Platform Security
The platform security resources help developers to achieve PSA Certified on Arm-based platforms. All resources on this page are designed for M- and A-profile IoT-devices and are developed and made freely available by Arm and its partners.
Define Security Requirements
Threat modelling helps product architects identify and prioritize security requirements. Arm has created a standard security model and three example Threat Model and Security Analysis (TMSA) documents that can be downloaded and edited for specific use cases.
Top-level requirements for the secure design of all products, outlining the key goals for designing products with known security properties. We recommend security architects read this document first.
Architect and Implement Platform Security
Although every product is unique, the use of standard design patterns and implementations can dramatically simplify development, reduce maintenance, and allow greater reuse. In support of these goals, Arm has published and maintains a set of freely available hardware and firmware specifications, ABIs, APIs, and test suites. Arm also contributes to a number of open-source reference implementations of these specifications.
Platform Security Requirements (PSR)
This document specifies the bare-minimum security requirements expected of system-on-chips (SoC) across multiple markets.
Platform Security Boot Guide
(BOOT-PSG)
This specification, formerly called Trusted Boot and Firmware Update (PSA-TBFU), outlines the system and firmware technical requirements for firmware boot and update.
Authenticated Debug Access Control Specification (ADAC)
This specification defines an extensible method for how to build strong authentication into the debug process.
Firmware Framework for M (FF-M)
Specification for a standard programming environment and fundamental Root of Trust (RoT) for secure applications on an M-profile product.
FF-M Extensions
The FF-M Extensions document introduces a set of updates and extensions to the Firmware Framework for M specification (DEN 0063). This separate extensions document enables wider review and feedback on proposed changes. When the proposed extensions are sufficiently stable, they will be integrated into the latest version 1.1 of DEN0063.
Trusted Base System Architecture for M (TBSA-M)
Hardware requirements specification for Armv8-M products, including best-practice recommendations for Armv6-M and Armv7-M.
Trusted Firmware-M
Provides reference implementation of secure-world software to implement threat mitigations defined in common use cases.
Firmware Framework for A (FF-A)
Specification for a standard programming environment and fundamental root of trust for secure applications on an A-profile product.
Firmware Architecture for Firmware Updates on A-class Devices
This document defines the standard infrastructure to enable robust FW updates on A-class products.
Platform Security Guide for
A-Profile (PSG-A)
This guide contains recommendations for designing systems based on Arm processors to meet the security requirements described in Platform Security Requirements (PSR).
Trusted Firmware-A (TF-A)
Provides reference implementation of Secure-World software for Arm A-profile processors.
Implement
An open-source firmware reference implementation, PSA Certified APIs, and an API test suite. Providing developers with a trusted code base that complies with platform security specifications, and security APIs that create a consistent interface to underlying Root of Trust hardware.
Cryptography API
Cryptography API provides symmetric and asymmetric key, Hash, RNG, and key storage services with support for different key lifetime policies.
Secure Storage API
Supports data protection services on the device, providing integrity and confidentiality protection.
Attestation API
Provides a way to obtain a health- check token from the device, attesting to its components and serial numbers.
Firmware Update API
Defines a standard firmware interface for installing firmware updates.
PSA API Test Suites
A test suite to verify the correct implementation of APIs in your system.
Verifiable Security
While many organizations have robust internal security development lifecycles, an independent external assessment is extremely useful. An independent evaluation can help increase the number of issues found and fixed before a product is released to market and can provide additional assurance to your customers.
PSA Certified is an independent evaluation and certification scheme developed by Arm and its security partners. The scheme tests and certifies that products meet PSA Certified security requirements.
Learn more about PSA Certified, access more resources, and find out how to get started with the certification process.
Arm Support
Arm training courses are available to help you realize maximum performance with minimal risk and fast time-to-market. Find out more about our specific training courses for Threat Modelling and security IP.