PSA Certified: Difference between revisions
Content deleted Content added
No edit summary |
→Industry adoption: Link |
||
| (67 intermediate revisions by 33 users not shown) | |||
| Line 1: | Line 1: | ||
{{Other uses|PSA (disambiguation){{!}}PSA}} |
|||
{{AFC submission|d|npov|u=RichardDigital47|ns=118|decliner=JavaHurricane|declinets=20200428044734|ts=20200427213403}} <!-- Do not remove this line! --> |
|||
{{Advert|date=March 2022}} |
|||
{{Infobox certification mark |
|||
| name = PSA Certified |
|||
| image = [[File:PSA_Certified.jpeg]] |
|||
| caption = |
|||
| image2 = |
|||
| caption2 = |
|||
| expansion = |
|||
| standards_org = |
|||
| agency = |
|||
| region = Worldwide |
|||
| founded = 2017 |
|||
| defunct = |
|||
| predecessor = |
|||
| successor = |
|||
| products = |
|||
| type = Security certification scheme |
|||
| legalstatus = <!-- Mandatory/Advisory --> |
|||
| mandatorysince = |
|||
| homepage = [http://psacertified.org psacertified.org] |
|||
}} |
|||
'''Platform Security Architecture (PSA) Certified''' is a security [[certification]] scheme for [[Internet of Things]] (IoT) hardware, software, and devices. It was created by [[Arm Holdings]], Brightsight, CAICT, Prove & Run, Riscure, TrustCB, and [[UL (safety organization)|UL]] as part of a global partnership. |
|||
{{AFC comment|1=Subject passes [[WP:GNG]] but the tone of the draft can be improved. See [[WP:WBA|here]] for some guidance. For help from expert editors, go [[WP:TEA|to the Teahouse]]. ''[[User:JavaHurricane| <span style = "color:green">Java</span>]][[User talk:JavaHurricane|<span style = "color:red">Hurricane</span>]]'' 04:47, 28 April 2020 (UTC)}} |
|||
[[Arm Holdings]] first brought forward the PSA specifications in 2017 to outline common standards for IoT security,<ref name=engadget>{{cite web |last1=Dent |first1=Steve |title=Google and others back Internet of Things security push |url=https://www.engadget.com/2017-10-23-google-arm-internet-of-things-security.html |publisher=[[Engadget]] |date=October 23, 2017}}</ref> with the PSA Certified Assurance Scheme launching two years later in 2019. |
|||
---- |
|||
==History== |
|||
'''PSA Certified''' is a security certification scheme for [[Internet of Things]] (IoT) hardware, software and devices. It was created by seven stakeholder companies as part of a global partnership. The security scheme was created by [[Arm Holdings]], Brightsight, CAICT, Prove & Run, Riscure, CBTrust and UL. |
|||
In 2017, Arm Holdings introduced the Platform Security Architecture (PSA), a framework designed to enhance the security of Internet of Things (IoT) devices and services. PSA emerged as a comprehensive standard, incorporating various elements such as threat models, security analyses, and architectural specifications for hardware and firmware. It also included an open-source firmware reference implementation. The primary objective of PSA was to establish a baseline for security in the IoT sector, catering to the needs of both software and device manufacturers. |
|||
Over time, PSA evolved into PSA Certified, a more structured, four-stage framework. This development aimed to provide IoT designers with a systematic approach to ensuring security. The framework categorized security into different levels, each offering varying degrees of assessment and assurance. |
|||
[[Arm Holdings]] first brought forward the Platform Security Architecture (PSA) specifications in 2017 to outline common standards for IoT security,<ref>{{cite web |last1=Dent |first1=Steve |title=Google and others back Internet of Things security push |url=https://www.engadget.com/2017-10-23-google-arm-internet-of-things-security.html |publisher=[[Engadget]] |date=October 23, 2017}}</ref> with PSA Certified assurance scheme launching two years later in 2019. |
|||
The initial PSA documents and IoT threat models were released in 2018, marking a significant step in standardizing IoT security. |
|||
==Foundation== |
|||
The formal certification process for PSA Certified was launched at Embedded World in 2019. This event saw the introduction of Level 1 certification, primarily targeting chip vendors. Concurrently, a draft outlining Level 2 protection was also presented. |
|||
