PSA Certified has become the established standard for chip vendors wanting to get an independent evaluation of the robustness of their root of trust (RoT). Recently at Embedded World 2024 we revealed that we had surpassed the milestone of 200 certificates on the PSA Certified website, many of them microcontrollers and microprocessors. Since the inception of PSA Certified, the scheme has been based on three key PSA Certified levels for chip vendors:
- PSA Certified Level 1 – the chip has a basic RoT and the developer has made written responses that have been assessed by an independent lab and certification body.
- PSA Certified Level 2 – the chip’s RoT has been lab tested against basic software attacks.
- PSA Certified Level 3 – the chip’s RoT has been lab tested against substantial physical and software attacks.
As the connected device landscape has matured, and artificial intelligence has accelerated new use cases, there’s been a growing desire for chip vendors to demonstrate a high level of resistance to physical and software attacks. Understanding the robustness of chips is particularly useful to OEMs that need to protect high value assets or brands, for example;
- A high-end smart lock, which needs a a strong trust anchor that could be used to decrypt and verify over-the-air (OTA) updates.
- Industrial and safety-critical use cases that need to support system recovery and stronger authentication.
- AI-enabled edge systems, or highly robust RoT in a infrastructure chip to protect critical assets and maintain system integrity.
Introducing PSA Certified Level 4 iSE/SE
Every week the PSA Certified JSA (the group of companies maintaining PSA Certified) meet to discuss ever-changing security requirements, and any tweaks we may want to make to the scheme to address emerging threats. For the last year, we’ve been working hard on the right fit to address the emerging AI landscape, in a way that fits the electronics industry. Our solution is the creation of “PSA Certified Level 4 iSE/SE” and “PSA Certified Level 3+SE” to fill this gap.
First for a bit of background, let’s look at how these two new levels fit with the rest of the scheme. The DNA of PSA Certified is composition, it’s about assessing the right parts of your system at the right level. In late 2022 we introduced PSA Certified Level 2 + Secure Element (SE) SESIP Profile. This is a useful addition to the scheme, that allowed vendors to assess a component part of the chip – the Secure Enclave or Secure Element (the “SE” bit) – at PSA Certified Level 3. This protects the critical assets such as private keys and crypto from substantial physical and software attacks. The rest of the PSA-RoT is assessed at PSA Certified Level 2 which is typically implemented as a Trusted Execution Environment (TEE) isolated with TrustZone® technology.
PSA Certified Level 2 + Secure Element (SE) recognises that many chip RoT systems are put together as a combination of a TEE and a trusted subsystem such as a secure enclave or secure element.
With PSA Certified Level 3 + Secure Element (SE) we have taken this a stage further: the Secure Enclave/Secure Element part now provides high attack resistance and the rest of the PSA-RoT needs to protect against PSA Certified Level 3 substantial attacks. In this new PSA Certified Level 3 + Secure Element (SE) the “SE” part must have first been certified using PSA Certified Level 4 iSE/SE at high attack potential.
With the publication of PSA Certified Level 4 iSE/SE and PSA Certified Level 3 + Secure Element (SE) SESIP Profiles the scheme adds the final level of “High robustness” to the existing substantial and basic levels. Chip vendors can now use PSA Certified for their complete line up and OEMs can choose the appropriate level of chip RoT robustness for their application, from PSA Certified Level 1 to PSA Certified Level 3 + Secure Element (SE).
Enabling Confidence in Connected Devices
Shortly after the announcement of PSA Certified Level 4 iSE/SE, Infineon also announced that their new PSOC™ Edge E8x MCU product family has been designed to meet the PSA Certified Level 4 iSE/SE. They also announced they are the first in the lab at SGSBrightsight, one of the original PSA Certified co-founders, and hope to be the World’s first PSA Certified Level 4 iSE/SE solution in the near future.
Infineon believe that wearables and smart home applications will benefit from this heightened level of security, offering extra confidence in the security of products. You can hear more from Infineon, alongside PSA Certified co-founders, Arm and SGSBrightsight on PSA Certified Level 4 in the video below.
The PSA Certified ecosystem truly believe that connected device security is critical to scaling IoT deployments, and we’re proud to have 200 certifications from 90 different partners who are proactively building security into the heart of their designs. We applaud Infineon’s ongoing commitment to robust device security by striving to achieve PSA Certified Level 4 iSE/SE for its new family of MCUs, and we look forward to seeing more from the silicon ecosystem in due course!