Mbed OS PSA
As the number of devices connecting to the Internet accelerates towards the Arm vision of one trillion connected devices, the need to ensure that these devices are secure and the data they provide is trustworthy is increasing. To address this, Arm publicly announced the Platform Security Architecture (PSA) initiative at TechCon in October 2017, offering an industry best practise framework for security. The PSA has been evolving ever since and now provides companies with everything they need to assess the threats IoT devices may face and combat the risk of compromise by accident or malicious intent, by using ‘right-sized’ compromise. This is incredibly important, as to truly unlock the power of IoT, the data that devices are contributing to cloud services must be from trusted sources.
Arm has announced PSA Certified™ - a new tangible, independent evaluation scheme, which aims to give businesses and government entities confidence that the devices they are deploying are secure and trustworthy. Here in the Mbed team, we’re pleased to announce that four of the devices that have already achieved PSA Certified Level 1 are using Mbed OS, along with firmware from the Trusted Firmware-M (TF-M) project, hosted at trustedfirmware.org, to meet the security needs of today’s IoT devices. We, along with our colleagues from the TF-M team, have been collaborating with teams from Cypress, Nuvoton, NXP, and ST over the past few months, working to provide their PSA-certified platforms with the secure software required to address and secure against ever demanding threat models. In addition, we have been providing our customers with IoT devices (using this combination of hardware and software) to deliver them industry-leading levels of security and provide trusted data from chip to cloud.
The following platforms have been confirmed as PSA Certified Level 1, and will support Mbed OS in our 5.12 release in March:
• Cypress PSoC6 P64
• Nuvoton M2351
• NXP LPC55S69
• ST STM32L552ZE
Mbed OS 5.12 release includes support for the initial three PSA services;
PSA Secure Storage
We have also extended the requirements and tests used to achieve our Mbed Enabled badge of quality to cover PSA Functional API certification for these three services, so now any platform from one of our many silicon partners can test for compliance as part of the Mbed Enabled process, accelerating the path to PSA Certification.
Mbed OS 5.12 Features in more detail
One of the central tenets behind PSA is the ability to provide secure partitioning to firmware developers. In its first iteration, secure partitioning divides the firmware into two partitions: SPE (for Secure Processing Environment) and NSPE (for Non-Secure or Normal Processing Environment).
The SPE is intended to provide all the security-related parts of the firmware. It shall contain as little code as possible, focus on providing secure services to the NSPE, and safeguard it from accidentally revealing secrets to the NSPE. Secure services are only available through a set of dedicated function calls.
By only accessing higher-level security calls, firmware developers can focus on functionalities offered by those services rather than the details of how they are achieved in practice. Most essentially: they do not have to know whether those functionalities are implemented in pure software or through the use of dedicated secure hardware.
Firmware architected this way is meant to be resistant to attacks corrupting the main application firmware. It also allows changing the underlying hardware to offer better protection without having to change a single line of code in the main application.
From a hardware point of view, separation can be achieved by taking advantage of Arm TrustZone for Armv8-M features. Separation can also be architected around a dual-processor system, where one processor is dedicated to running the secure parts, and the other one runs the main firmware image, with inter-processor communication being handled through shared memory or equivalent. PSA Secure Partition Manager is not architecture-specific and could run on any kind of processor, provided the same APIs are honoured.
Arm PSA is delivered with more than just APIs and specifications. Reference implementations are also provided as open-source projects meant for adoption and adaptation into the various real-time operating systems available in the embedded world.
Trusted Firmware- for Cortex-M (TF-M) is Arm's reference implementation for all PSA services. TF-M brings in all of PSA APIs into a portable pure software implementation meant to be adapted and ported to various platforms so PSA services can be used everywhere.
Since version 5.12, Mbed OS offers tight source-based integration with TF-M, where PSA services are brought in to provide PSA API compatibility.
More information about the TF-M project can be found on https://trustedfirmware.org
The obvious first candidate to move behind the security wall is cryptographic services. Cryptographic operations can be carried out by main firmware developers without having to deal with cryptographic key material directly. Keys are referred to by handle and only manipulated by the Secure Processing Environment (SPE), which returns computed results back to the NSPE.
PSA defines two levels of Cryptography API:
• The top level is meant for end-users. It has been carefully designed to be easy to learn and use, well documented, and agile: crypto algorithms are designated by labels and can be augmented without having to modify the API itself.
- The lower level is a Device Driver API. It has been designed to provide reference software implementations for all crypto primitives. These reference implementations are meant to be replaced by calls into hardware drivers wherever available.
PSA Cryptography services also have a reference implementation, a new project called Mbed Crypto, directly derived from the crypto parts of Mbed TLS. The new project organization splits into two interdependent parts:
Mbed TLS itself focuses on providing support for network security
Mbed Crypto focuses on providing support for crypto accelerators, hardware random number generators, secure elements, and software reference implementations for all crypto primitives
Developers who prefer to stick to legacy Mbed TLS versions will be able to do so as they will be maintained as TLS releases over the next three years.
The PSA Initial Attestation service allows devices to report about their own identity and status to a requesting remote entity. Things like hardware serial numbers, firmware versions, and life cycle status can be packaged into a small data report (less than 1kB).
This feature can serve several use cases. In no specific order:
• Devices can be associated to a trust level defined elsewhere, allowing service providers to know if a given class of devices are sufficiently secure to be trusted for the services they want to offer.
• Devices can be enrolled into services with their own identities, with confidence that their private keys will be stored with adequate protection.
• Attestations can be used as health reports, but they can also be used to report acquired data in a standard format.
PSA Secure Storage
The first version of PSA provides two forms of secure storage:
• PSA Internal Storage (ITS) is designed to store the most intimate device secrets inside the processor internal flash, considered secure enough to defend secrets against most attackers. Those secrets are only accessible to dedicated functions in the SPE. For example, the device identity and attestation keys are stored in ITS.
• PSA Protected Storage (PS) is a convenience offered to firmware developers to help them store confidential data onto external, untrusted storage like an SD card. Using that API, developers can be sure that data will be protected in integrity, protected against rollback, and possibly encrypted with a device-bound key.
Both forms of storage are based on key/value pairs. They do not replace a proper filesystem but are sufficiently simple to be easily ported to various platforms.
Mbed OS 5.12 implements PSA Secure Storage on top of its existing storage stack.
To find out more please click here