Copyright © 2017-2018 Arm Limited (or its affiliates). All rights reserved. 1

October 2018 White Paper

Arm Platform Security Architecture OverviewRevision 1.2

2Copyright © 2017-2018 Arm Limited (or its affiliates). All rights reserved.

Platform Security Architecture Overview

Copyright © 2018 Arm Limited or its affiliates. All rights reserved.

Release Information

Table 1 lists the changes that are made to this document.

Date Issue Change

October 2017 A First development release

October 2018 B Full updates to release

Table 1 Change History

3Copyright © 2017-2018 Arm Limited (or its affiliates). All rights reserved.

Non-Confidential Proprietary Notice

This document is protected by copyright and other related rights and the practice or

implementation of the information contained in this document may be protected by one or

more patents or pending patent applications. No part of this document may be reproduced

in any form by any means without the express prior written permission of Arm. No license, express or implied, by estoppel or otherwise to any intellectual property rights is granted by this document unless specifically stated.

Your access to the information in this document is conditional upon your acceptance that

you will not use or permit others to use the information for the purposes of determining

whether implementations infringe any third-party patents.

THIS DOCUMENT IS PROVIDED “AS IS”. ARM PROVIDES NO REPRESENTATIONS

AND NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, INCLUDING, WITHOUT

LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY, SATISFACTORY

QUALITY, NON-INFRINGEMENT OR FITNESS FOR A PARTICULAR PURPOSE WITH

RESPECT TO THE DOCUMENT. For the avoidance of doubt, Arm makes no representation

with respect to, and has undertaken no analysis to identify or understand the scope and

content of, patents, copyrights, trade secrets, or other rights.

This document may include technical inaccuracies or typographical errors.

TO THE EXTENT NOT PROHIBITED BY LAW, IN NO EVENT WILL ARM BE LIABLE

FOR ANY DAMAGES, INCLUDING WITHOUT LIMITATION ANY DIRECT, INDIRECT,

SPECIAL, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES, HOWEVER

CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF ANY

USE OF THIS DOCUMENT, EVEN IF ARM HAS BEEN ADVISED OF THE POSSIBILITY

OF SUCH DAMAGES.

This document consists solely of commercial items. You shall be responsible for ensuring

that any use, duplication or disclosure of this document complies fully with any relevant

export laws and regulations to assure that this document or any portion thereof is not

exported, directly or indirectly, in violation of such export laws. Use of the word “partner”

in reference to Arm’s customers is not intended to create or refer to any partnership

relationship with any other company. Arm may make changes to this document at

any time and without notice.

If any of the provisions contained in these terms conflict with any of the provisions

of any click through or signed written agreement covering this document with Arm, then

the click through or signed written agreement prevails over and supersedes the conflicting

provisions of these terms. This document may be translated into other languages for

convenience, and you agree that if there is any conflict between the English version of

this document and any translation, the terms of the English version of the Agreement

shall prevail.

4Copyright © 2017-2018 Arm Limited (or its affiliates). All rights reserved.

The Arm corporate logo and words marked with ® or ™ are registered trademarks

or trademarks of Arm Limited (or its subsidiaries) in the US and/or elsewhere. All rights

reserved. Other brands and names mentioned in this document may be the trademarks

of their respective owners. Please follow Arm’s trademark usage guidelines at

http://www.arm.com/company/policies/trademarks.

Copyright © 2017-2018 Arm Limited (or its affiliates). All rights reserved.

Arm Limited. Company 02557590 registered in England.

110 Fulbourn Road, Cambridge, England CB1 9NJ.

LES-PRE-20349

5Copyright © 2017-2018 Arm Limited (or its affiliates). All rights reserved.

