New FIPS 140-2 certification provides time savings for Arm security partners

Security is a top priority for the technology industry, especially now that mobile devices are used for payment and hold valuable private information. With so much sensitive data flying around our devices, platforms and systems, it becomes more and more vital for device manufacturers to be able to reassure both customers and regulators that they’re doing everything they can to protect this data.

What is FIPS 140-2?

FIPS 140-2 is one of the many standards introduced to help provide this reassurance. Owned by the National Institute of Standards and Technology (NIST), FIPS 140-2 specifies Security Requirements for Cryptographic Modules. Some items covered by FIPS 140-2 include:

  • the proper ways to handle sensitive encryption keys (e.g. disk encryption keys); and
  • the allowed algorithms for encrypting and authenticating code and/or data (for example, prohibiting the use of deprecated algorithms, which were found to be too weak).

As an IP provider, silicon designer or OEM, you are expected to identify the services your product is offering to customers, and then test these services against a specific set of rules set by the standards body.

What Arm is doing with FIPS 140-2

With this in mind, Arm took CryptoCell-712 through the FIPS 140-2 certification process, ensuring that certification is something partners can get directly from Arm before beginning their own engineering efforts. This means that with Arm IP, not only do partners get the best in class for hardware, software and firmware, they also get a pre-certified security sub-system that allows them to cut out years of engineering effort and get their products to the market faster. Moreover, Arm offers a comprehensive certification package including documentation that is free to reuse, as well as best practices on how best to utilize our certification for specific needs.

Arm CryptoCell FIPS certification boundaries

The certified services offered by Arm (full list available on the NIST website, notably table six) are much more than just crypto primitives – usable platform security services such as code loading (a.k.a. Secure Boot), authenticated debug, secure timer and others have all been included. Silicon designers or OEMs would be able to reuse these certified services as part of a more complicated feature that they want to certify, for example, user authentication required by an enterprise’s BYOD policy (see figure 2 for the high-level description). The comprehensiveness of this certification could also come in handy in case the plan is to certify the entire Trusted Execution Environment (TEE), such as one built around TrustZone.      

Processes running on Android device  

Huge savings and added reassurance

By joining the Arm ecosystem, all of our partners from SIPs to OEMs can capitalise on the efforts we’ve made to simplify the certification process, bringing huge savings to the customer and an added level of reassurance right down the line to the end user. This means that they can rest easy that their data has the best possible protection that the industry has to offer.

Learn more about Arm's security solutions