Arm Community
Arm Community
  • Site
  • User
  • Site
  • Search
  • User
Arm Community blogs
Arm Community blogs
Architectures and Processors blog New FIPS 140-2 certification provides time savings for Arm security partners
  • Blogs
  • Mentions
  • Sub-Groups
  • Tags
  • Jump...
  • Cancel
More blogs in Arm Community blogs
  • AI blog

  • Announcements

  • Architectures and Processors blog

  • Automotive blog

  • Embedded and Microcontrollers blog

  • Internet of Things (IoT) blog

  • Laptops and Desktops blog

  • Mobile, Graphics, and Gaming blog

  • Operating Systems blog

  • Servers and Cloud Computing blog

  • SoC Design and Simulation blog

  • Tools, Software and IDEs blog

Tell us what you think
Tags
  • CryptoCell-700
  • Security
  • Security IP
  • TrustZone
Actions
  • RSS
  • More
  • Cancel
Related blog posts
Related forum threads

New FIPS 140-2 certification provides time savings for Arm security partners

Udi Maor
Udi Maor
September 18, 2018
2 minute read time.

Security is a top priority for the technology industry, especially now that mobile devices are used for payment and hold valuable private information. With so much sensitive data flying around our devices, platforms and systems, it becomes more and more vital for device manufacturers to be able to reassure both customers and regulators that they’re doing everything they can to protect this data.

What is FIPS 140-2?

FIPS 140-2 is one of the many standards introduced to help provide this reassurance. Owned by the National Institute of Standards and Technology (NIST), FIPS 140-2 specifies Security Requirements for Cryptographic Modules. Some items covered by FIPS 140-2 include:

  • the proper ways to handle sensitive encryption keys (e.g. disk encryption keys); and
  • the allowed algorithms for encrypting and authenticating code and/or data (for example, prohibiting the use of deprecated algorithms, which were found to be too weak).

As an IP provider, silicon designer or OEM, you are expected to identify the services your product is offering to customers, and then test these services against a specific set of rules set by the standards body.

What Arm is doing with FIPS 140-2

With this in mind, Arm took CryptoCell-712 through the FIPS 140-2 certification process, ensuring that certification is something partners can get directly from Arm before beginning their own engineering efforts. This means that with Arm IP, not only do partners get the best in class for hardware, software and firmware, they also get a pre-certified security sub-system that allows them to cut out years of engineering effort and get their products to the market faster. Moreover, Arm offers a comprehensive certification package including documentation that is free to reuse, as well as best practices on how best to utilize our certification for specific needs.

Arm CryptoCell FIPS certification boundaries

The certified services offered by Arm (full list available on the NIST website, notably table six) are much more than just crypto primitives – usable platform security services such as code loading (a.k.a. Secure Boot), authenticated debug, secure timer and others have all been included. Silicon designers or OEMs would be able to reuse these certified services as part of a more complicated feature that they want to certify, for example, user authentication required by an enterprise’s BYOD policy (see figure 2 for the high-level description). The comprehensiveness of this certification could also come in handy in case the plan is to certify the entire Trusted Execution Environment (TEE), such as one built around TrustZone.      

Processes running on Android device  

Huge savings and added reassurance

By joining the Arm ecosystem, all of our partners from SIPs to OEMs can capitalise on the efforts we’ve made to simplify the certification process, bringing huge savings to the customer and an added level of reassurance right down the line to the end user. This means that they can rest easy that their data has the best possible protection that the industry has to offer.

Learn more about Arm's security solutions

Anonymous
Architectures and Processors blog
  • Introducing GICv5: Scalable and secure interrupt management for Arm

    Christoffer Dall
    Christoffer Dall
    Introducing Arm GICv5: a scalable, hypervisor-free interrupt controller for modern multi-core systems with improved virtualization and real-time support.
    • April 28, 2025
  • Getting started with AARCHMRS Features.json using Python

    Joh
    Joh
    A high-level introduction to the Arm Architecture Machine Readable Specification (AARCHMRS) Features.json with some examples to interpret and start to work with the available data using Python.
    • April 8, 2025
  • Advancing server manageability on Arm Neoverse Compute Subsystem (CSS) with OpenBMC

    Samer El-Haj-Mahmoud
    Samer El-Haj-Mahmoud
    Arm and 9elements Cyber Security have brought a prototype of OpenBMC to the Arm Neoverse Compute Subsystem (CSS) to advancing server manageability.
    • January 28, 2025