https://www.appluslaboratories.com/global/en/news/applus+-joins-the-psa-certified-scheme,-as-a-security-lab-for-iot-device-chips- |publisher=Applus}}</ref><ref>{{cite web |title=PSA Certification |url=https://www.ecsec.jp/publics/index/33/ |publisher=ECSEC}}</ref> |
|||
Noteworthy milestones in the journey of PSA Certification include the issuance of the first Level 2 certificates to chip vendors in February 2020 and the awarding of the first Level 3 certificate in March 2021. |
|||
In November 2022, PSA Certified introduced Level 2 + Secure Element. This new category allows for the integration of a secure element to enhance the physical protection at Level 2, bridging the gap before advancing to the more robust Level 3 protection. |
|||
The first PSA Certified Level 3 certificate was issue in March 2021.<ref>{{Cite web|title=Secure Vault achieves PSA Certified Level 3 status|url=https://www.newelectronics.co.uk/electronics-news/secure-vault-achieves-psa-certified-level-3-status/235520/|access-date=2021-04-10|website=www.newelectronics.co.uk}}</ref> |
|||
The evolution of PSA and the introduction of PSA Certified represent significant strides in standardizing and enhancing IoT security, reflecting the industry's ongoing commitment to safeguarding interconnected devices in an increasingly digital world. |
|||
PSA Certified Level 2 + Secure Element was introduced in November 2022, which allows a [[secure element]] to be used to provides moderate physical protections to Level 2 without requiring the advanced protections of Level 3.<ref>{{Cite web|title= PSA Certified Level 2 + Secure Element|url=https://www.psacertified.org/blog/psa-certified-new-level-secure-element/}}</ref> |
|||
==Certification== |
==Certification== |
||
The PSA Joint Stakeholders Agreement |
The PSA Joint Stakeholders Agreement is an initiative focused on establishing a global standard for Internet of Things (IoT) security. This agreement aims to simplify the security protocols within the electronics industry by providing a coherent and comprehensive security scheme. The security certification scheme, as outlined in the agreement, advocates a security-by-design approach applicable to a broad spectrum of IoT products. This process begins with a thorough security assessment of the chip, specifically its Root of Trust (RoT), and progressively extends to system software and device application code. Notably, the PSA-certified specifications are designed to be neutral regarding implementation and architecture, making them applicable across various chips, software, and devices. |
||
PSA Certified |
The PSA Certified program seeks to address and reduce fragmentation in the IoT product manufacturing and development sectors. It supports the creation of system-on-chips (SoCs) that incorporate a PSA Root of Trust (PSA-RoT), a security component accessible to software platforms and original equipment manufacturers (OEMs). |
||
===Functional API |
=== Functional API Certification === |
||
PSA-RoT offers a set of high-level APIs, facilitating the abstraction of trusted hardware and firmware across different chip vendors. These APIs include the PSA Cryptography API, the PSA Attestation API, the PSA Storage API, and the PSA Firmware Update API. Compliance with these APIs is verified through open source API test suites, and an open-source implementation of the PSA Root of Trust APIs is available through the TrustedFirmware.org project. |
|||
=== Certification Levels === |
|||
A high-level set of APIs are provided by the PSA-RoT to abstract the trusted hardware and [[firmware]] used by different chip vendors. These APIs include: |
|||
* PSA Cryptography API |
|||
* PSA Attestation API |
|||
* PSA Storage API |
|||
* PSA Firmware Update API |
|||
| ⚫ | |||
Open source [[API]] test suites are available to check compliance for PSA Functional API Certification.<ref name=venturebeat /> An open-source implementation of the PSA Root of Trust APIs is provided by the TrustedFirmware.org project. |
|||
Level 1 targets chip vendors, software platforms, and device manufacturers. It involves a questionnaire, document review, and an interview conducted by a certification lab. The process ensures alignment with key IoT standards and laws, like NISTIR 8259, ETSI 303 645, and SB-327. |