Table of Contents

Release information 2

Non-Confidential Proprietary Notice 3

1 About This Document 6

1.1 References 6

1.2 Terms and Abbreviations 6

2 Introduction 8

2.1 Industry Challenges 8

2.2 Arm’s vision for a more secure IoT 9

3 Introducing the Arm Platform Security Architecture 10

3.1 Solving an industry issue 10

3.2 What is Platform Security Architecture? 10

3.3 Objectives 10

3.4 Three key phases 11

3.5 Phase 1: Analyze with Threat Models and 12

Security Analyses

3.6 Phase 2: Architect with Architecture Specifications 14

3.6.1 PSA Security Model 15

3.6.2 Factory Initialization 15

3.6.3 Trusted Base System Architecture (TBSA) 15

3.6.4 Trusted Boot and Firmware Update 16

3.6.5 Firmware Framework (PSA-FF) 16

3.6.6 Developer APIs 18

3.7 Phase 3: Implement with Trusted Firmware-M 19

reference implementation

3.8 Mbed OS 20

3.9 Ecosystem Enabling 21

4 Functional APIs and Security Evaluation 22

5 Arm’s Supporting IP 23

6 Conclusion 24

6Copyright © 2017-2018 Arm Limited (or its affiliates). All rights reserved.

1 About This DocumentThis is an introduction to Arm’s Platform Security Architecture (PSA) specifications.

This paper provides an overview of the evolution of the security technology, with some

high-level details. For further information, refer to the various specifications from Arm,

referenced in this document.

1.1 References

This document refers to the following documents:

Term Meaning

Application firmware The main application firmware for the platform, typically comprising application tasks and

an RTOS. PSA provides no isolation services for this firmware, although the RTOS might

make use of available hardware support, to provide internal isolation of operation.

Application Root of Trust This is the security domain in which additional security services are implemented.

See PSA Security Model [PSA-SM] for details.

Application Root of Trust Service This is a Root of Trust Service within the Application Root of Trust domain.

Common Criteria Common Criteria (CC) is the set of internationally and nationally recognised technical

standards and configurations that allow for security evaluations of products and

technology. The individual set of Common Criteria technical standards or configurations,

developed for a specific product or technology, is qualified as a protection profile.

IDAU Implementation defined attribution unit. See [Armv8-M].

Reference Document Number Title

[TF-A] N/A Trusted Firmware-A

[TBSA-M] Arm DEN 0083A Trusted Base System Architecture for

Armv6-M, Armv7-M and Armv8-M

[TBBR] Arm DEN 0006B Trusted Board Boot Requirements

[Armv8-M] Arm DDI 0553A Armv8-M Architecture Reference

Manual, Arm Ltd

[GPROT] GP_REQ_025 v1.0.1 Root of Trust Definitions and

Requirements, GlobalPlatform

[PSA-FF] ARM DEN 0063A Firmware Framework

[PSA-SM] ARM DEN 0079 PSA Security Model

[PSA-FI] Yet to be available Factory Initialization

[PSA-TBFU] ARM DEN 0072A Trusted Boot and Firmware Update

1.2 Terms and Abbreviations

This document uses the following terms and abbreviations:

7Copyright © 2017-2018 Arm Limited (or its affiliates). All rights reserved.

IPC Inter-process communication. PSA provides an IPC mechanism to provide

a communication channel for requests between isolated partitions.

MPU Memory protection unit.

Non-Secure Processing Environment (NSPE) This is the security domain outside of the SPE, the Application domain, typically

containing the application firmware and hardware.

Partition The unit of execution from the perspective of the SPM. The smallest isolated unit

in the PSA model.

Protection Profiles (PP) A formal document that describes a combination of threats, security objectives,

assumptions, security functional requirements, security assurance requirements

and rationales.

PSA Platform Security Architecture.

PSA-FF PSA Firmware Framework.

PSA Immutable Root of Trust The hardware and code and data that cannot be modified following manufacturing.

See PSA Security Model [PSA-SM] for details.

PSA Root of Trust This defines the most trusted security domain within a PSA system. See PSA Security

Model [PSA-SM] for details.

PSA Root of Trust Service This is a Root of Trust Service within the PSA Root of Trust domain.

PSA Updateable Root of Trust The Root of Trust firmware that can be updated following manufacturing.

See PSA Security Model [PSA-SM] for details.

RoT Root of Trust. See [GPROT]. This is the minimal set of software, hardware and data that

has to be implicitly trusted in the platform – there is no software or hardware at a deeper

level that can verify that the Root of Trust is authentic and unmodified.

Root of Trust Service (RoT Service) A set of related security operations that are implemented in a Secure Partition.

The server endpoint of a PSA IPC channel. Multiple RoT Services can co-exist in a single

Secure Partition.