In 2017, [[Arm Holdings]] created Platform Security Architecture (PSA), a standard for IoT security. The standard builds trust between [[Internet of Things]] services and devices.<ref>{{cite web |last1=McGregor |first1=Jim |title=Not All Electronic Device Are Secure, But ARM's PSA May Change That |url=https://www.forbes.com/sites/tiriasresearch/2017/10/30/not-all-electronic-device-are-secure-but-arms-psa-may-change-that/#2f066dd3e0bb |publisher=[[Forbes]] |date=October 30, 2017}}</ref><ref>{{cite web |last1=Takahshi |first1=Dean |title=Arm unveils security certification testing for IoT devices |url=https://venturebeat.com/2019/02/25/arm-unveils-security-certification-testing-for-iot-devices/ |publisher=[[VentureBeat]]}}</ref> PSA has since evolved to become PSA Certified, a four stage framework which can be used by IoT designers for security practices.<ref>{{cite web |last1=Khan |first1=Jeremy |title=SoftBank's ARM Makes Bid to Standardize IoT Security Industry |url=https://www.bloomberg.com/news/articles/2017-10-23/softbank-s-arm-makes-bid-to-standardize-iot-security-industry |publisher=[[Bloomberg]] |date=October 23, 2017}}</ref><ref>{{cite web |last1=Condon |first1=Stephanie |title=Arm partners with testing labs to provide IOT security certification |url=https://www.zdnet.com/article/arm-partners-with-testing-labs-to-provide-iot-security-certification/ |publisher=[[ZDNet]] |date=February 25, 2019}}</ref> In 2018, the first IoT threat models and PSA documents were published.<ref>{{cite web |title=Arm launches first set of Threat Models for PSA: IoT Security should start with analysis |url=https://community.arm.com/iot/b/internet-of-things/posts/arm-launches-first-set-of-threat-models-for-psa |publisher=[[Arm Holdings]] |date=February 23, 2018}}</ref> |
|||
PSA Certified was further strengthened by the collaboration of seven founding stakeholders, including Arm Holdings, Brightsight, CAICT, Prove & Run, Riscure, UL, and TrustCB. TrustCB joined as an independent certification body for the scheme, while the other stakeholders, four of which are security test laboratories, contributed to the creation of the PSA Certified specifications under the PSA Joint Stakeholders Agreement. |
|||
The certification of PSA Certified launched at Embedded World in 2019,<ref>{{cite web |last1=Hayes |first1=Caroline |title=Embedded World: Arm introduces fourth security element to PSA |url=https://www.electronicsweekly.com/market-sectors/internet-of-things/arm-introduces-fourth-security-element-psa-2019-02/ |publisher=[[Electronics Weekly]] |date=February 25, 2019}}</ref> where Level 1 Certification was presented to chip vendors. A draft of Level 2 protection was presented at the same time.<ref>{{cite web |title=PSA Certified–building trust, building value |url=https://www.eetimes.com/psa-certified-building-trust-building-value/ |publisher=[[EE Times]] |date=March 4, 2019}}</ref> |
|||
The PSA Certified ecosystem expanded in 2021 with the addition of Applus+ and ECSEC, two notable security test labs. |
|||
Six of the seven founding stakeholders created the PSA Certified specifications, which are now make up the PSA Joint Stakeholders Agreement. The stakeholders are [[Arm Holdings]], Brightsight, CAICT, Prove & Run, Riscure and UL. TrustCB became the seventh PSA Certified JSA member, acting as an independent Certification Body for the scheme.<ref>{{cite web |title=PSA Certified background |url=https://www.trustcb.com/iot/psa-certified/ |publisher=TrustCB}}</ref> Out of the six other founding members, four are security test laboratories, which includes Brightsight, CAICT, Riscure and UL. |
|||
Noteworthy milestones in the journey of PSA Certification include the issuance of the first Level 2 certificates to chip vendors in February 2020 and the awarding of the first Level 3 certificate in March 2021. |
|||
In November 2022, PSA Certified introduced Level 2 + Secure Element. This new category allows for the integration of a secure element to enhance the physical protection at Level 2, bridging the gap before advancing to the more robust Level 3 protection. |
|||
The evolution of PSA and the introduction of PSA Certified represent significant strides in standardizing and enhancing IoT security, reflecting the industry's ongoing commitment to safeguarding interconnected devices in an increasingly digital world. |
|||
==Certification== |
==Certification== |
||
The PSA Joint Stakeholders Agreement |
