At Arm DevSummit 2022, Arm and partners are delighted to announce the availability of the new PSA Certified Firmware Update API. This API addresses the long-standing challenges of keeping IoT devices secure and up-to-date and secure throughout the full life cycle. The API provides a standard way of supporting firmware updates, aligns with established industry standards and is available to try today in your next IoT project. It also enjoys the backing of major players across the IoT space. Finally - and perhaps most exciting of all - it is the first result from an industry-wide initiative we call Project Centauri. This initiative aims to make IoT development easier and faster.
Anyone who has developed for IoT knows that security is key. In its 2022 Security Report, PSA Certified reveals 44 percent of IoT decision-makers surveyed cite over-the-air (OTA) updates as one of the top three factors in creating secure devices. However, it remains a significant challenge. Building secure applications on a microcontroller (MCU) that can be patched and kept up to date over the lifetime of a device is complex and fraught with pitfalls. The need for specialist in-house expertise, along with the difficulty when applying new proven solutions and lack of standards mean it is very easy to get locked into a technology backwater. Even if you have a solution, it is still challenging to provide your end users with the assurance that it really is secure.
The lack of standardized solutions also means that many developers and OEMs end up doing over the same work to provide update mechanisms. In effect, developers duplicate effort on functionality that (a) is not really a differentiator, and (b) is super-critical to ensure our devices work reliably and securely. This takes time and effort and brings costs that could be avoided. For this reason, some of the biggest device manufacturers have been talking to us about their need for a standard firmware update solution for MCU devices.
For example, Flex is a global supply chain and manufacturing solutions provider that design and builds products for a diverse customer base. Marco De Angeli, from the Milan Design house at Flex recently commented on the release of the Firmware Update API.
“As a member of the Project Centauri partner ecosystem, Flex is committed to establishing secure connectivity standards across multiple industries. We are actively applying these standards to healthcare and connected medical device applications where quality, security, and seamless connectivity are essential to transform healthcare and improve lives. This standard gives our customers the confidence that updates can be reliably and securely applied to devices in the field. We look forward to the release and widespread adoption of the PSA Certified Firmware Update API.”
Flex is not alone. Shawn Lin, an IoT Product Manager at AAEON, a company who manufactures and markets a wide range of OEM and ODM products worldwide, said:
"Our customers are asking us for a way to securely update devices in the field. The lack of standards means this has been a challenge to deliver in a consistent way, potentially increasing the risk of operation failure. The new PSA Certified Firmware Update API provides a standard update mechanism for the MCU devices we use. We look forward to offering this full secure update solution on our future gateway products and continuing our work with Arm on Project Centauri to deliver this solution to our customers.”
Earlier this year we invited a group of specialists from 14 different organizations across the IoT space to join us in a technical working group. This group was set on defining an open, architecture-agnostic firmware update API. The group included major silicon providers, big hyperscalers, OEMs, ODMs, and developers. We all took the decision to release the API as a PSA Certified API. PSA Certified is one of the fastest growing, most valued security ecosystems. It breaks down the barriers to building secure devices. When a product is PSA Certified, it gives users a clear assurance that it has been built with security principles in mind. This conforms to an established industry standard. It was therefore incredibly important that our Firmware Update API could be part of the rich bank of PSA resources and APIs. This broadened access to the solution across the industry is aligned with the best security standards.
This API does not replace the firmware update services and clients from major IoT service providers, such as AWS or Azure. Rather, it provides a basic mechanism on the device that the ecosystem can rely on to ensure a firmware image is applied securely. The API has well understood semantics in the case of error and protection against rollback attacks. Figure 1 shows where the Firmware Update API sits in the IoT software stack. Effectively it defines a standard interface for applying a new firmware image, which can take advantage of the security features of a secure root of trust. Processors like the Cortex-M33, M55 and M85, which support TrustZone for Cortex-M, are ideal candidates, but this API can be supported on any modern MCU.
Today (October 26), we are releasing the PSA Certified Firmware Update API 1.0 header file for public availability, along with a final draft of the Update Specification. The specification will be ratified once an implementation is published in the forthcoming 1.7 release of TrustedFirmware-M (TF-M). This open-source project provides a full reference implementation of MCU security software and includes support for all the PSA Certified Functional APIs. Developers and OEMs can use TF-M as a trusted code base for their applications.