SAU Security attribution unit. See [Armv8-M].

Secure Partition A thread of execution with protected runtime state within the Secure Processing

Environment. Container for the implementation of one or more RoT Services. Multiple

Secure Partitions may be present in a platform.

SPE Secure Processing Environment. A platform’s processing environment for software that

provides confidentiality and integrity for its runtime state, from software and hardware,

outside of the SPE. Contains the Secure Partition Manager, the Secure Partitions and

the trusted hardware.

SPM The part of a PSA implementation that is responsible for isolating software in

partitions, managing the execution of software within partitions, and providing IPC

between partitions.

8Copyright © 2017-2018 Arm Limited (or its affiliates). All rights reserved.

2 IntroductionThe transition to an Internet of Things (IoT) is well underway and has the potential to

transform both commercial and consumer experience. The success of the IoT is heavily

dependent upon the trust and security built into billions of connected devices. Businesses

rely on the data from edge computing, in order to make gainful decisions, whilst consumers

need assurance that their connected homes and digital lives are not compromised.

Security is not optional

The mass deployment of IoT devices, over the next few years, will create a connected

world that the population relies upon. This extraordinary growth of microcontroller-based

products will result in:

Billions of IoT and embedded connected devices, built from a range of Arm-

based solutions.

A wide variety of use cases and security robustness requirements.

Integration of system components from multiple hardware, software,

and firmware vendors.

Diverse implementations of each component.

Integration work that may not be reusable from one project to another.

The gold rush that is pushing this market, is driving a time- and cost-sensitive environment,

which requires new designs to be created much faster than ever before. In many instances,

security is an after-thought, a fix-later problem to reduce time-to-market. However, poorly-

designed connected devices are vulnerable to exploitation and may act as a portal to bring

down key parts of the internet infrastructure, potentially risking our safety. Consequently,

there is a need for device security that addresses these vulnerabilities and can be applied

at all cost points.

This white paper offers an overview of the Platform Security Architecture (PSA) –

a framework that provides hardware- and firmware-based security that is designed

into devices, from the ground up.

2.1 Industry Challenges

The challenges facing the industry are as follows:

1. Security can be expensive to implement throughout a device lifecycle.

2. Secure devices are difficult to manage at scale.

3. The industry lacks confidence in the data being passed to and from sensors and

actuators, and is therefore unable to realize the full economic benefits of the IoT.

4. Security specialists are expensive and in short supply, particularly for smaller businesses

and startups.

5. The security landscape is ever evolving, with new vulnerabilities emerging all the time.

9Copyright © 2017-2018 Arm Limited (or its affiliates). All rights reserved.

2.2 Arm’s vision for a more secure IoT

With these challenges in mind, we released the Arm Security Manifesto, which outlines our

vision for security.

1. To shift the economics of security:

- Security should be affordable throughout the device lifecycle.

2. Making security practical at scale:

- IoT cloud operators need the facility to manage vast numbers of devices, securely

and efficiently, regardless of the different device types or silicon inside them.

3. Security across the entire value chain:

- A key benefit of the IoT lies in the data generated and exchanged, and the analysis

and subsequent information extracted from this data. Companies must be able to

determine the reliability of the data, to make the shared financial benefits of the

ecosystem a reality.

4. Security from the ground up:

- A consistent standard of security should be designed into the hardware and firmware

of all devices.

5. An industry-wide responsibility:

- Security is an industry-wide responsibility. The technology industry, as a whole, needs

to step up, collaborate, and adopt a common security best practice in order to address

current and future security threats. PSA calls on the ecosystem to take action and

raise standards of security, across the board.

10Copyright © 2017-2018 Arm Limited (or its affiliates). All rights reserved.

3 Introducing the Arm Platform Security Architecture

3.1 Solving an industry issue

Taking current trends and security issues into consideration, Arm felt a need to drive

alignment across the industry with a common standard. The goal is to create increased

security across the ecosystem, through a shared approach to best practice. In doing this,

we shift the economics of security, reducing risk, security cost and the complexity of

implementing robust security measures. To achieve this, Arm announced the Platform

Security Architecture (PSA).