The PSA Joint Stakeholders Agreement is an initiative focused on establishing a global standard for Internet of Things (IoT) security. This agreement aims to simplify the security protocols within the electronics industry by providing a coherent and comprehensive security scheme. The security certification scheme, as outlined in the agreement, advocates a security-by-design approach applicable to a broad spectrum of IoT products. This process begins with a thorough security assessment of the chip, specifically its Root of Trust (RoT), and progressively extends to system software and device application code. Notably, the PSA-certified specifications are designed to be neutral regarding implementation and architecture, making them applicable across various chips, software, and devices. |
||
The PSA Certified program seeks to address and reduce fragmentation in the IoT product manufacturing and development sectors. It supports the creation of system-on-chips (SoCs) that incorporate a PSA Root of Trust (PSA-RoT), a security component accessible to software platforms and original equipment manufacturers (OEMs). |
|||
PSA Certified aims to removes industry fragmentation for [[Internet of Things|IoT product]] manufacturers and developers in a number of ways. The world’s leading IoT [[microchip|chip vendors]] are delivering system-on-chips built with a PSA Root of Trust (PSA-RoT) providing a new widely available security component with built-in security functions that software platforms and original device manufacturers (OEMs) can make use of.<ref>{{cite web |last1=Speed |first1=Richard |title=Azure IoT heads spacewards to maintain connectivity at the edge, courtesy of Inmarsat |url=https://www.theregister.co.uk/2019/02/25/azure_iot_takes_to_space/ |publisher=[[TheRegister]] |date=February 26, 2019}}</ref> A high-level set of APIs are provided to the PSA-RoT abstracting the complex trusted hardware and [[firmware]] used by different chip vendors. Free [[API]] Test Suites are available to provide this software API compliance to achieve PSA Functional API Certification.<ref>{{cite web |title=PSA Functional API Certification |url=https://www.psacertified.org/functional-api-certification/ |publisher=PSA Certified}}</ref><ref>{{cite web |title=PSA Functional APIs Architecture Test Suite |url=https://github.com/ARM-software/psa-arch-tests/tree/master/api-tests/dev_apis |publisher=[[GitHub]]}}</ref> |
|||
=== Functional API Certification === |
|||
===Security=== |
|||
PSA-RoT offers a set of high-level APIs, facilitating the abstraction of trusted hardware and firmware across different chip vendors. These APIs include the PSA Cryptography API, the PSA Attestation API, the PSA Storage API, and the PSA Firmware Update API. Compliance with these APIs is verified through open source API test suites, and an open-source implementation of the PSA Root of Trust APIs is available through the TrustedFirmware.org project. |
|||
As part of the third stage of PSA Certified, threat models and security analyses documents are provided for a set of IoT devices.<ref>{{cite web |title=The framework for securing a trillion devices |url=https://developer.arm.com/architectures/security-architectures/platform-security-architecture |publisher=[[Arm Holdings]]}}</ref> These English Language Protection Profiles differ from the treat models, and derive security requirements that are generalised by the PSA Certified 10 Security Goals.<ref>{{cite web |title=What are the PSA Certified 10 Security Goals |url=https://www.psacertified.org/psa-certified-10-security-goals-explained/ |publisher=PSA Certified |date=February 20, 2020}}</ref><ref>{{cite web |last1=Hayes |first1=Caroline |title=Embedded World: Arm introduces fourth security element to PSA |url=https://www.electronicsweekly.com/market-sectors/internet-of-things/arm-introduces-fourth-security-element-psa-2019-02/ |publisher=[[Electronics Weekly]]}}</ref> |
|||
=== Certification Levels === |
|||
==== Level 1 Certification ==== |
|||
Level 1 targets chip vendors, software platforms, and device manufacturers. It involves a questionnaire, document review, and an interview conducted by a certification lab. The process ensures alignment with key IoT standards and laws, like NISTIR 8259, ETSI 303 645, and SB-327. |
|||
==== Level 2 Certification<ref>{{Cite web |date=2022-07-06 |title=ESP32-S3 Series (ESP32-S3, ESP32-S3FN8, ESP32-S3R2, ESP32-S3R8, ESP32-S3R8V, ESP32-S3FH4R2) {{!}} PSA Certified |url=https://www.psacertified.org/products/esp32-s3-series-esp32-s3-esp32-s3fn8-esp32-s3r2-esp32-s3r8-esp32-s3r8v-esp32-s3fh4r2/ |access-date=2023-12-12 |website=www.psacertified.org |language=en-GB}}</ref> ==== |
