For developers, it is tough to determine whether the software meets the IoT security requirements with Root of Trust (RoT), even if the code is open. An independent certificate scheme like PSA will be one of the criteria to ensure the RoT device, communication, and lifecycle security.
PSA Certified is an independent security evaluation scheme for Platform Security Architecture (PSA) based chips, system software, and internet-connected IoT and Edge devices. It establishes trust through a multi-level assurance program for chips containing a security component called an RoT that provides trusted functionality to the platform. The multi-level scheme has been designed to help device makers and businesses get the level of security they need for their use cases.
There are currently 47 PSA Certified chips and 19 system software available, according to the website. We consider that UNiD can be classified as the software executing in the Non-secure Processing Environment (NSPE). This morning, we reviewed the system software assessment questionnaire: consisting of 7 sections and 19 questions.
It is instrumental for us to organize and verbalize the UNiD's design and architecture issues that we usually consider and discuss, e.g., how to manage software versioning and anti-rollback mechanisms and address security lifecycle states while binding device identifiers.
I think UNiD can potentially fulfill the PSA assessment items. I will try to move forward a bit more and report any progress on this blog.
UNiD Edge SDK repo is available on our GitHub. Please come and visit if you want a deep dive into it.