Arm has opened contributions to PSA Certified APIs on GitHub. These APIs are embedded software APIs designed to facilitate industry collaboration around best practices and software standards. They focus on security integrations for billions of IoT applications running on ultra-constrained devices powered by Arm MCU processors, and they provide open standards for more secure software development. The PSA Certified APIs are backed by PSA Certified, a security framework certifying silicon, software, and devices across the industry.
This work is part of the Arm Centauri project, an initiative aimed at making IoT development easier and faster. The project builds architecture agnostic standards for interoperability and best practices for software developers working with low-power Arm-based devices.
Developers creating ultra-constrained devices have many system software options available, including hundreds of real-time operating systems, libraries, and peripherals. While diversity is good, fragmentation does not help when establishing common best practices around security. Arm’s initiative through PSA Certified APIs is to level the field for the integration of Roots of Trust and provide a common set of low-level, standard APIs for implementing secure operations on those devices.
PSA Certified APIs define a set of functions and symbols in C, providing common services for embedded systems regardless of the underlying hardware. Arm began working on the APIs’ definition in 2018, gathering inputs from partners to ensure comprehensive coverage of all topics.
As a reminder, the APIs are not architecture-specific and can be implemented on any microcontroller. Arm has provided a reference implementation of the Crypto API inside the Mbed TLS project and all PSA Certified APIs in TF-M. Partners implementing their own solutions behind the APIs can validate their compliance to the specification by running Arm’s PSA Certified API Compliance suite, available from GitHub.
PSA Certified APIs define a contract between developers seeking to use secure services and vendors of secure solutions. The aim is to fundamentally solve the Crypto API issues that have plagued security developers for more than two decades.
The documentation for PSA Certified APIs is available at https://arm-software.github.io/psa-api/ and the GitHub repository can be found at https://github.com/ARM-software/psa-api.
For developers working on more powerful A-class systems, the PSA Certified Crypto API has been made available as a Linux micro-service running in user space. Additionally, PARSEC, fully implemented in Rust, makes the same APIs available in Rust and other programming languages.
Overall, the aim of PSA Certified APIs is to change the way secure firmware is developed, and anyone is welcome to contribute, correct bugs, suggest new functions, or address new topics around security for ultra-constrained devices on GitHub.
Read the PSA Certified API Specifications