Trusted Firmware Logo

Trusted Firmware-M v1.0-Beta: Enabling PSA Certification

Trusted Firmware| Monday, March 11, 2019|2 min read

Trusted Firmware-M (TF-M) was launched in March 2018, as the open source reference implementation of Arm Platform Security Architecture (PSA). As TF-M is heading towards its first anniversary, the project has achieved a significant milestone - v1.0-Beta enabling silicon platforms and Real Time Operating Systems (RTOSes) using TF-M to achieve PSA Certified™ Level 1 Security and Functional API certification under the newly launched PSA Certified programme.

TF-M v1.0-Beta tag made on 18th February provides the following functionality:

  1. Secure Boot ensuring integrity of Secure and Non-Secure images.
  2. PSA Level 1 Isolation separating Secure Processing Environment (SPE) from Non-Secure Processing Environment (NSPE).
  3. Secure Storage protecting the integrity and confidentiality of the sensitive assets in the system.
  4. Cryptographic Service providing cryptographic function to applications.
  5. Attestation Service providing a token formatted according to the IETF Entity Attestation Token (EAT) consisting of a series of claims enabling a relying party to determine the exact implementation of the PSA Root of Trust (PSA RoT) and its security state.

As shown in the TF-M Diagram below, Secure Storage, Crypto and Attestation Services can be availed through a set of PSA Developer APIs. This makes it easier for applications to make use of secure services across different PSA/TF-M enabled platforms using these PSA Developer APIs. TF-M

Obtaining PSA Functional API Certification involves running the PSA Developer API Test Suite on MuscaB1 against TF-M v1.0-Beta tag and passing all the secure storage, crypto and Attestation tests. PSA Level1 Certification involved answering the PSA Level 1 Questionnaire and submitting to one of the PSA Joint Stakeholder Agreement certification labs.

PSA Test Suite run against PSA Dev. APIs in TF-M

Arm’s IoT Reference Platform – Musca-B1 has got PSA Functional API certification and PSA Level 1 Security certification by using TF-M v1.0-Beta as the PSA Root Of Trust (RoT). TF-M and Musca-B1 were awarded the PSA Certified Trophy.

PSA Trophy

Author: Shebu Varghese Kuriakose

Recent Posts

post image
Trusted Firmware-M’s First Long Term Support (LTS) Release v2.1.0

Wednesday, May 22, 2024

Trusted Firmware-M’s First Long Term Support (LTS) Release: v2.1.0

post image
MBed TLS v3.6.0 Long Term Support(LTS) Release

Tuesday, April 16, 2024

MBed TLS v3.6.0 Long Term Support(LTS) Release

post image
Trusted Firmware OP-TEE v4.2.0 Release

Sunday, April 14, 2024

Trusted Firmware OP-TEE: v4.2.0 Release

post image
Trusted Firmware-A LTS v2.10.2 released!

Tuesday, February 20, 2024

Building on the 1st TF-A LTS in 2023, Trusted Firmware-A is pleased to announce the release of the second major LTS version- LTS v2.10 \[1], its first valid tag being lts-v2.10.2. The LTS is branched out of TF-A 2.10, the second 2023 TF-A Release \[Nov’2023]

post image
Trusted Firmware OP TEE Release 4.1.0

Thursday, January 18, 2024

Trusted Firmware OP TEE: v4.1.0 Release