|||
==== Level 2 Certification<ref>{{Cite web |date=2022-07-06 |title=ESP32-S3 Series (ESP32-S3, ESP32-S3FN8, ESP32-S3R2, ESP32-S3R8, ESP32-S3R8V, ESP32-S3FH4R2) {{!}} PSA Certified |url=https://www.psacertified.org/products/esp32-s3-series-esp32-s3-esp32-s3fn8-esp32-s3r2-esp32-s3r8-esp32-s3r8v-esp32-s3fh4r2/ |access-date=2023-12-12 |website=www.psacertified.org |language=en-GB}}</ref> ==== |
|||
| ⚫ | |||
This mid-level certification focuses on software attacks and includes a month-long review of the PSA-RoT source code by a security lab. It emphasizes specific attack methods and evaluation methodologies, with a requirement for hardware support of PSA-RoT functions, primarily aimed at chip vendors. |
|||
The first level of security certification for PSA Certified is Level 1, aimed at [[microchip|chip vendor]]s, [[software platform]]s and device manufacturers. The certification consists of questions, document review and an interview by one of the certification labs.<ref name=forbes /> The completed answers are accompanied with explanatory notes, checked by the certification lab. According to the PSA Certified website, language and mappings align with other important IoT requirements, such as standards and laws. These include NISTIR 8259, [[Cybersecurity standards#ETSI EN 303 645|ETSI 303 645]] and SB-327.<ref>{{cite web |title=Level 1 |url=https://www.psacertified.org/security-certification/psa-certified-level-1/ |publisher=PSA Certified}}</ref> |
|||
===Level 2=== |
==== Level 2 + Secure Element ==== |
||
This level enhances Level 2 by adding physical protection for certain security functions. It typically involves a Level 2 Certified SoC combined with a secure element, focusing on secure cryptographic operations and key storage. |
|||
The mid-level security certification involves testing by a security lab, focusing on software attacks, and provides a review of the PSA Root of Trust (PSA-RoT) source code over the course of a month to attain the level 2 certification. This process focuses on carefully defined attack methods and utilizes a set evaluation methodology.<ref>{{cite web |title=Arm Releases New Infrastructure and Security Certifications for IoT Devices |url=https://www.allaboutcircuits.com/news/arm-releases-new-infrastructure-security-certification-iot-devices/ |publisher=AllAboutCircuits |date=February 25, 2019}}</ref> It also ensures hardware must support PSA-RoT functions and is therefore aimed at chip vendors.<ref name=embedded /> |
|||
| ⚫ | |||
According to [[Forbes]], they believed Level 2 was likely to become the most common level for consumer IoT applications.<ref name=forbes /> |
|||
The highest level, Level 3, expands upon Level 2 to include safeguards against various physical and side-channel attacks. This level encompasses physical protection for all security functions, differentiating it from Level 2 + Secure Element. |
|||
This structured approach under the PSA Joint Stakeholders Agreement and the subsequent certification levels play a critical role in unifying and strengthening IoT security standards, catering to the diverse needs of the industry, and promoting a safer IoT environment. |
|||
===Level 2 + Secure Element=== |
|||
This level extends the criteria of Level 2 to provide physical protection of a subset of security functions, such as secure cryptographic operations and secure key storage. A typical instantiation would be a Level 2 Certified SoC with a [[secure element]]. |
|||
| ⚫ | |||
The final level extends the criteria of Level 2 to include protection against various [[Physical access|physical attacks]] and [[side-channel attacks]]. Unlike Level 2 + Secure Element, the scope includes physical protection of all security functions. |
|||
==Industry adoption== |
==Industry adoption== |
||
| Line 86: | Line 81: | ||
| Level 1 |
| Level 1 |
||
| Blockchain |
| Blockchain |
||
| <ref>{{cite web |title=aitos.io launches the |
| <ref>{{cite web |title=aitos.io launches the world's first PSA Certified BoAT blockchain application framework |date=12 May 2021 |url=https://aitos-io.medium.com/aitos-io-launches-the-worlds-first-psa-certified-boat-blockchain-application-framework-3a5b407983cf |publisher=Medium}}</ref> |
