PSA Certified, previously known as Platform Security Architecture, is an architecture-agnostic security framework and evaluation scheme. It is intended to help secure Internet of Things (IoT) devices built on system-on-a-chip (SoC) processors. [1] Its introduced was to increase security where a full [trusted execution environment]] is too large or complex. [2]
The architecture was introduced by Arm Holdings in 2017 at the annual TechCon event. [3] [4] Although the scheme is architecture agnostic, it was first implemented on Arm Cortex-M processor cores intended for microcontroller use. PSA Certified includes freely available threat models and security analyses that demonstrate the process for deciding on security features in common IoT products. [5] It also provides freely downloadable application programming interface (API) packages, architectural specifications, open-source firmware implementations, and related test suites. [6]
Following the development of the architecture security framework in 2017, the PSA Certified assurance scheme launched two years later at Embedded World in 2019. [7] PSA Certified offers a multi-level security evaluation scheme for chip vendors, OS providers and IoT device makers. [8] The Embedded World presentation introduced chip vendors to Level 1 Certification. A draft of Level 2 protection was presented at the same time. [9] Level 2 certification became a useable standard in February 2020. [10]
The certification was created by PSA Joint Stakeholders to enable a security-by-design approach for a diverse set of IoT products. PSA Certified specifications are implementation and architecture agnostic, as a result they can be applied to any chip, software or device. [11] [9] The certification also removes industry fragmentation for IoT product manufacturers and developers. [12]