Figure 1: Where the Firmware Update API sits in the IoT software stack
Sakae Ito, VP, IoT Platform Business Division at Renesas Electronics, had the following to say on the importance of the firmware update and release of the specification:
“Security is essential to scaling the IoT. Our Renesas RA Family MCUs feature Arm TrustZone technology and our integrated Secure Crypto Engine to provide the essential foundations of a secure IoT application. However, we also see the need for devices to be updated throughout their deployment in the field. For this reason, we welcome the finalisation of the PSA Certified Firmware Update API, which provides a standard way to update the firmware on an IoT device, independent of any given device management service. We look forward to working with other partners in Arm's Project Centauri, to see widespread adoption of firmware update mechanisms across the industry.”
Various vendors have implemented support for a draft version of the API and it has been successfully integrated with device update services from AWS and Azure. This means that today developers can access working software and examples that show how to include secure firmware update into their applications. Liya Du, Principal Program Manager at Microsoft, describes how the team were able to utilize the Firmware Update API to demonstrate how it could work with the Azure Device Update client:
“Having the ability to obtain an over-the-air update reliably and securely is always a crucial feature for any connected IoT device. We have collaborated with Arm as part of their Project Centauri to agree to an industry standard regarding the device firmware update interface. As a result, the Azure Device Update client within Azure RTOS can now work with the PSA Certified Firmware Update API to guarantee end-to-end security of the firmware update process.”
Daniel Colonna, Marketing Director of the GPM division at STMicroelectronics, also welcomed the release:
“For IoT to scale, security needs to be considered from the ground up and needs to evolve as new threats and vulnerabilities are discovered. For this reason, it is essential to be able to update a devices firmware once in the field and to do that securely. ST welcomes the release of the PSA Certified Firmware Update API, a standard way to update devices regardless of the management service being used.”
The way we like to solve hard problems at Arm is by working in partnership with others to meet common challenges. This often means providing open-source software and industry wide standards. PSA Certified Firmware Update is the first output of Project Centauri. This is a long-term project developed by Arm and our partners to make it easier and faster to build secure MCU-based IoT applications. Our goal is to have a simple set of APIs that developers can rely on to build portable, secure IoT applications. This spans across a diverse range of hardware using both physical boards and virtual hardware. The set of APIs are called a Common Device Interface (CDI), which is an idea that has wide-scale appeal. Sharon Hagi, Chief Security Officer, Silicon Labs, says:
"Security is foundational to all IoT products at Silicon Labs. Building on our long-standing support for PSA Functional APIs, such as Crypto and Secure Storage, we welcome the publication of the new PSA Certified Firmware Update API specification. We look forward to working with Arm on the definition of a wider Common Device Interface (CDI) as part of Project Centauri. This will simplify and accelerate chip-to-cloud secure development and deployment based on Silicon Labs connected devices.”
There are plenty more news on CDI to come in future months, so stay tuned for more details. We are also working with our partners to identify other challenges they face and where we can use standards and open-source software to work together. In that spirit, please tell us about the challenges you face in the comments.
In the meantime, you can expect to see the PSA Certified Firmware Update API being supported on an increasing number of platforms. High quality open-source implementations will be freely available based on TrustedFirmware. We also want to add to the initial version of the standard with enhanced update capabilities. These capabilities include partial update and update of individual components, such as machine learning models.
Check out what some of our partners have to say about Open-CMSIS-CDI and the future work as part of Project Centauri.
“At China Mobile, we understand the importance of being able to update devices in the field and being able to do that in a secure manner. The publication of the new PSA Firmware Update API is very much welcomed, and we look forward to working further with Arm on defining the Open-CMSIS-CDI specification as part of Project Centauri.” Meng Li, Vice GM of Operating System Product Department of China Mobile IoT.
“Fragmentation and increased complexities in IoT software present many challenges for the industry to evolve. To address these problems and remove barriers for large-scale adoption of the IoT, we are really excited to be working with Arm and the ecosystem on Project Centauri. By ensuring open and secure standards, such as Open-CMSIS-Pack, Open-CMSIS-CDI and PSA Certified, are widely adopted, the whole industry can benefit.” Leo Zou, RT-Thread COO.
“At Infineon, our commitment to standardization around secured hardware and software is shown by our PSA/SESIP Certified Products like our PSoC Microcontrollers. We provide all PSA Certified API’s as part of our ModusToolbox Software and look forward to updating and providing the latest Firmware Update API Specification to our developers.” Danny Watson, Director, Software Product Manager.
We are really excited to be sharing the PSA Certified Firmware Update API with you. We invite you to try the software and examples showcased in our Arm DevSummit 2022 talk: Build and Update your IoT Applications Quickly and Securely: Introducing Project Centauri.
[CTAToken URL = "https://devsummit.arm.com/flow/arm/devsummit22/register/page/info" target="_blank" text="Register for Arm DevSummit 2022" class ="green"]