|||
This mid-level certification focuses on software attacks and includes a month-long review of the PSA-RoT source code by a security lab. It emphasizes specific attack methods and evaluation methodologies, with a requirement for hardware support of PSA-RoT functions, primarily aimed at chip vendors. |
|||
==== Level 2 + Secure Element ==== |
|||
This level enhances Level 2 by adding physical protection for certain security functions. It typically involves a Level 2 Certified SoC combined with a secure element, focusing on secure cryptographic operations and key storage. |
|||
==== Level 3 Certification ==== |
|||
The highest level, Level 3, expands upon Level 2 to include safeguards against various physical and side-channel attacks. This level encompasses physical protection for all security functions, differentiating it from Level 2 + Secure Element. |
|||
This structured approach under the PSA Joint Stakeholders Agreement and the subsequent certification levels play a critical role in unifying and strengthening IoT security standards, catering to the diverse needs of the industry, and promoting a safer IoT environment. |
|||
==Industry adoption== |
|||
Since the launch of the standard, it has been adopted by a number of chip manufacturers and system software providers. |
|||
{| class="wikitable sortable" |
|||
|- |
|||
! Company |
|||
! Certification Level |
|||
! Sector |
|||
! References |
|||
|- |
|||
| Aitos.io |
|||
| Level 1 |
|||
| Blockchain |
|||
| <ref>{{cite web |title=aitos.io launches the world's first PSA Certified BoAT blockchain application framework |date=12 May 2021 |url=https://aitos-io.medium.com/aitos-io-launches-the-worlds-first-psa-certified-boat-blockchain-application-framework-3a5b407983cf |publisher=Medium}}</ref> |
|||
|- |
|||
|[[ThreadX|Azure RTOS]] |
|||
|Level 1 |
|||
|Software platform |
|||
|<ref>{{Cite web |date=2021-10-27 |title=Azure RTOS {{!}} PSA Certified |url=https://www.psacertified.org/products/azure-rtos/ |access-date=2022-12-15 |website=www.psacertified.org |language=en-GB}}</ref> |
|||
|- |
|||
| Crypto Quantique |
|||
| Level 2 |
|||
| OEM |
|||
| <ref>{{cite web |title=Securing the IoT ecosystem |url=https://www.newelectronics.co.uk/electronics-technology/securing-the-iot-ecosystem/240885/ |publisher=[[New Electronics]] |date=September 30, 2021}}</ref> |
|||
|- |
|||
| [[Cypress Semiconductor]] |
|||
| Level 2 |
|||
| Chip manufacturer |
|||
| <ref>{{cite press release |url=https://www.businesswire.com/news/home/20190226005439/en/Cypress-Processing-Solution-Built-in-System-Layer-Security | title=Cypress Processing Solution with Built-in System Layer Security Fortifies IoT Application Design |
|||
| date=26 February 2019 |
|||
}}</ref> |
|||
|- |
|||
| Embedded Planet |
|||
| Level 2 |
|||
| OEM |
|||
| <ref>{{cite web |title=Arrow Electronics Accelerates Development of IoT Devices on PSA Certified Trusted Methodology |url=https://www.eetasia.com/arrow-electronics-accelerates-development-of-iot-devices-on-psa-certified-trusted-methodology/ |publisher=EE Times}}</ref> |
|||
|- |
|||
|[[Espressif Systems]] |
|||
|Level 1 |
|||
|Chip manufacturer |
|||
|<ref>{{Cite web |date=2022-07-06 |title=ESP32-S3 Series (ESP32-S3, ESP32-S3FN8, ESP32-S3R2, ESP32-S3R8, ESP32-S3R8V, ESP32-S3FH4R2) {{!}} PSA Certified |url=https://www.psacertified.org/products/esp32-s3-series-esp32-s3-esp32-s3fn8-esp32-s3r2-esp32-s3r8-esp32-s3r8v-esp32-s3fh4r2/ |access-date=2023-12-12 |website=www.psacertified.org |language=en-GB}}</ref> |
|||
|- |
|||
| [[Eurotech (company)|Eurotech]] |
|||
| Level 1 |
|||
| OEM |
|||
| <ref>{{cite web |title=Eurotech achieves IoT security certification |url=https://www.eurotech.com/en/news/psa-certified-level-1-iot-security |publisher=[[Eurotech (company)|Eurotech]] |date=July 7, 2021}}</ref> |
|||
|- |
|||
| [[ThreadX|Express Logic]] |
|||
| Level 1 |
|||
| Software platform |
|||
| <ref>{{cite web |title=Express Logic's X-Ware IoT Platform is now Arm PSA Certified |url=https://www.embedded-computing.com/iot/express-logic-s-x-ware-iot-platform-is-now-arm-psa-certified |publisher=Embedded Computing}}</ref> |
|||
|- |
|||
| [[FreeRTOS]] |
|||
| Level 1 |
|||
| Software platform |
|||
| <ref>{{Cite web|date=2020-03-16|title=FreeRTOS {{!}} PSA Certified|url=https://www.psacertified.org/products/freertos/|access-date=2021-04-09|language=en-GB}}</ref> |
|||
|- |
|||
