Overview of PSA Compliance

PSA is a concept originated by Arm and managed by third party labs and certification authorities, with the goal of standardizing the security methods across the varying types of connected devices in the semiconductor industry. It provides established best practices, as well as documentation and methods to determine whether a given device meets the outlined standards.

PSA protects sensitive assets (keys, credentials and firmware) by separating them from the application firmware and hardware. It defines a Secure Processing Environment (SPE) for this data, the code that manages it, and its trusted hardware resources.

The "Updatable and Immutable Areas" figure shows the updatable and the immutable (non-changable) parts of an RSL15-based system that is intended for PSA compliance and follows the PSA Device Model guidelines. This clearly shows the secure bootloader in relation to the other parts of the system. The secure bootloader forms part of the chip scope, but is also part of the updateable components.

Figure: Updatable and Immutable Areas

Similar to the PSA documentation and references available online, we use the following terms in this documentation:

Entity

The device about which the attestation provides information

Manufacturer

The company that made the entity. This can be a chip vendor, a circuit board module vendor, or a vendor of finished consumer products.

Relying Party

The server, service or company that makes use of the information in the Entity Attestation Token (EAT) about the entity. (See Attestation Token for more information about the EAT.)