||
|- |
|- |
||
|[[ThreadX|Azure RTOS]] |
|[[ThreadX|Azure RTOS]] |
||
| Line 101: | Line 96: | ||
| Level 2 |
| Level 2 |
||
| Chip manufacturer |
| Chip manufacturer |
||
| <ref>{{cite |
| <ref>{{cite press release |url=https://www.businesswire.com/news/home/20190226005439/en/Cypress-Processing-Solution-Built-in-System-Layer-Security | title=Cypress Processing Solution with Built-in System Layer Security Fortifies IoT Application Design |
||
| date=26 February 2019 |
|||
}}</ref> |
}}</ref> |
||
|- |
|- |
||
| Line 108: | Line 104: | ||
| OEM |
| OEM |
||
| <ref>{{cite web |title=Arrow Electronics Accelerates Development of IoT Devices on PSA Certified Trusted Methodology |url=https://www.eetasia.com/arrow-electronics-accelerates-development-of-iot-devices-on-psa-certified-trusted-methodology/ |publisher=EE Times}}</ref> |
| <ref>{{cite web |title=Arrow Electronics Accelerates Development of IoT Devices on PSA Certified Trusted Methodology |url=https://www.eetasia.com/arrow-electronics-accelerates-development-of-iot-devices-on-psa-certified-trusted-methodology/ |publisher=EE Times}}</ref> |
||
|- |
|||
|[[Espressif Systems]] |
|||
|Level 1 |
|||
|Chip manufacturer |
|||
|<ref>{{Cite web |date=2022-07-06 |title=ESP32-S3 Series (ESP32-S3, ESP32-S3FN8, ESP32-S3R2, ESP32-S3R8, ESP32-S3R8V, ESP32-S3FH4R2) {{!}} PSA Certified |url=https://www.psacertified.org/products/esp32-s3-series-esp32-s3-esp32-s3fn8-esp32-s3r2-esp32-s3r8-esp32-s3r8v-esp32-s3fh4r2/ |access-date=2023-12-12 |website=www.psacertified.org |language=en-GB}}</ref> |
|||
|- |
|- |
||
| [[Eurotech (company)|Eurotech]] |
| [[Eurotech (company)|Eurotech]] |
||
| Line 145: | Line 146: | ||
|- |
|- |
||
| [[Nordic Semiconductor]] |
| [[Nordic Semiconductor]] |
||
| Level |
| Level 2 |
||
| Chip manufacturer |
| Chip manufacturer |
||
| <ref>{{cite web |title=Nordic nRF9160 SiP |
| <ref>{{cite web |title=Nordic Semiconductor nRF9160 SiP and nRF5340 SoC achieve PSA Certified Level 2 for enhanced IoT security assurance |url=https://www.nordicsemi.com/Nordic-news/2023/08/nRF9160-SiP-and-nRF5340-SoC-achieve-PSA-Certified-Level-2-for-enhanced-IoT-security-assurance |publisher=[[Nordic Semiconductor]]}}</ref> |
||
|- |
|- |
||
| [[Nuvoton]] |
| [[Nuvoton]] |
||
| Line 160: | Line 161: | ||
|- |
|- |
||
| [[NXP Semiconductor]] |
| [[NXP Semiconductor]] |
||
| Level |
| Level 3 |
||
| Chip manufacturer |
| Chip manufacturer |
||
| <ref>{{cite web | |
| <ref>{{cite web |title=The LPC553x/S3x MCU family further expands the world’s first general purpose Cortex-M33-based MCU series |url=https://www.psacertified.org/products/lpc55s36/ |publisher=[[Arm Limited]]}}</ref> |
||
|- |
|- |
||
| OneOS |
| OneOS |
||
| Level 1 |
| Level 1 |
||
| Software platform |
| Software platform |
||
| <ref>{{cite web |title=OneOS certification |url=https://www.psacertified.org/products/oneos/ |publisher=PSA Certified}}</ref> |
| <ref>{{cite web |title=OneOS certification |date=3 February 2021 |url=https://www.psacertified.org/products/oneos/ |publisher=PSA Certified}}</ref> |
||
|- |
|- |
||
| [[Renesas Electronics]] |
| [[Renesas Electronics]] |
||
| Line 182: | Line 183: | ||
| Level 1 |
| Level 1 |
||
| Software platform |
| Software platform |
||
| <ref>{{cite web |title=Sequitur |
| <ref>{{cite web |title=Sequitur Labs' EmSPARK 2.0 Security Suite achieves PSA Certified status |url=https://www.newelectronics.co.uk/content/news/sequitur-labs-emspark-2-0-security-suite-achieves-psa-certified-status |publisher=New Electronics}}</ref> |
||
|- |
|- |
||
| [[Silicon Labs]] |
| [[Silicon Labs]] |
||
| Line 189: | Line 190: | ||
| <ref>{{cite web |last1=Dahad |first1=Nitin |title=Silicon Labs First to Achieve PSA Certified Level 3 Status for Wireless SoC |url=https://www.eetasia.com/silicon-labs-first-to-achieve-psa-certified-level-3-status-for-wireless-soc/ |publisher=[[EE Times]] |date=March 17, 2021}}</ref> |
| <ref>{{cite web |last1=Dahad |first1=Nitin |title=Silicon Labs First to Achieve PSA Certified Level 3 Status for Wireless SoC |url=https://www.eetasia.com/silicon-labs-first-to-achieve-psa-certified-level-3-status-for-wireless-soc/ |publisher=[[EE Times]] |date=March 17, 2021}}</ref> |
||
|- |
|- |
||
| |
| [[Goodix]] |
||
| Level 1 |
| Level 1 |
