Arm introduced the Platform Security Architecture (PSA) back in 2017 to make Internet of Things (IoT) chips more secure. Since then we’ve seen many PSA certified products such as Silicon Labs’ EFR32FG23 (FG23) and EFR32ZG23 (ZG23) Cortex-M33 microcontrollers with PSA Level 3 certification.
But as announced in 2017, PSA is architecture-agnostic, and the security architecture has gone beyond just certifying Arm microcontrollers, as shown by Espressif Systems who just announced that the ESP32-C6 RISC-V wireless microcontroller was now PSA Level 2 certified. The ESP32-C3 RISC-V MCU also achieved PSA certification earlier, but at the lower Level 1.
The PSA-L2 certification was mostly made possible thanks to the ESP-TEE (Trusted Execution Environment) firmware that provides hardware-enforced isolation to enhance security for operations such as cryptographic key management, secure boot verification, and firmware updates.
Espressif also reminded us of ESP32-C6’s hardware security features in the announcement:
- Physical Memory Protection (PMP) and Access Permission Management (APM)
- Digital Signature Peripheral
- Secure Boot
- Flash Encryption
Hardware Cryptographic Accelerators for AES, SHA, RSA, and ECC - Secure JTAG Mode so that only authorized debugging of devices is allowed without compromising device security.
Besides improving security, PSA Level 1-3 certifications may be needed in the future, or at least assist with the compliance with IoT security regulations such as the European Union’s Cyber Resilience Act (CRA), the U.S. Cybersecurity Improvement Act, the EU’s Radio Equipment Directive (RED), the UK’s Product Security and Telecommunications Infrastructure (PSTI).
The ESP32-C6 PSA Level 2 certification can be verified directly on the PSA website. The process has been handled by Espressif Systems India, and covers not only the SoC itself, but also several modules including the ESP32-C6-MINI-1 and ESP32-C6-WROOM-1 using ESP-TEE v1.0 firmware.
As noted above, it joins the ESP32-C3 RISC-V MCU, but also the ESP32-S3 Tensilica LX7 MCU, both of which got PSA Level 1 certified.
For reference, the PSA website has more details about the different PSA Levels:
- PSA Certified Level 1 is for device, software, and chip vendors who want to demonstrate that good security principles have been applied
- PSA Certified Level 2 is for chip vendors who want to use independent testing to show that their PSA Root of Trust (PSA-RoT) security component can protect against software attacks
- PSA Certified Level 2 + Secure Element is an additional PSA Certified certification which recognizes solutions that also have substantial physical protection for the cryptographic keys and cryptographic operations.
- PSA Certified Level 3 is for chip vendors who want to provide evidence that the PSA-RoT protects against substantial hardware and software attacks.
- PSA Certified Level 3 + Secure Element is an additional PSA Certified certification which recognizes solutions that also have substantial physical protection for the cryptographic keys and cryptographic operations.
- PSA Certified Level 4 iSE/SE is for chip vendors who use an integrated Secure Enclave or external Secure Element that provides a high level of robustness to physical and software attacks
- PSA Certified Level 2 or PSA Certified Level 3 RoT Component is a certification for IP components that provide a subset of the full PSA-RoT Security Functional Requirements.
Jean-Luc started CNX Software in 2010 as a part-time endeavor, before quitting his job as a software engineering manager, and starting to write daily news, and reviews full time later in 2011.
Support CNX Software! Donate via cryptocurrencies, become a Patron on Patreon, or purchase goods on Amazon or Aliexpress
