Arm Limited selected TrustCB to be the Certification Body for the PSA Certified scheme.

PSA Certified is the independent security evaluation scheme for Platform Security Architecture (PSA) based IoT systems. It establishes trust through a multi-level assurance program for chips containing a security component called a Root of Trust (PSA-RoT) that provides trusted functionality to the platform.

There are three certification scopes:

  • The Chip – providing security features such as immutable storage, protection of debug features. This may be a System-in-Package (SiP) or a System-on-Chip (SoC) integrated on a board.
  • The RTOS (Real-Time Operating System) – software only component for the Non-Secure Processing Environment and any related libraries.
  • The Device – software components including Applications and libraries developed by an OEM and the confirmation of the RTOS for the device.

Currently applications for PSA Certified Level 1 (L1), PSA Certified Level 2 (L2) and PSA Certified Level 3 (L3) certifications can be submitted to TrustCB using the application forms posted on this page.

PSA Certified Level 1 Application

The following description of the application process for PSA Certified Level 1 (L1) is aimed at new vendors (Chip vendors, OS suppliers and OEM developers) wishing to submit their component for PSA Certified L1 security evaluation:

  1. Select your evaluation lab of choice from the list below.
  2. Work with selected evaluation lab to fill in the application form together.
  3. Download and complete the L1 questionnaire from PSA Certified Level 1.
  4. Submit the completed L1 questionnaire to the selected evaluation lab, together with the required supporting documentation, for the evaluation lab to perform the security evaluation.
  5. The evaluation lab will make a single submission of all the following evaluation documents to the certification body, TrustCB ([email protected]):
    1. Filled in (and signed) application form;
    2. Draft digital certificate details and any applicable product showcase documents (“webkit”);
    3. Completed questionnaire, signed by the vendor;
    4. Evaluation lab review report of the questionnaire;
    5. All other supporting documents provided by the vendor.
  6. Once accepted and the evaluation is passed, TrustCB will provide confirmation of the pass verdict to the vendor and evaluation lab, along with details of the EAN-13 identifier (if not provided by the developer already).
  7. You will receive the certificate, which will also be posted to PSA Certified.

PSA Certified Level 2 Application

The following description of the application process for PSA Certified Level 2 (L2) is aimed at new vendors wishing to submit their component for PSA Certified L2 security evaluation:

  1. Download and read the L2 profile from PSA Certified Level 2.
  2. Selects your evaluation lab of choice from the list below and requests the PSA Certified documentation from the evaluation lab:
    1. PSA Certified Level 2 Evaluation Methodology
    2. Attack Methods
    3. Example Security Target/Evidence.
  3. Download and work with your selected evaluation lab to fill in the application form together.
  4. Submit the application form and completed L2 profile to the certification body, TrustCB ([email protected]).
    1. Once the application is accepted TrustCB will issue the 18-digit number, globally unique reference, that will be used on the certificate.  (This globally unique reference is comprised of EAN-13 plus 5 digits encoding the Trusted Firmware revisions and new certification attempts.)
    2. TrustCB will also notify you and your evaluation lab of the certifier assigned to the certification.
  5. Prepare the package of information for the evaluation of your product and submit the package to the evaluation lab.
  6. Prepare the Target of Evaluation (TOE), a circuit board should be provided with a functioning instance of your Trusted Firmware, for testing by the evaluation lab.
    1. It is recommended that the board with the PSA Functional API test suite is delivered to the evaluation lab so that there is a known starting point for testing.
  7. The evaluation lab will perform the evaluation according to the Evaluation Methodology and Attack Methods documents.  The evaluation lab will prepare an Evaluation Technical Report which will be shared with you and the assigned TrustCB certifier. The evaluation lab will provide it with the draft digital certificate details and any applicable product showcase documents to TrustCB ([email protected]).
  8. Once the certifier has judged the TOE to have passed the evaluation, the certifier will provide confirmation of the pass verdict to the vendor and evaluation lab.
  9. You will receive the certificate, which will also be posted to PSA Certified.

PSA Certified Level 3 Application

The following description of the application process for PSA Certified Level 3 (L3) is aimed at new vendors wishing to submit their component for PSA Certified L3 security evaluation:

  1. Download and read the L3 profile from PSA Certified Level 3.
  2. Selects your evaluation lab of choice from the list below and requests the PSA Certified documentation from the evaluation lab:
    1. PSA Certified Level 3 Evaluation Methodology
    2. Attack Methods
    3. Example Security Target/Evidence.
  3. Download and work with your selected evaluation lab to fill in the application form together.
  4. Submit the application form and completed L3 profile to the certification body, TrustCB ([email protected]).
    1. Once the application is accepted TrustCB will issue the 18-digit number, globally unique reference, that will be used on the certificate.  (This globally unique reference is comprised of EAN-13 plus 5 digits encoding the Trusted Firmware revisions and new certification attempts.)
    2. TrustCB will also notify you and your evaluation lab of the certifier assigned to the certification.
  5. Prepare the package of information for the evaluation of your product and submit the package to the evaluation lab.
  6. Prepare the Target of Evaluation (TOE), a circuit board should be provided with a functioning instance of your Trusted Firmware, for testing by the evaluation lab.
    1. It is recommended that the board with the PSA Functional API test suite is delivered to the evaluation lab so that there is a known starting point for testing.
  7. The evaluation lab will perform the evaluation according to the Evaluation Methodology and Attack Methods documents.  The evaluation lab will prepare an Evaluation Technical Report which will be shared with you and the assigned TrustCB certifier. The evaluation lab will provide it with the draft digital certificate details and any applicable product showcase documents to TrustCB ([email protected]).
  8. Once the certifier has judged the TOE to have passed the evaluation, the certifier will provide confirmation of the pass verdict to the vendor and evaluation lab.
  9. You will receive the certificate, which will also be posted to PSA Certified.

PSA Certified Product Showcase materials

If the developer wants to showcase the products on psacertified.org, the additional information must be provided when the evaluation lab submits the draft digital certificate details. This must include good quality images of:

  • Developer logo, not less that 350px wide, in either jpg or png format.
  • Product image, minimum 800px wide, jpg format and isolated to  white (i.e. no background).

PSA Certified Labs

As designated by ARM, TrustCB is working with the following labs for the PSA Certified scheme:

  • Applus+ Laboratories
  • CAICT 
  • ECSEC Laboratory
  • Riscure
  • SGS Brightsight
  • UL