Overview of PSA Compliance
PSA is a concept originated by Arm and managed by third party labs and certification authorities, with the goal of standardizing the security methods across the varying types of connected devices in the semiconductor industry. It provides established best practices, as well as documentation and methods to determine whether a given device meets the outlined standards.
PSA protects sensitive assets (keys, credentials and firmware) by separating them from the application firmware and hardware. It defines a Secure Processing Environment (SPE) for this data, the code that manages it, and its trusted hardware resources.
The "Updatable and Immutable Areas" figure shows the updatable and the immutable (non-changable) parts of an RSL15-based system that is intended for PSA compliance and follows the PSA Device Model guidelines. This clearly shows the secure bootloader in relation to the other parts of the system. The secure bootloader forms part of the chip scope, but is also part of the updateable components.
Similar to the PSA documentation and references available online, we use the following terms in this documentation:
Entity
The device about which the attestation provides information
Manufacturer
The company that made the entity. This can be a chip vendor, a circuit board module vendor, or a vendor of finished consumer products.
Relying Party
The server, service or company that makes use of the information in the Entity Attestation Token (EAT) about the entity. (See Attestation Token for more information about the EAT.)