||
| Chip manufacturer |
| Chip manufacturer |
||
| Line 212: | Line 213: | ||
| Level 2 |
| Level 2 |
||
| Chip manufacturer |
| Chip manufacturer |
||
| <ref>{{cite web |title=Winbond TrustME Secure Flash Memory achieves PSA Certified Level 2 |url=https://www.winbond.com/hq/about-winbond/news-and-events/news/news00511.html?__locale=en |publisher=[[Winbond]] |date=February 26, 2020}}</ref><ref>{{cite web |last1=Winning |first1=Ally |title=Winbond TrustME secure flash gets PSA Certified Level 2 Ready |url=https://www.eenewsembedded.com/news/winbond-trustme-secure-flash-gets-psa-certified-level-2-ready |publisher=EE News}}</ref> |
| <ref>{{cite web |title=Winbond TrustME Secure Flash Memory achieves PSA Certified Level 2 |url=https://www.winbond.com/hq/about-winbond/news-and-events/news/news00511.html?__locale=en |publisher=[[Winbond]] |date=February 26, 2020}}</ref><ref>{{cite web |last1=Winning |first1=Ally |title=Winbond TrustME secure flash gets PSA Certified Level 2 Ready |date=3 March 2020 |url=https://www.eenewsembedded.com/news/winbond-trustme-secure-flash-gets-psa-certified-level-2-ready |publisher=EE News}}</ref> |
||
|- |
|- |
||
| [[Zephyr (operating system)|Zephyr OS]] |
| [[Zephyr (operating system)|Zephyr OS]] |
||
Latest revision as of 09:31, 11 October 2024
 | This article contains promotional content. (March 2022) |
| PSA Certified | |
|---|---|
 | |
| Effective region | Worldwide |
| Effective since | 2017 |
| Type of standard | Security certification scheme |
| Website | psacertified.org |
Platform Security Architecture (PSA) Certified is a security certification scheme for Internet of Things (IoT) hardware, software, and devices. It was created by Arm Holdings, Brightsight, CAICT, Prove & Run, Riscure, TrustCB, and UL as part of a global partnership.
Arm Holdings first brought forward the PSA specifications in 2017 to outline common standards for IoT security,[1] with the PSA Certified Assurance Scheme launching two years later in 2019.
History
[edit]In 2017, Arm Holdings introduced the Platform Security Architecture (PSA), a framework designed to enhance the security of Internet of Things (IoT) devices and services. PSA emerged as a comprehensive standard, incorporating various elements such as threat models, security analyses, and architectural specifications for hardware and firmware. It also included an open-source firmware reference implementation. The primary objective of PSA was to establish a baseline for security in the IoT sector, catering to the needs of both software and device manufacturers.
Over time, PSA evolved into PSA Certified, a more structured, four-stage framework. This development aimed to provide IoT designers with a systematic approach to ensuring security. The framework categorized security into different levels, each offering varying degrees of assessment and assurance.
The initial PSA documents and IoT threat models were released in 2018, marking a significant step in standardizing IoT security.
The formal certification process for PSA Certified was launched at Embedded World in 2019. This event saw the introduction of Level 1 certification, primarily targeting chip vendors. Concurrently, a draft outlining Level 2 protection was also presented.
PSA Certified was further strengthened by the collaboration of seven founding stakeholders, including Arm Holdings, Brightsight, CAICT, Prove & Run, Riscure, UL, and TrustCB. TrustCB joined as an independent certification body for the scheme, while the other stakeholders, four of which are security test laboratories, contributed to the creation of the PSA Certified specifications under the PSA Joint Stakeholders Agreement.
The PSA Certified ecosystem expanded in 2021 with the addition of Applus+ and ECSEC, two notable security test labs.
Noteworthy milestones in the journey of PSA Certification include the issuance of the first Level 2 certificates to chip vendors in February 2020 and the awarding of the first Level 3 certificate in March 2021.
In November 2022, PSA Certified introduced Level 2 + Secure Element. This new category allows for the integration of a secure element to enhance the physical protection at Level 2, bridging the gap before advancing to the more robust Level 3 protection.
