Warning: Undefined array key "city" in /var/app/current/wp-content/themes/bestinternet_prod/header.php on line 56 Warning: Undefined array key "postal" in /var/app/current/wp-content/themes/bestinternet_prod/header.php on line 60 Warning: Undefined array key "country" in /var/app/current/wp-content/themes/bestinternet_prod/header.php on line 64 Warning: Undefined variable $org in /var/app/current/wp-content/themes/bestinternet_prod/header.php on line 70 Warning: Undefined variable $loc in /var/app/current/wp-content/themes/bestinternet_prod/header.php on line 78 Warning: Trying to access array offset on value of type null in /var/app/current/wp-content/themes/bestinternet_prod/header.php on line 78 Warning: Undefined variable $loc in /var/app/current/wp-content/themes/bestinternet_prod/header.php on line 79 Warning: Trying to access array offset on value of type null in /var/app/current/wp-content/themes/bestinternet_prod/header.php on line 79
Internet

How PSA APIs will enable secure devices and a consistent developer experience

Posted on

PSA provides a set of architecture documents to standardize the fundamental security system and services as the PSA Root of Trust (PRoT). There are many ways a chip vendor could construct a good PRoT, they could for example: use a processor with TrustZone hardware isolation, add in a security subsystem such as Arm CryptoCell or opt to dedicate a small microcontroller to provide the isolated secure services.  Arm has published a hardware requirements document called Trusted Base System Architecture-M (where M stands for microcontroller), which provides recommendations to chip vendors for multiple different implementation choices that could be used to create a PRoT.  The chip designer will look at their target markets, choose an implementation pattern and integrate trusted software to create a PSA system. To make the development process even easier and quicker there is an open source, open governance project (Trusted Firmware-M) that provides a reference implementation.

New PSA APIs will ramp development cycles

To mask underlying hardware differences, we need some APIs that can provide a consistent developer experience across different chips and platforms. Arm has created three sets of APIs with API testing kits aimed at different developer communities. Together they enable efficient development of software, security functions and hardware.

  1. PSA Developer APIs are the top-level APIs used by application developers and RTOS vendors. These APIs have been designed to be used by software developers who wish to use the hardware security features without necessarily being security experts themselves. These APIs provide the top-level essential services of: crypto, secure storage and attestation tokens. The open source Trusted Firmware-M project is developing a reference implementation. At the time of writing Crypto APIs are already publicly available with Secure Storage and Entity Attestation Token to follow soon.
  2. PSA Firmware Framework APIs are designed for developers of secure functions (aka Application Root of Trust Services or ARoT). Security experts wishing to add their own security functionality can develop an AROT service that can be used on different chips using these standard APIs.  
  3. The TBSA-M API Kit enables chip vendors to check the functionality of their chips against the proposed hardware requirements checklist contained in the Trusted Base System Architecture-M document.

These APIs, corresponding API testing kits and the PSA architecture documents that underpin them are architecture agnostic; there is no specific Arm technology required.