Arm Community
Arm Community
  • Site
  • User
  • Site
  • Search
  • User
  • Groups
    • Research Collaboration and Enablement
    • DesignStart
    • Education Hub
    • Innovation
    • Open Source Software and Platforms
  • Forums
    • AI and ML forum
    • Architectures and Processors forum
    • Arm Development Platforms forum
    • Arm Development Studio forum
    • Arm Virtual Hardware forum
    • Automotive forum
    • Compilers and Libraries forum
    • Graphics, Gaming, and VR forum
    • High Performance Computing (HPC) forum
    • Infrastructure Solutions forum
    • Internet of Things (IoT) forum
    • Keil forum
    • Morello Forum
    • Operating Systems forum
    • SoC Design and Simulation forum
    • 中文社区论区
  • Blogs
    • AI and ML blog
    • Announcements
    • Architectures and Processors blog
    • Automotive blog
    • Graphics, Gaming, and VR blog
    • High Performance Computing (HPC) blog
    • Infrastructure Solutions blog
    • Innovation blog
    • Internet of Things (IoT) blog
    • Operating Systems blog
    • Research Articles
    • SoC Design and Simulation blog
    • Smart Homes
    • Tools, Software and IDEs blog
    • Works on Arm blog
    • 中文社区博客
  • Support
    • Arm Support Services
    • Documentation
    • Downloads
    • Training
    • Arm Approved program
    • Arm Design Reviews
  • Community Help
  • More
  • Cancel
Arm Community blogs
Arm Community blogs
Internet of Things (IoT) blog Arm security APIs now open to contributions
  • Blogs
  • Mentions
  • Sub-Groups
  • Tags
  • Jump...
  • Cancel
More blogs in Arm Community blogs
  • AI and ML blog

  • Announcements

  • Architectures and Processors blog

  • Automotive blog

  • Embedded blog

  • Graphics, Gaming, and VR blog

  • High Performance Computing (HPC) blog

  • Infrastructure Solutions blog

  • Internet of Things (IoT) blog

  • Operating Systems blog

  • SoC Design and Simulation blog

  • Tools, Software and IDEs blog

Tags
  • Open Source Projects
  • iot security
  • Platform Security Architecture (PSA)
  • Open Source Software
Actions
  • RSS
  • More
  • Cancel
Related blog posts
Related forum threads

Arm security APIs now open to contributions

Nicolas Devillard
Nicolas Devillard
January 10, 2023
3 minute read time.

Arm has opened contributions to PSA Certified APIs on GitHub: A range of embedded software APIs designed to ease industry collaboration around best practices and software standards. The APIs target security integrations for billions of IoT applications running on ultra-constrained devices typically powered by Arm MCU processors and provide open standards for more secure software development. They have the backing of PSA Certified, a security framework certifying silicon, software, and devices across the industry.

The work is also part of the Arm Centauri project, a recent initiative making IoT development easier and faster. This project builds architecture agnostic standards that enable interoperability and a fast-track to best practice for software developers, across the full range of low-power Arm-based devices. Centauri relies on PSA Certified APIs for everything related to security and provides the other pieces of the puzzle for standardizing APIs to commonly used hardware.

Developers creating ultra-constrained devices have many system software options available to consider. There are hundreds of real-time operating systems, libraries, and peripherals to choose from.

While diversity is good for software, fragmentation does not help when establishing common best practices around security. Arm’s initiative through PSA Certified APIs is to level the field for the integration of Roots of Trust, by providing a common set of low-level, standard APIs that are likely to help implement secure operations on those devices.

PSA Certified APIs define a set of functions and symbols in C, providing common services for embedded systems regardless of the underlying hardware. Those API sets are split into four chapters:

  • Crypto API defines how to achieve basic crypto operations.
  • Attestation API defines an attestation token and a generation function.
  • Storage API defines a small set of get and set functions to securely store data.
  • Firmware Update API defines a flow for securely updating firmware.

Arm started working on the definition of the APIs in 2018, gathering inputs from partners to ensure all topics are correctly covered and they can be implemented in software and hardware. The API specifications have been public for a few years now. Today we are proud to open them up on github.com for anyone wishing to contribute, correct bugs, suggest new functions, or address new topics around security for ultra-constrained devices.

Documentation is available from https://arm-software.github.io/psa-api/
The GitHub repository can be found at: https://github.com/ARM-software/psa-api

As a reminder: the APIs are not architecture-specific, they can be implemented on any microcontroller. We already have a reference implementation of the Crypto API inside the Mbed TLS project and all PSA Certified APIs in TF-M.

Partners implementing their own solutions behind the APIs can validate their compliance to the specification by running our PSA Certified API Compliance suite, available from GitHub. PSA Certified delivers compliance certificates which can be used to showcase your products by displaying the logo on your product site.

PSA Certified APIs define a contract between developers seeking to use secure services and vendors of secure solutions. Please have a look at those specifications and help us steer them towards something that will change the way secure firmware is developed.

Developers working on more powerful A-class systems may be interested to know that the PSA Certified Crypto API has been made available as a Linux micro-service running in user space. A similar open-source initiative, PARSEC, fully implemented in Rust, makes the same APIs available in Rust and various other programming languages. Crypto services are handed over to crypto capability providers like a TPM, a secure element, a partition running in a trusted execution environment, or just a crypto software library running in user space.

This is good news to everyone who has ever had to deal with painful crypto integrations. These APIs are not just one more standard, they aim to fundamentally solve the Crypto API issues that have plagued security developers for more than two decades.

Read the PSA Certified API Specifications

Anonymous
Internet of Things (IoT) blog
  • Secure device updates on Matter

    Nicolas Devillard
    Nicolas Devillard
    Exploring how Arm and its partners are helping to enable the secure update of Matter devices in the electronics industry.
    • January 26, 2023
  • Arm security APIs now open to contributions

    Nicolas Devillard
    Nicolas Devillard
    Arm has opened contributions to a range of APIs on GitHub designed for faster low power Internet of Things software development, targeting best practice security integrations and updatability.
    • January 10, 2023
  • Matter development, BLE commissioning and Wi-Fi control using Arm Virtual Hardware

    Sandeep Mistry
    Sandeep Mistry
    A deeper dive into developing with the Matter protocol with BLE commissioning and Wi-Fi using Arm Virtual Hardware.
    • December 8, 2022