The evolution of PSA and the introduction of PSA Certified represent significant strides in standardizing and enhancing IoT security, reflecting the industry's ongoing commitment to safeguarding interconnected devices in an increasingly digital world.
Certification
[edit]The PSA Joint Stakeholders Agreement is an initiative focused on establishing a global standard for Internet of Things (IoT) security. This agreement aims to simplify the security protocols within the electronics industry by providing a coherent and comprehensive security scheme. The security certification scheme, as outlined in the agreement, advocates a security-by-design approach applicable to a broad spectrum of IoT products. This process begins with a thorough security assessment of the chip, specifically its Root of Trust (RoT), and progressively extends to system software and device application code. Notably, the PSA-certified specifications are designed to be neutral regarding implementation and architecture, making them applicable across various chips, software, and devices.
The PSA Certified program seeks to address and reduce fragmentation in the IoT product manufacturing and development sectors. It supports the creation of system-on-chips (SoCs) that incorporate a PSA Root of Trust (PSA-RoT), a security component accessible to software platforms and original equipment manufacturers (OEMs).
Functional API Certification
[edit]PSA-RoT offers a set of high-level APIs, facilitating the abstraction of trusted hardware and firmware across different chip vendors. These APIs include the PSA Cryptography API, the PSA Attestation API, the PSA Storage API, and the PSA Firmware Update API. Compliance with these APIs is verified through open source API test suites, and an open-source implementation of the PSA Root of Trust APIs is available through the TrustedFirmware.org project.
Certification Levels
[edit]Level 1 Certification
[edit]Level 1 targets chip vendors, software platforms, and device manufacturers. It involves a questionnaire, document review, and an interview conducted by a certification lab. The process ensures alignment with key IoT standards and laws, like NISTIR 8259, ETSI 303 645, and SB-327.
This mid-level certification focuses on software attacks and includes a month-long review of the PSA-RoT source code by a security lab. It emphasizes specific attack methods and evaluation methodologies, with a requirement for hardware support of PSA-RoT functions, primarily aimed at chip vendors.
Level 2 + Secure Element
[edit]This level enhances Level 2 by adding physical protection for certain security functions. It typically involves a Level 2 Certified SoC combined with a secure element, focusing on secure cryptographic operations and key storage.
Level 3 Certification
[edit]The highest level, Level 3, expands upon Level 2 to include safeguards against various physical and side-channel attacks. This level encompasses physical protection for all security functions, differentiating it from Level 2 + Secure Element.
This structured approach under the PSA Joint Stakeholders Agreement and the subsequent certification levels play a critical role in unifying and strengthening IoT security standards, catering to the diverse needs of the industry, and promoting a safer IoT environment.
Industry adoption
[edit]Since the launch of the standard, it has been adopted by a number of chip manufacturers and system software providers.
| Company | Certification Level | Sector | References |
|---|---|---|---|
| Aitos.io | Level 1 | Blockchain | [3] |
| Azure RTOS | Level 1 | Software platform | [4] |
| Crypto Quantique | Level 2 | OEM | [5] |
| Cypress Semiconductor | Level 2 | Chip manufacturer | [6] |
| Embedded Planet | Level 2 | OEM | [7] |
| Espressif Systems | Level 1 | Chip manufacturer | [8] |
| Eurotech | Level 1 | OEM | [9] |
| Express Logic | Level 1 | Software platform | [10] |
| FreeRTOS | Level 1 | Software platform | [11] |
| Infineon | Level 2 | Chip manufacturer | [12] |
| InGeek | Level 1 | OEM | [13] |
| Macronix | Level 1 | OEM | [14] |
| Microchip Technology | Level 1 | Chip manufacturer | [15] |
| Nordic Semiconductor | Level 2 | Chip manufacturer | [16] |
| Nuvoton | Level 1 | Chip manufacturer | [17] |
| NXM Labs | Level 1 | Software platform | [18] |
| NXP Semiconductor | Level 3 | Chip manufacturer | [19] |
| OneOS | Level 1 | Software platform | [20] |
| Renesas Electronics | Level 2 | Chip manufacturer | [21] |
| RT-Thread | Level 1 | Software platform | [22] |
| Sequitur Labs | Level 1 | Software platform | [23] |
| Silicon Labs | Level 3 | Chip manufacturer | [24] |
| Goodix | Level 1 | Chip manufacturer | [25] |
| STMicroelectronics | Level 3 | Chip manufacturer | [26] |
| Unisoc | Level 1 | Chip manufacturer | [27] |
| Veridify | Level 1 | Software platform | [28] |
| Winbond | Level 2 | Chip manufacturer | [29][30] |
| Zephyr OS | Level 1 | Software platform | [31] |
References
[edit]- ^ Dent, Steve (October 23, 2017). "Google and others back Internet of Things security push". Engadget.
