PSA Certified Level 4 iSE/SE has two use cases:
- It can be used by a vendor to certify a subset of the full PSA-RoT security functions (SFRs). This is the “RoT Component” use case, and the chip or IP vendor can achieve a PSA Certified Level 4 RoT Component logo.
- If the subset of SFRs meets the minimum required set specified for a Secure Element/ Secure Enclave then the chip vendor can achieve a PSA Certified Level 4 iSE/SE certificate. This can be used in composition to achieve a PSA Certified Level 3 + SE for the overall PSA-RoT.
A High Level of Attack Resistance
Achieving PSA Certified Level 4 iSE/SE or PSA Certified Level 4 RoT Component will enable chip & IP vendors to demonstrate that they provide a high level of protection from physical and software attacks to critical assets – secret crypto keys and crypto functions. PSA Certified Level 4 certifications use a higher attack potential (AP=25) than Level 3 certifications.
Growing Applicability
Attack methods get more sophisticated every year as advances in hacking equipment come to market. PSA Certified Level 4 certification of the chip’s trusted subsystem provides evidence of a strong trust anchor for the device and system.
Efficient Certification Through Composition
Certifying a subset of the full PSA-RoT SFRs at high attack potential is efficient when the certification can be reused later for the full PSA-RoT functionality. Chip vendors can save time and money when the same trusted subsystem components are used across chip families.
PSA Certified Level 4 iSE/SE and Level 4 RoT Component at a Glance
| Audience | Chip or IP Vendors |
| Scope | Trusted Subsystem, Secure Element or Secure Enclave |
| Threats | See PSA Certified Attack Methods document |
| Security Functional Requirements | See PSA Certified Level 4iSE/SE SESIP Profile |
| Evaluation Effort | Check with the evaluation lab (white box) |