3.2 What is Platform Security Architecture?

The Platform Security Architecture (PSA) is a framework for securing a trillion connected

devices. It includes a holistic set of deliverables, including Threat Models and Security

Analyses documentation, hardware and firmware architecture specifications, and API test

kits. Together, with an open source reference implementation, it enables you to consistently

design in the right level of security to all connected devices. PSA draws and builds upon

best practice from across the industry. It is aimed at different entities throughout the supply

chain, from chip designers and device developers to cloud and network infrastructure

providers and software vendors. Together with our partners, Arm is leading the ecosystem

in its goal to protect the connected world. The Platform Security Architecture (PSA) has

been designed to demystify security designs and concepts.

3.3 Objectives

The following objectives outline the PSA framework to make billions of devices more secure:

Simplify the process of evaluating IoT devices against security standards.

Reduce cost and complexity of software development for ecosystem partners by

facilitating re-use, improving interoperability, and minimizing API fragmentation.

Reduce cost of security and complexity for SoC designers, through the Security

Model realization, by leveraging from the primitives offered by the PSA.

To achieve the above objectives, the following requirements should be met:

Establish a basis for certification/evaluation of an Arm-based SoC or device.

Define core security functionality.

Define a sandbox security model.

Define a framework for security functions implemented by third party software vendors.

Define the fundamental IoT secure hardware platform.

Provide a robust, open source reference implementation for IoT devices (similar to

Trusted Firmware-A for clamshell and mobile).

11Copyright © 2017-2018 Arm Limited (or its affiliates). All rights reserved.

3.4 Three key phases

Applying PSA consists of three key phases:

1. Analyze: Threat Models and Security Analyses, derived from a range of typical IoT

use cases.

2. Architect: Architecture specifications for firmware and hardware.

3. Implement: An open source reference implementation of the firmware

architecture specifications.

At the root of PSA, threat models drive security requirements at every phase, as illustrated

in Figure 1. These specific threat models are CPU architecture-agnostic, whereas the other

two components exist to support conformant implementations.

The relationship between the three phases of PSA is shown in Figure 1.

Figure 1 PSA components

Security Model

Trusted Base System Architecture

Trusted Boot & Firmware

Update

Firmware Framework

Factory Initialization

Cloud service clients

Threat Models and Security Analyses

OS

Developer APIs

Firmware

Hardware platform

Derived requirements

Implementation

Inform

Assess

Specify

Platform Security Architecture

12Copyright © 2017-2018 Arm Limited (or its affiliates). All rights reserved.

3.5 Phase 1: Analyze with Threat Models and Security Analyses

When designing a secure system, we need to carry out a risk analysis and create a threat

model, taking into consideration the key factors. These include:

Assets in need of protection.

All potential threats.

The scope and severity of these threats.

The different types of attacker and the methods they might use to exploit vulnerabilities.

From this research, security objectives can be determined and the security functional

requirements established to mitigate the threats. Currently, Arm has developed three

example threat models, available to download via the PSA resources page. These were

created through a close analysis of three common IoT use cases. Generally applicable

security principles can be derived from these analyses, and are then used to guide the

development of the architecture specification documents.

The threat models have been created using an English Language Protection Profile-style

approach, to establish a set of Security Functional Requirements (SFR) for the Target of

Evaluation (TOE). Each profile considers the functional description, the TOE, and the

necessary security requirements. The documentation is intended to make threat modelling

more accessible and more useable by engineers, regardless of whether they have prior

security knowledge or expertise.

The hardware and software security building blocks, as described in the PSA architecture

specifications, provide the primitives needed to meet the security requirements, also

highlighted in the available threat modelling documentation.

13Copyright © 2017-2018 Arm Limited (or its affiliates). All rights reserved.

System description

Assets

Threats

Security objectives

Security requirements

Smart Metering

Metering data to be protected in integrity and confidentiality

Remote software attacks

Strong crypto

Hardware-based keystore

Figure 2Example of a security analysis for a smart meter

Threat models and Security Analysis

An example of a high-level analysis is illustrated in Figure 2.

14Copyright © 2017-2018 Arm Limited (or its affiliates). All rights reserved.

3.6 Phase 2: Architect with Architecture Specifications

Following analysis of a device, security recommendations are generated based on

the value of the device assets and the list of potential attacks that threaten those assets.

