ARM Introduces PSA (Platform Security Architecture)
Subject: Processors | October 24, 2017 - 02:12 AM | Josh Walrath
Tagged: arm, cortex, mali, PSA, security, TrustZone, Platform Security Architecture, amd, cortex-m, Armv8-m
It is no wonder that device security dominates news. Every aspect of our lives is approaching always connected status. Whether it is a major company forgetting to change a default password or an inexpensive connected webcam that is easily exploitable, security is now more important than ever.
ARM has a pretty good track record in providing solutions to their partners to enable a more secure computing experience in this online world. Their first entry to address this was SecurCore which was introduced in 2000. Later they released their TrustZone in 2003. Eventually that technology made it into multiple products as well as being adopted by 3rd party chip manufacturers.
Today ARM is expanding the program with this PSA announcement. Platform Security Architecture is a suite of technologies that encompasses software, firmware, and hardware. ARM technology has been included in over 100 billion chips shipped since 1991. ARM expects that another 100 billion will be shipped in the next four years. To get a jump on the situation ARM is introducing this comprehensive security architecture to enable robust security features for products from the very low end IoT to the highest performing server chips featuring ARM designs.
PSA is not being rolled out in any single product today. It is a multi-year journey for ARM and its partners and it can be considered a framework to provide enhanced security across a wide variety of products. The first products to be introduced using this technology will be the Armv8-M class of processors. Cortex-M processors with Trusted Firmware running on the Mbed OS will be the start of the program. Eventually it will branch out into other areas, but ARM is focusing much of its energy on the IoT market and ensuring that there is a robust security component to what could eventually scale out to be a trillion connected products.
There are two new hardware components attached to PSA. The first is the CryptoIsland 300 on-die security enclave. It is essentially a second layer of hardware security beyond that of the original TrustZone. The second is the SDC-600. This is a secure debug port that can be enabled and disabled using certificates. This cuts off a major avenue for security issues. These technologies are integrated into the CPUs themselves and are not offered as a 3rd party chip.
If we truly are looking at 1 trillion connected devices over the next 10 years, security is no longer optional. ARM is hoping to get ahead of this issue by being more proactive in developing these technologies and working with their partners to get them implemented. This technology will evolve over time to include more and more products in the ARM portfolio and hopefully will be adopted by their many licensees.