Trusted Services v1.0.0-beta and enabling PSA Certified on Cortex-A devices
The Trusted Services project has made the first tagged release v1.0.0-beta. The release includes PSA Certified Secure Services that can be deployed on Cortex-A devices to meet PSA Certified requirements. The release also includes necessary build and test infrastructure and documentation content.
The project provides a framework for developing and deploying device root-of-trust services for A- profile devices. The services in the project exists as Firmware Framework-A Secure Partitions. The Secure Partitions are managed by a Secure Partition Manager Core (SPMC) running as part of a Trusted Operating System (e.g., OP-TEE) or Secure-EL2 Hypervisor (e.g., Hafnium) within a Trusted Execution Environment.
The release includes PSA Crypto, Storage and Attestation Secure Partitions exposing the PSA Certified Functional APIs, the same APIs available today on Arm v8-M Cortex-M platforms via Trusted Firmware- M. Additionally, UEFI SMM services are available through the SMM gateway Secure Partition. The services within the Secure Partitions can be invoked by applications for secure operations.
OP-TEE in 3.17 and later releases support Secure Partition Manager Core (SPMC). Details can be found here. The diagram below shows Trusted Services deployment on a reference platform.
Visit project documentation to find out more and subscribe to the mailing list to remain updated and get involved in the project. The TS roadmap can be found here. The project will make further releases as more features are added and improvements are made to supported features and documentations.