Phase two focuses on creating a system architecture that is capable of delivering the

security requirements, and describes this architecture in the PSA specifications.

The PSA specifications consist of a suite of connected documents, as follows:

1. PSA Security Model – Foundational trust models and patterns.

2. Factory Initialization – Requirements for initial secure device programming

and configuration.

3. Trusted Base System Architecture [TBSA-M] – Hardware platform requirements.

4. Trusted Boot and Firmware Update [TBFU].

5. Firmware Framework [PSA-FF] – Firmware interface definition of a Secure Processing

Environment (SPE) for constrained IoT platforms, including PSA Root of Trust APIs.

6. Developer APIs – Interfaces to security services for application developers.

In this next section of the whitepaper, we will discuss the purpose of each document.

Security Model

Trusted Base System Architecture

Trusted Boot & Firmware

Update

Firmware Framework

Factory Initialization

Developer APIs

Derived requirements

Platform Security Architecture

15Copyright © 2017-2018 Arm Limited (or its affiliates). All rights reserved.

3.6.1 PSA Security Model

The Security Model (SM) defines the overall security architecture for designing and

deploying trusted PSA-compliant devices within ecosystems. It is the top-level document

for the other PSA specifications and defines common language, high-level robustness rules,

and models for them.

The SM is based on the use case-driven recommendations of the Threat Models and

Security Analyses. Although the SM is intended to be use case-agnostic, initially the focus

is on a few selected IoT use cases.

The SM covers three main areas:

1. Root of Trust (RoT) and associated security services.

2. Root secrets – their storage, protection, and provisioning.

3. Device lifecycle and its implications on Roots of Trust.

3.6.2 Factory Initialization

The security and Root of Trust (RoT) models are only effective if root secrets and

device firmware are provisioned in the context of secure manufacturing processes.

The manufacturing process extends into device management for robust distribution

of device attributes and properties, firmware updates, and so on to service providers

and device owners.

This is an informative document that identifies and discusses the general need for

infrastructure and common frameworks to facilitate these processes, as well as their

dependencies on the RoT, established in the device security architecture. Deploying actual

factory provisioning and device management infrastructure is expected to be done by

industry stakeholders or using services, such as Arm Mbed Cloud.

3.6.3 Trusted Base System Architecture (TBSA)

Trusted Base System Architecture for Armv6-M, Armv7-M and Armv8-M (TBSA-M) is

a set of SoC hardware requirements. It applies to SoC designs for PSA that use Armv6-M,

Armv7-M and Armv8-M CPUs.

TBSA-M encapsulates best practice security principles when designing systems around Arm

Cortex-M processing elements (PEs). These principles support the design and integration of

the following features, rooted in hardware:

A Root of Trust.

A protected keystore.

Isolation between trusted and untrusted software components.

A secure firmware update mechanism.

16Copyright © 2017-2018 Arm Limited (or its affiliates). All rights reserved.

A lifecycle management mechanism and secure debug.

A high entropy random number generator; this is essential for reliable cryptography.

Cryptographic acceleration – in order for real-time functionality to be maintained

alongside the correct security features.

A Firmware Framework (PSA-FF) implementation ideally runs on top of designs

implementing the TBSA-M specification, to enable a secure processing environment

that isolates security-critical functionality and data from application firmware. This can

increase confidence in the trustworthiness of a device, even in the presence of exploitable

software vulnerabilities.

3.6.4 Trusted Boot and Firmware Update

The trusted boot and firmware update requirements provide the system and

firmware technical requirements for ensuring MCU boot integrity. The specification

covers the following:

Authenticated boot process to establish the secure runtime services.

A secure firmware update agent.

Description of authentication and authorizing of firmware updates with cryptographic

certificates and device keys.

Recommendations and best practice are described, to help make

implementations robust.

3.6.5 Firmware Framework (PSA-FF)

Based on the requirements in the PSA Security Model, the Firmware Framework (PSA-

FF) defines a standard interface and framework, to isolate trusted functionality within

constrained IoT devices. The framework provides:

Architecture that describes isolated runtime environments (partitions) for trusted and

untrusted firmware.

A standard model for describing the functionality and resources in each partition.

A secure IPC interface to request services from other partitions.

