Trusted Firmware Logo

Trusted Firmware-M v1.0-Beta: Enabling PSA Certification

Trusted Firmware| Monday, March 11, 2019|2 min read

Trusted Firmware-M (TF-M) was launched in March 2018, as the open source reference implementation of Arm Platform Security Architecture (PSA). As TF-M is heading towards its first anniversary, the project has achieved a significant milestone - v1.0-Beta enabling silicon platforms and Real Time Operating Systems (RTOSes) using TF-M to achieve PSA Certified™ Level 1 Security and Functional API certification under the newly launched PSA Certified programme.

TF-M v1.0-Beta tag made on 18th February provides the following functionality:

  1. Secure Boot ensuring integrity of Secure and Non-Secure images.
  2. PSA Level 1 Isolation separating Secure Processing Environment (SPE) from Non-Secure Processing Environment (NSPE).
  3. Secure Storage protecting the integrity and confidentiality of the sensitive assets in the system.
  4. Cryptographic Service providing cryptographic function to applications.
  5. Attestation Service providing a token formatted according to the IETF Entity Attestation Token (EAT) consisting of a series of claims enabling a relying party to determine the exact implementation of the PSA Root of Trust (PSA RoT) and its security state.

As shown in the TF-M Diagram below, Secure Storage, Crypto and Attestation Services can be availed through a set of PSA Developer APIs. This makes it easier for applications to make use of secure services across different PSA/TF-M enabled platforms using these PSA Developer APIs. TF-M

Obtaining PSA Functional API Certification involves running the PSA Developer API Test Suite on MuscaB1 against TF-M v1.0-Beta tag and passing all the secure storage, crypto and Attestation tests. PSA Level1 Certification involved answering the PSA Level 1 Questionnaire and submitting to one of the PSA Joint Stakeholder Agreement certification labs.

PSA Test Suite run against PSA Dev. APIs in TF-M

Arm’s IoT Reference Platform – Musca-B1 has got PSA Functional API certification and PSA Level 1 Security certification by using TF-M v1.0-Beta as the PSA Root Of Trust (RoT). TF-M and Musca-B1 were awarded the PSA Certified Trophy.

PSA Trophy

Author: Shebu Varghese Kuriakose

Recent Posts

post image
MISRA Compliance Jumpstart

Monday, October 30, 2023

White Paper: Jumpstarting MISRA compliance via the integration of static analysis into Open Source CI systems: best practices and key elements from

post image
MCUboot v2.0.0 Release!

Monday, October 30, 2023

MCUboot v2.0.0 Release

post image
Trusted Firmware OP TEE Release 4.0.0

Friday, October 20, 2023

Trusted Firmware OP TEE: v4.0.0 Release

post image
MBed TLS 3.5.0 Released with new and smaller ECC implementation!

Thursday, October 19, 2023

Introduction The Mbed TLS project has released version 3.5.0 in October 2023. The release includes several code size optimizations including a new small footprint secp256r1 implementation accessible via PSA Crypto APIs. 3.5.0 also includes feature enhancements, bug fixes and security fixes. 2.28.5 released from the Mbed TLS...

post image
Trusted Services 1.0.0 released!

Friday, October 13, 2023

Introduction Building on the Beta version of the Trusted Services release, v1.0.0 is the first stable release of the project. The release comprises PSA Services that can be deployed on Cortex-A devices to meet PSA Certified requirements and, necessary build and test infrastructure and documentation.