Security seems to be at the top of everyone’s list of important design criteria, but implementing it can prove to be difficult. Arm’s Platform Security Architecture (PSA) is designed to change that for Cortex-M microcontrollers. The architecture-agnostic PSA is designed to be used in applications where a full Trusted Execution Environment (TEE) is too large or complex. As of now, Cortex-A platforms support Arm’s TrustZone and TEEs. Efforts like the Trusted Computing Group’s DICE also address this low-end space.
The PSA consists of three parts (Figure 1). These include Threat Models and Security Analyses, architecture specifications for firmware and hardware, and an open-source reference implementation.
Arm analyzed a range of IoT use cases and crafted a set of English-language Protection Profiles designed for developers who aren’t security specialists. The profiles establish a set of Security Functional Requirements (SFR) for the Target of Evaluation (TOE).
A typical analysis and profile for a smart metering system would include assets like protection of the meter from threats such as remote software attacks, a set of objectives such as providing strong crypto support, and hardware requirements such as hardware-based key storage.
PSA文档将定义设备安全模型,受信任的设备初始化,受信任的基本系统体系结构(TBSA-M),受信任的启动和固件更新支持,PSA固件M框架,安全处理环境以及PSA受信任的功能。手臂有一个PSA whitepaperthat provides more details. Through TBSA-M targets new ARMv8-M platforms, vendors can also integrate support on ARMv7 platforms.
PAS实现的示例将包括诸如安全启动和安全键存储,可信赖的固件和系统分区之类的功能。值得信赖的固件M是用于ARMV8-M体系结构的开源参考PSA实现。
Arm is providing PSA support of its mbed OS, an open-source operating system for Cortex-M platforms. In addition, the Arm Keil development system provides secure and non-secure software development, debug, and