A model that describes how the partitions can interact with one another, as well as the

hardware and the firmware framework implementation, itself.

This specification enables the development of secure firmware functionality that

can be reused on different devices that use any conforming implementation of the

Firmware Framework.

17Copyright © 2017-2018 Arm Limited (or its affiliates). All rights reserved.

For further details on the firmware framework, refer to the PSA Firmware Framework

[PSA-FF] specification.

3.6.5.1 Isolation

The Platform Security Architecture Firmware Framework (PSA-FF) defines three permitted

levels of firmware runtime isolation. This permits reduced isolation in highly constrained

devices. Simultaneously, it increases security and robustness on platforms with sufficient

resources – while still providing the same firmware interfaces for developing security services.

PSA-FF divides execution, within the system, into two zones – the Non-Secure Processing

Environment (NSPE) and the Secure Processing Environment (SPE). The NSPE contains

the application firmware, OS kernel, and OS libraries, which typically control most I/O

peripherals. The SPE contains the security firmware and hardware resources, which are

isolated from NSPE firmware and non-secure hardware resources.

PSA-FF further divides the SPE into the Secure Partition Manager (SPM) and Secure Partitions.

Secure Partitions are the execution environment for security services.

The SPM implements the isolation logic to separate the partitions, which is enforced

by platform hardware, such as an MPU, Arm TrustZone or physically isolated processors.

The higher isolation levels introduce separation between the different components within

the SPE.

Figure 3Elements of the PSA Firmware Framework

The overview of this is illustrated in Figure 3.

OS kernal

OS libraries

Application FirmwareApplication RoT

Service PSA RoT ServiceApplication RoT

ServiceApplication RoT

Service PSA RoT Service

Secure IPC Secure interruptsSecure isolation

Application Application Root of Trust

Secure Processing Environment (SPE)

Isolation boundary

Non-Secure Processing Environment (NSPE)

Secure Partition Manager

Secure Partition Secure Partition Secure Partition

PSA Root of Trust

18Copyright © 2017-2018 Arm Limited (or its affiliates). All rights reserved.

3.6.5.2 Secure IPC

The Firmware Framework defines a secure session-based IPC mechanism that allows firmware,

in two isolated partitions, to interact. Specifically, the IPC framework enables firmware in one

partition to request services from firmware in another partition, through a standard interface.

The API requires that the messages are copied by the framework between the partitions,

removing the vulnerability risks that come from directly sharing memory.

3.6.5.3 Root of Trust Services (RoT Services)

Security functionality is exposed by the PSA-FF as a collection of RoT Services. Each RoT

Service is a set of related security operations that are implemented in a Secure Partition.

Multiple RoT Services can be supported in each Secure Partition.

Different silicon partners can provide their own plug-in implementations of standard

RoT Services. The firmware framework abstracts away RoT Service implementation

through a pre-defined API and calling semantics. Silicon and other partners can also define

implementations of their own RoT Services, to provide platform specific services or higher

level security services.

3.6.5.4 PSA Root of Trust APIs

PSA-FF also defines a standard API for all trusted services that can directly use the

PSA-SM Root secrets, such as cryptographic operations and device identity attestation.

Together with the SPM, these services form the PSA Root of Trust within the larger SPE.

At isolation level 2 or 3, the PSA Root of Trust is isolated from all other Secure Partitions.

3.6.6 Developer APIs

PSA also defines some security service APIs for application developers. Although these

are not all required APIs for PSA, using a common interface accelerates adoption and

deployment of PSA-based systems. For example:

Cryptographic Operations

These services offer the ability to work with cryptographic keys without ever seeing them.

Application developers refer to keys by handles and can request operations, like signature

or encryption, to be performed with a given key, without ever exporting it out of the secure

environment. On devices that sport a hardware secure element, calls are passed through

an appropriate driver and performed directly on the secure element.

Application developers will be able to rely on Random Number Generators of cryptographic

quality, based on dedicated hardware when present, or based on a unique private seed for

the simplest devices.

19Copyright © 2017-2018 Arm Limited (or its affiliates). All rights reserved.

Secure Time Services

Secure Time Services allow devices to know the current date and time with a reasonable

amount of confidence. This is useful e.g. when validating a remote certificate in a Transport

Layer Security (TLS) session, or making sure that a firmware signature is still valid before

installing it.