| [[Infineon]] |
|||
| Level 2 |
|||
| Chip manufacturer |
|||
| <ref>{{cite web |title=PSoC 64 Standard Secure MCU family achieves PSA Level 2 certification |url=https://www.newelectronics.co.uk/electronics-news/psoc-64-standard-secure-mcu-family-achieves-psa-level-2-certification/240427/ |publisher=[[New Electronics]] |date=September 21, 2021}}</ref> |
|||
|- |
|||
| InGeek |
|||
| Level 1 |
|||
| OEM |
|||
| <ref>{{cite web |title=InGeek Embedded World PSA Certified |url=https://www.ingeek.com/blog/embedded-world-psa |publisher=InGeek}}</ref> |
|||
|- |
|||
| [[Macronix]] |
|||
| Level 1 |
|||
| OEM |
|||
| <ref>{{cite web |title=Macronix ArmorFlash NOR Flash achieves PSA Certified Level 1 status |url=https://www.newelectronics.co.uk/electronics-news/macronix-armorflash-nor-flash-achieves-psa-certified-level-1-status/239964/ |publisher=New Electronics |date=August 31, 2021}}</ref> |
|||
|- |
|||
| [[Microchip Technology]] |
|||
| Level 1 |
|||
| Chip manufacturer |
|||
| <ref>{{cite web |title=SAM L10 and SAM L11 Microcontroller Family |url=https://www.microchip.com/design-centers/32-bit/sam-32-bit-mcus/sam-l-mcus/sam-l10-and-l11-microcontroller-family |publisher=[[Microchip Technology]]}}</ref> |
|||
|- |
|||
| [[Nordic Semiconductor]] |
|||
| Level 2 |
|||
| Chip manufacturer |
|||
| <ref>{{cite web |title=Nordic Semiconductor nRF9160 SiP and nRF5340 SoC achieve PSA Certified Level 2 for enhanced IoT security assurance |url=https://www.nordicsemi.com/Nordic-news/2023/08/nRF9160-SiP-and-nRF5340-SoC-achieve-PSA-Certified-Level-2-for-enhanced-IoT-security-assurance |publisher=[[Nordic Semiconductor]]}}</ref> |
|||
|- |
|||
| [[Nuvoton]] |
|||
| Level 1 |
|||
| Chip manufacturer |
|||
| <ref>{{cite web |title=Nuvoton Debuts PSA Certified Level 1 and PSA Functional API Certified Arm Cortex-M23 Based MCU for Global Market Targeting IoT Security |url=https://www.nuvoton.com/news/news/products-technology/TSNuvotonNews-000247/ |publisher=[[Nuvoton]]}}</ref> |
|||
|- |
|||
| NXM Labs |
|||
| Level 1 |
|||
| Software platform |
|||
| <ref>{{cite web |title=NXM Achieves PSA Level One Certification from UL for its Autonomous Security Software |url=https://www.ul.com/news/nxm-achieves-psa-level-one-certification-ul-its-autonomous-security-software |publisher=UL |date=October 8, 2019}}</ref> |
|||
|- |
|||
| [[NXP Semiconductor]] |
|||
| Level 3 |
|||
| Chip manufacturer |
|||
| <ref>{{cite web |title=The LPC553x/S3x MCU family further expands the world’s first general purpose Cortex-M33-based MCU series |url=https://www.psacertified.org/products/lpc55s36/ |publisher=[[Arm Limited]]}}</ref> |
|||
|- |
|||
| OneOS |
|||
| Level 1 |
|||
| Software platform |
|||
| <ref>{{cite web |title=OneOS certification |date=3 February 2021 |url=https://www.psacertified.org/products/oneos/ |publisher=PSA Certified}}</ref> |
|||
|- |
|||
| [[Renesas Electronics]] |
|||
| Level 2 |
|||
| Chip manufacturer |
|||
| <ref>{{cite web |title=Renesas Electronics Unveils RA Family of 32-Bit Arm Cortex-M Microcontrollers with Superior Performance and Advanced Security for Intelligent IoT Applications |url=https://www.renesas.com/us/en/about/press-center/news/2019/news20191008.html |publisher=[[Renesas]]}}</ref> |
|||
|- |
|||
| [[RT-Thread]] |
|||
| Level 1 |
|||
| Software platform |
|||
| <ref>{{cite web |last1=Cohen |first1=Perry |title=RT-Thread IoT OS Achieves PSA Security Certification |url=https://www.embedded-computing.com/iot/rt-thread-iot-os-achieves-psa-security-certification |publisher=Embedded Computing Design}}</ref> |
|||
|- |
|||
| Sequitur Labs |
|||
| Level 1 |
|||
| Software platform |
|||
| <ref>{{cite web |title=Sequitur Labs' EmSPARK 2.0 Security Suite achieves PSA Certified status |url=https://www.newelectronics.co.uk/content/news/sequitur-labs-emspark-2-0-security-suite-achieves-psa-certified-status |publisher=New Electronics}}</ref> |
|||
|- |
|||
| [[Silicon Labs]] |
|||
| Level 3 |
|||
| Chip manufacturer |
|||
| <ref>{{cite web |last1=Dahad |first1=Nitin |title=Silicon Labs First to Achieve PSA Certified Level 3 Status for Wireless SoC |url=https://www.eetasia.com/silicon-labs-first-to-achieve-psa-certified-level-3-status-for-wireless-soc/ |publisher=[[EE Times]] |date=March 17, 2021}}</ref> |
|||
|- |
|||
| [[Goodix]] |
|||
| Level 1 |
|||
| Chip manufacturer |
|||
| <ref>{{cite web |title=Goodix receives PSA Certification |url=https://www.eet-china.com/info/202109261014.html |publisher=[[EE Times|EE Times China]] |language=Chinese}}</ref> |