- ^ "ESP32-S3 Series (ESP32-S3, ESP32-S3FN8, ESP32-S3R2, ESP32-S3R8, ESP32-S3R8V, ESP32-S3FH4R2) | PSA Certified". www.psacertified.org. 2022-07-06. Retrieved 2023-12-12.
- ^ "aitos.io launches the world's first PSA Certified BoAT blockchain application framework". Medium. 12 May 2021.
- ^ "Azure RTOS | PSA Certified". www.psacertified.org. 2021-10-27. Retrieved 2022-12-15.
- ^ "Securing the IoT ecosystem". New Electronics. September 30, 2021.
- ^ "Cypress Processing Solution with Built-in System Layer Security Fortifies IoT Application Design" (Press release). 26 February 2019.
- ^ "Arrow Electronics Accelerates Development of IoT Devices on PSA Certified Trusted Methodology". EE Times.
- ^ "ESP32-S3 Series (ESP32-S3, ESP32-S3FN8, ESP32-S3R2, ESP32-S3R8, ESP32-S3R8V, ESP32-S3FH4R2) | PSA Certified". www.psacertified.org. 2022-07-06. Retrieved 2023-12-12.
- ^ "Eurotech achieves IoT security certification". Eurotech. July 7, 2021.
- ^ "Express Logic's X-Ware IoT Platform is now Arm PSA Certified". Embedded Computing.
- ^ "FreeRTOS | PSA Certified". 2020-03-16. Retrieved 2021-04-09.
- ^ "PSoC 64 Standard Secure MCU family achieves PSA Level 2 certification". New Electronics. September 21, 2021.
- ^ "InGeek Embedded World PSA Certified". InGeek.
- ^ "Macronix ArmorFlash NOR Flash achieves PSA Certified Level 1 status". New Electronics. August 31, 2021.
- ^ "SAM L10 and SAM L11 Microcontroller Family". Microchip Technology.
- ^ "Nordic Semiconductor nRF9160 SiP and nRF5340 SoC achieve PSA Certified Level 2 for enhanced IoT security assurance". Nordic Semiconductor.
- ^ "Nuvoton Debuts PSA Certified Level 1 and PSA Functional API Certified Arm Cortex-M23 Based MCU for Global Market Targeting IoT Security". Nuvoton.
- ^ "NXM Achieves PSA Level One Certification from UL for its Autonomous Security Software". UL. October 8, 2019.
- ^ "The LPC553x/S3x MCU family further expands the world's first general purpose Cortex-M33-based MCU series". Arm Limited.
- ^ "OneOS certification". PSA Certified. 3 February 2021.
- ^ "Renesas Electronics Unveils RA Family of 32-Bit Arm Cortex-M Microcontrollers with Superior Performance and Advanced Security for Intelligent IoT Applications". Renesas.
- ^ Cohen, Perry. "RT-Thread IoT OS Achieves PSA Security Certification". Embedded Computing Design.
- ^ "Sequitur Labs' EmSPARK 2.0 Security Suite achieves PSA Certified status". New Electronics.
- ^ Dahad, Nitin (March 17, 2021). "Silicon Labs First to Achieve PSA Certified Level 3 Status for Wireless SoC". EE Times.
- ^ "Goodix receives PSA Certification" (in Chinese). EE Times China.
- ^ "Dev kits and software for STM32U5 – and chips now available". Electronics Weekly. October 1, 2021.
- ^ "Unisoc Launches All-New AIOT Solution V5663". Unisoc. March 2, 2020. Archived from the original on June 16, 2020. Retrieved August 4, 2020.
- ^ "Veridify Security's DOME Client Library Achieves PSA Certified Level 1 Accreditation". Embedded Computing (magazine).
- ^ "Winbond TrustME Secure Flash Memory achieves PSA Certified Level 2". Winbond. February 26, 2020.
- ^ Winning, Ally (3 March 2020). "Winbond TrustME secure flash gets PSA Certified Level 2 Ready". EE News.
- ^ "Linaro contributes to the Zephyr Project becoming PSA certified". Linaro.