Secure Storage

In many cases, storing just a few bits securely is enough to maintain confidentiality over the

whole device. This service offers a key/pair storage service meant to store small amounts of

data in tamper-proof areas, with integrity checks and rollback protection.

Secure Attestation

Using this service, devices will be able to report on their own identity and health status

using signed messages. This service enables things like remote identity provisioning,

protection against device duplication, and counterfeiting.

3.7 Phase 3: Implement with Trusted Firmware-M reference implementation

Trusted Firmware-M (TF-M) is a reference implementation of the PSA specifications,

for IoT devices based on M-Profile platforms. The implementation for Arm Cortex-M

processors leverages Arm’s TrustZone technology. TF-M is an open source, open

governance project and is available at www.trustedfirmware.org, alongside the existing

Trusted Firmware-A project that targets Cortex-A-powered mobile and clamshell devices.

Other ecosystem partners may provide other implementations.

OSPSA

Developer APIs

Network

Apps

Middleware

Stor

age

Cry

pto

Attes

tatio

n

Audi

t Log

s

Prov

ision

Platf

orm

3rd

Part

y

Platform Drivers(Crypto, NONCE,

RNG, etc.)

TF-M Core (IPC, SPM, Interrupt Handling)

TF-M Core (IPC, SPM, Interrupt Handling)

TF-M Core (IPC, SPM, Interrupt Handling)

TBSA-M Hardware (SoC)

Secure Boot

SecureNon-Secure

Isolation Boundary

PSA RoT (Secure Privileged Domain)

PSA Spec/APIApplication RoTTF-M

Figure 4Trusted Firmware-M

20Copyright © 2017-2018 Arm Limited (or its affiliates). All rights reserved.

TF-M publicly launched in March 2018 and is under active development. See Roadmap.

TF-M aims to provide:

A bootloader for authenticated boot, for both secure and non-secure images,

and secure upgrade of images.

Implementation of the PSA Firmware Framework specification, including the IPC

framework used for communication between different isolated secure partitions,

SPM to manage isolation between the partitions and Secure Interrupt Handling.

Set of Secure Services that can be used by secure and non-secure applications,

such as Secure Storage, Cryptography, Audit Logs, and Attestation.

Standardized PSA APIs to invoke Secure Services from non-secure applications.

Easy to use infrastructure to create additional Secure Services.

High configurability, ease of porting and integration.

OS support:

- RTX is being used for development work.

- Integration with Mbed OS, FreeRTOS and Zephyr support will be available soon.

Integration guide on how to integrate TF-M with other hardware platforms and

operating systems.

Cross-platform build system based on cmake and GNU tool chain.

GCC and ARMCLANG compiler support.

3.8 Mbed OS

Mbed OS is an open source operating system for MCU-based IoT devices, addressing all

Arm Cortex-M targets.

Mbed OS includes, extends, and adapts Trusted Firmware-M (TF-M) so that Mbed OS

users can enjoy the benefits of having secure firmware foundations that are ported to

a large number of hardware platforms. Security features provided by TF-M are used by

Mbed OS, according to the hardware capabilities of the local platform. For example, secure

partitions can be defined over dual-core boards, or through Armv8-M TrustZone. Where

TF-M provides generic methods and APIs, Mbed OS provides specific implementations,

wherever applicable.

Mbed OS offers support for:

Dual-core Armv6-M or Armv7-M architectures, where PSA separation is achieved by

running SPE and NSPE on separate MCUs.

Armv8-M (through TF-M), where PSA separation is achieved using TrustZone.

PSA Cryptographic APIs available to firmware application developers, with support

for some crypto hardware acceleration and external secure elements.

Secure Sockets (TLS) as part of high-level developer APIs.

21Copyright © 2017-2018 Arm Limited (or its affiliates). All rights reserved.

Mbed OS comes with a rich set of drivers to support communication devices and protocols,

an integrated development environment, online and offline compiler tools, and support

for features like firmware updates over the air, to maintain deployed devices for extended

periods of time.

3.9 Ecosystem Enabling

The following include ecosystem enabling support tools that are now available:

FPGA Prototyping Board and the Arm Musca-A1 test chip board, to enable development.