|||
|- |
|||
| [[STMicroelectronics]] |
|||
| Level 3 |
|||
| Chip manufacturer |
|||
| <ref>{{cite web |title=Dev kits and software for STM32U5 – and chips now available |url=https://www.electronicsweekly.com/news/design/dev-kits-software-stm32u5-chips-now-available-2021-10/ |publisher=[[Electronics Weekly]] |date=October 1, 2021}}</ref> |
|||
|- |
|||
| [[Unisoc]] |
|||
| Level 1 |
|||
| Chip manufacturer |
|||
| <ref>{{cite web |title=Unisoc Launches All-New AIOT Solution V5663 |url=http://www.unisoc.com/unparalleled-unisoc-launches-all-new-aiot-solution-v5663 |publisher=[[Unisoc]] |date=March 2, 2020 |access-date=August 4, 2020 |archive-date=June 16, 2020 |archive-url=https://web.archive.org/web/20200616002323/http://www.unisoc.com/unparalleled-unisoc-launches-all-new-aiot-solution-v5663 |url-status=dead }}</ref> |
|||
|- |
|||
| Veridify |
|||
| Level 1 |
|||
| Software platform |
|||
| <ref>{{cite web |title=Veridify Security's DOME Client Library Achieves PSA Certified Level 1 Accreditation |url=https://www.embeddedcomputing.com/technology/security/software-security/veridify-security-s-dome-client-library-achieves-psa-certified-level-1-accreditation |publisher=Embedded Computing (magazine)}}</ref> |
|||
|- |
|||
| [[Winbond]] |
|||
| Level 2 |
|||
| Chip manufacturer |
|||
| <ref>{{cite web |title=Winbond TrustME Secure Flash Memory achieves PSA Certified Level 2 |url=https://www.winbond.com/hq/about-winbond/news-and-events/news/news00511.html?__locale=en |publisher=[[Winbond]] |date=February 26, 2020}}</ref><ref>{{cite web |last1=Winning |first1=Ally |title=Winbond TrustME secure flash gets PSA Certified Level 2 Ready |date=3 March 2020 |url=https://www.eenewsembedded.com/news/winbond-trustme-secure-flash-gets-psa-certified-level-2-ready |publisher=EE News}}</ref> |
|||
|- |
|||
| [[Zephyr (operating system)|Zephyr OS]] |
|||
| Level 1 |
|||
| Software platform |
|||
| <ref>{{cite web |title=Linaro contributes to the Zephyr Project becoming PSA certified |url=https://www.linaro.org/news/linaro-contributes-to-the-zephyr-project-becoming-psa-certified/ |publisher=Linaro}}</ref> |
|||
|} |
|||
==References== |
==References== |
||
{{reflist|2}} |
{{reflist|2}} |
||
[[Category:Internet of things companies]] |
|||
{{AFC submission|||ts=20200430094502|u=RichardDigital47|ns=118}} |
|||
[[Category:Internet security]] |
|||
Latest revision as of 09:31, 11 October 2024
 | This article contains promotional content. (March 2022) |
| PSA Certified | |
|---|---|
 | |
| Effective region | Worldwide |
| Effective since | 2017 |
| Type of standard | Security certification scheme |
| Website | psacertified.org |
Platform Security Architecture (PSA) Certified is a security certification scheme for Internet of Things (IoT) hardware, software, and devices. It was created by Arm Holdings, Brightsight, CAICT, Prove & Run, Riscure, TrustCB, and UL as part of a global partnership.
Arm Holdings first brought forward the PSA specifications in 2017 to outline common standards for IoT security,[1] with the PSA Certified Assurance Scheme launching two years later in 2019.
History
[edit]In 2017, Arm Holdings introduced the Platform Security Architecture (PSA), a framework designed to enhance the security of Internet of Things (IoT) devices and services. PSA emerged as a comprehensive standard, incorporating various elements such as threat models, security analyses, and architectural specifications for hardware and firmware. It also included an open-source firmware reference implementation. The primary objective of PSA was to establish a baseline for security in the IoT sector, catering to the needs of both software and device manufacturers.
Over time, PSA evolved into PSA Certified, a more structured, four-stage framework. This development aimed to provide IoT designers with a systematic approach to ensuring security. The framework categorized security into different levels, each offering varying degrees of assessment and assurance.
The initial PSA documents and IoT threat models were released in 2018, marking a significant step in standardizing IoT security.
The formal certification process for PSA Certified was launched at Embedded World in 2019. This event saw the introduction of Level 1 certification, primarily targeting chip vendors. Concurrently, a draft outlining Level 2 protection was also presented.
PSA Certified was further strengthened by the collaboration of seven founding stakeholders, including Arm Holdings, Brightsight, CAICT, Prove & Run, Riscure, UL, and TrustCB. TrustCB joined as an independent certification body for the scheme, while the other stakeholders, four of which are security test laboratories, contributed to the creation of the PSA Certified specifications under the PSA Joint Stakeholders Agreement.
The PSA Certified ecosystem expanded in 2021 with the addition of Applus+ and ECSEC, two notable security test labs.
Noteworthy milestones in the journey of PSA Certification include the issuance of the first Level 2 certificates to chip vendors in February 2020 and the awarding of the first Level 3 certificate in March 2021.
In November 2022, PSA Certified introduced Level 2 + Secure Element. This new category allows for the integration of a secure element to enhance the physical protection at Level 2, bridging the gap before advancing to the more robust Level 3 protection.
The evolution of PSA and the introduction of PSA Certified represent significant strides in standardizing and enhancing IoT security, reflecting the industry's ongoing commitment to safeguarding interconnected devices in an increasingly digital world.
Certification
[edit]The PSA Joint Stakeholders Agreement is an initiative focused on establishing a global standard for Internet of Things (IoT) security. This agreement aims to simplify the security protocols within the electronics industry by providing a coherent and comprehensive security scheme. The security certification scheme, as outlined in the agreement, advocates a security-by-design approach applicable to a broad spectrum of IoT products. This process begins with a thorough security assessment of the chip, specifically its Root of Trust (RoT), and progressively extends to system software and device application code. Notably, the PSA-certified specifications are designed to be neutral regarding implementation and architecture, making them applicable across various chips, software, and devices.
The PSA Certified program seeks to address and reduce fragmentation in the IoT product manufacturing and development sectors. It supports the creation of system-on-chips (SoCs) that incorporate a PSA Root of Trust (PSA-RoT), a security component accessible to software platforms and original equipment manufacturers (OEMs).
Functional API Certification
[edit]PSA-RoT offers a set of high-level APIs, facilitating the abstraction of trusted hardware and firmware across different chip vendors. These APIs include the PSA Cryptography API, the PSA Attestation API, the PSA Storage API, and the PSA Firmware Update API. Compliance with these APIs is verified through open source API test suites, and an open-source implementation of the PSA Root of Trust APIs is available through the TrustedFirmware.org project.
Certification Levels
[edit]Level 1 Certification
[edit]Level 1 targets chip vendors, software platforms, and device manufacturers. It involves a questionnaire, document review, and an interview conducted by a certification lab. The process ensures alignment with key IoT standards and laws, like NISTIR 8259, ETSI 303 645, and SB-327.
This mid-level certification focuses on software attacks and includes a month-long review of the PSA-RoT source code by a security lab. It emphasizes specific attack methods and evaluation methodologies, with a requirement for hardware support of PSA-RoT functions, primarily aimed at chip vendors.
Level 2 + Secure Element
[edit]This level enhances Level 2 by adding physical protection for certain security functions. It typically involves a Level 2 Certified SoC combined with a secure element, focusing on secure cryptographic operations and key storage.
Level 3 Certification
[edit]The highest level, Level 3, expands upon Level 2 to include safeguards against various physical and side-channel attacks. This level encompasses physical protection for all security functions, differentiating it from Level 2 + Secure Element.
This structured approach under the PSA Joint Stakeholders Agreement and the subsequent certification levels play a critical role in unifying and strengthening IoT security standards, catering to the diverse needs of the industry, and promoting a safer IoT environment.
Industry adoption
[edit]Since the launch of the standard, it has been adopted by a number of chip manufacturers and system software providers.
| Company | Certification Level | Sector | References |
|---|---|---|---|
| Aitos.io | Level 1 | Blockchain | [3] |
| Azure RTOS | Level 1 | Software platform | [4] |
| Crypto Quantique | Level 2 | OEM | [5] |
| Cypress Semiconductor | Level 2 | Chip manufacturer | [6] |
| Embedded Planet | Level 2 | OEM | [7] |
| Espressif Systems | Level 1 | Chip manufacturer | [8] |
| Eurotech | Level 1 | OEM | [9] |
| Express Logic | Level 1 | Software platform | [10] |
| FreeRTOS | Level 1 | Software platform | [11] |
| Infineon | Level 2 | Chip manufacturer | [12] |
| InGeek | Level 1 | OEM | [13] |
| Macronix | Level 1 | OEM | [14] |
| Microchip Technology | Level 1 | Chip manufacturer | [15] |
| Nordic Semiconductor | Level 2 | Chip manufacturer | [16] |
| Nuvoton | Level 1 | Chip manufacturer | [17] |
| NXM Labs | Level 1 | Software platform | [18] |
| NXP Semiconductor | Level 3 | Chip manufacturer | [19] |
| OneOS | Level 1 | Software platform | [20] |
| Renesas Electronics | Level 2 | Chip manufacturer | [21] |
| RT-Thread | Level 1 | Software platform | [22] |
| Sequitur Labs | Level 1 | Software platform | [23] |
| Silicon Labs | Level 3 | Chip manufacturer | [24] |
| Goodix | Level 1 | Chip manufacturer | [25] |
| STMicroelectronics | Level 3 | Chip manufacturer | [26] |
| Unisoc | Level 1 | Chip manufacturer | [27] |
| Veridify | Level 1 | Software platform | [28] |
| Winbond | Level 2 | Chip manufacturer | [29][30] |
| Zephyr OS | Level 1 | Software platform | [31] |
References
[edit]- ^ Dent, Steve (October 23, 2017). "Google and others back Internet of Things security push". Engadget.