Arm software development tools fully support PSA and Trusted Firmware for Cortex-M

(TF-M). CMSIS-ZONE helps to reduce the attack surface exposure by making it easy to

partition an application into secure and non-secure zones, utilizing TrustZone and/or an

on-chip memory protection unit (MPU). For code maintenance post-deployment, our

secure debug capabilities ensure that only verified sources access authorized areas for

debug, using debug over functional interface and certificate-based authentication.

22Copyright © 2017-2018 Arm Limited (or its affiliates). All rights reserved.

4 Functional APIs and Security EvaluationArm provides APIs to enable software developers to have a consistent interface to

hardware-based security functions. They have been designed to be easy to use and have

sensible defaults. The API test kits will enable chip vendors and device makers to check their

software implementations are functioning, as expected. Three test kits are being developed:

1. PSA Developer APIs are the top-level APIs used by application developers and RTOS

vendors. These APIs have been designed to be used by software developers who

wish to use the hardware security features without necessarily being security experts

themselves. These APIs provide the top-level essential services of: crypto, secure

storage and attestation tokens.

2. PSA Firmware Framework APIs are designed for developers of secure functions (aka

Application Root of Trust Services or ARoT). Security experts wishing to add their own

security functionality can develop an ARoT service that can be used on different chips

using these standard APIs.

3. TBSA-M API test kit enables chip vendors to check the functionality of their chips

against the proposed hardware requirements checklist contained in the Trusted Base

System Architecture-M document.

Arm is also working with leading test labs on a security evaluation scheme for IoT chipsets

and devices. This work will lead to a multi-level evaluation scheme that can provide easy-

to-understand security levels for IoT devices. The first set of deliverables is a library of

IoT Threat Models and Security Analyses (TMSAs) that helps to inform the design of the

evaluation scheme along with the PSA Security Model (SM) goals.

23Copyright © 2017-2018 Arm Limited (or its affiliates). All rights reserved.

5 Arm’s Supporting IPArm’s existing repertoire of security products and technologies enables silicon partners

to improve time to market of their products. Arm’s existing security products include:

A-Profile architectures, such as Armv8-A, incorporating Arm TrustZone.

Trusted Firmware-A (for A-Profile), a reference open source implementation,

which includes Trusted Boot and TEE-loading components.

Armv8-M architecture introduced TrustZone for the microcontroller market.

Arm TrustZone technology is a system-on-chip (SoC) and CPU system-wide approach

to security with hardware-enforced isolation to establish secure end points and

a device root of trust.

Arm CryptoCell, a collection of security modules that provide platform-level

security services.

Arm CryptoIsland, a family of highly integrated security subsystems, aimed at

providing on-die smartcard-level security.

Arm’s Physical Security Solutions: empowering designers to build in the necessary

physical protection at the heart of the device. The suite includes both processor IP

(Cortex-M35P and Arm SecurCore) equipped with tamper resistance, plus a range

of IP (CryptoCell-300P and CryptoIsland-300P) specifically created to mitigate side-

channel attacks.

The Pelion IoT Platform is a flexible, secure, and efficient foundation spanning

connectivity, device, and data management. It accelerates the time to value of

your IoT deployments by helping you easily connect trusted IoT devices on global

networks, invisibly administer them, and extract real-time data from them, to drive

competitive advantage.

24Copyright © 2017-2018 Arm Limited (or its affiliates). All rights reserved.

6 ConclusionThe Platform Security Architecture (PSA) shifts the economics of security for

connected devices.

The PSA brings together industry best practice, to form an holistic set of architecture

documentation, security analyses and requirements, together with an open source

reference firmware implementation.

Arm’s ongoing investment will enable solutions, within the ecosystem, to continuously

evolve, improve and adapt. We will provide a range of hardware security solutions that

work with the PSA, to offer appropriate security robustness. For example, the PSA will

work with a wide range of Arm microcontrollers and system IP, such as Arm CryptoCell.

By reducing low level security fragmentation, Arm aims to enable a security ecosystem

that works for everyone – silicon partners, OEMs, platform owners, service providers,

consumers, and the wider developer community. We invite the Arm ecosystem to build

upon and expand our work on the PSA and Trusted Firmware-M.