- ^ "ESP32-S3 Series (ESP32-S3, ESP32-S3FN8, ESP32-S3R2, ESP32-S3R8, ESP32-S3R8V, ESP32-S3FH4R2) | PSA Certified". www.psacertified.org. 2022-07-06. Retrieved 2023-12-12.
- ^ "aitos.io launches the world's first PSA Certified BoAT blockchain application framework". Medium. 12 May 2021.
- ^ "Azure RTOS | PSA Certified". www.psacertified.org. 2021-10-27. Retrieved 2022-12-15.
- ^ "Securing the IoT ecosystem". New Electronics. September 30, 2021.
- ^ "Cypress Processing Solution with Built-in System Layer Security Fortifies IoT Application Design" (Press release). 26 February 2019.
- ^ "Arrow Electronics Accelerates Development of IoT Devices on PSA Certified Trusted Methodology". EE Times.
- ^ "ESP32-S3 Series (ESP32-S3, ESP32-S3FN8, ESP32-S3R2, ESP32-S3R8, ESP32-S3R8V, ESP32-S3FH4R2) | PSA Certified". www.psacertified.org. 2022-07-06. Retrieved 2023-12-12.
- ^ "Eurotech achieves IoT security certification". Eurotech. July 7, 2021.
- ^ "Express Logic's X-Ware IoT Platform is now Arm PSA Certified". Embedded Computing.
- ^ "FreeRTOS | PSA Certified". 2020-03-16. Retrieved 2021-04-09.
- ^ "PSoC 64 Standard Secure MCU family achieves PSA Level 2 certification". New Electronics. September 21, 2021.
- ^ "InGeek Embedded World PSA Certified". InGeek.
- ^ "Macronix ArmorFlash NOR Flash achieves PSA Certified Level 1 status". New Electronics. August 31, 2021.
- ^ "SAM L10 and SAM L11 Microcontroller Family". Microchip Technology.
- ^ "Nordic Semiconductor nRF9160 SiP and nRF5340 SoC achieve PSA Certified Level 2 for enhanced IoT security assurance". Nordic Semiconductor.
- ^ "Nuvoton Debuts PSA Certified Level 1 and PSA Functional API Certified Arm Cortex-M23 Based MCU for Global Market Targeting IoT Security". Nuvoton.
- ^ "NXM Achieves PSA Level One Certification from UL for its Autonomous Security Software". UL. October 8, 2019.
- ^ "The LPC553x/S3x MCU family further expands the world's first general purpose Cortex-M33-based MCU series". Arm Limited.
- ^ "OneOS certification". PSA Certified. 3 February 2021.
- ^ "Renesas Electronics Unveils RA Family of 32-Bit Arm Cortex-M Microcontrollers with Superior Performance and Advanced Security for Intelligent IoT Applications". Renesas.
- ^ Cohen, Perry. "RT-Thread IoT OS Achieves PSA Security Certification". Embedded Computing Design.
- ^ "Sequitur Labs' EmSPARK 2.0 Security Suite achieves PSA Certified status". New Electronics.
- ^ Dahad, Nitin (March 17, 2021). "Silicon Labs First to Achieve PSA Certified Level 3 Status for Wireless SoC". EE Times.
- ^ "Goodix receives PSA Certification" (in Chinese). EE Times China.
- ^ "Dev kits and software for STM32U5 – and chips now available". Electronics Weekly. October 1, 2021.
- ^ "Unisoc Launches All-New AIOT Solution V5663". Unisoc. March 2, 2020. Archived from the original on June 16, 2020. Retrieved August 4, 2020.
- ^ "Veridify Security's DOME Client Library Achieves PSA Certified Level 1 Accreditation". Embedded Computing (magazine).
- ^ "Winbond TrustME Secure Flash Memory achieves PSA Certified Level 2". Winbond. February 26, 2020.
- ^ Winning, Ally (3 March 2020). "Winbond TrustME secure flash gets PSA Certified Level 2 Ready". EE News.
- ^ "Linaro contributes to the Zephyr Project becoming PSA certified". Linaro.