|
14 | 14 |
|
15 | 15 | ### Overview |
16 | 16 | Mbed PSA provides essential root of trust services and infrastructure for developing robust IoT applications. |
17 | | -When mbed-os is running on PSA Security Model compliant target, Mbed PSA helps to protect cryptographic assets, credentials, and critical code sections by providing an isolation between a Secure Processing Environment (SPE) and a Non-Secure Processing Environment (NSPE). The isolation is managed by Secure Partition Manager (SPM) which utilizes unique HW features available on the target. SPM provides standardized IPC APIs which abstract the fact that partitions could be living inside a virtualized environment (v8M, TEE on Cortex-A), or another chip. |
18 | 17 |
|
19 | | -Mbed PSA bridges the differences between PSA and Non-PSA targets for application developers, allowing to use same standard PSA APIs on both target types. |
| 18 | +When Mbed OS is running on PSA Security Model compliant target, Mbed PSA helps to protect cryptographic assets, credentials, and critical code sections by providing an isolation between a Secure Processing Environment (SPE) and a Non-Secure Processing Environment (NSPE). The isolation is managed by the Secure Partition Manager (SPM) which utilizes unique hardware features available on the target. The SPM provides standardized IPC APIs which abstract the fact that partitions could be living inside a virtualized environment (v8M, TEE on Cortex-A), or inside another chip. |
| 19 | + |
| 20 | +Mbed PSA bridges the differences between PSA platforms and Non-PSA platforms for application developers, allowing them to use the same standard PSA APIs on both platform types. |
20 | 21 | Mbed PSA provides PSA API compliance for developing robust IoT applications and |
21 | | -allows to choose target type at later phase according to final application threat model. |
| 22 | +allows to choose platform type at later phase according to final application threat model. |
22 | 23 |
|
23 | 24 | ### Platform types |
24 | 25 | Mbed PSA supports the following platform types: |
25 | | -- Non PSA platform - these are single core ARMv7-M targets. On these targets |
26 | | - Mbed PSA provides same PSA services exposing PSA APIs as it would on PSA targets. |
27 | | - PSA emulation layer allows seamless software portability to more |
28 | | - security oriented targets. |
29 | | -- Asymmetric Multiprocessing (AMP) systems - Multi core ARMv7-M targets (for example, PSoC6 |
30 | | - featuring CM4 and CM0+ cores). On these targets one of the cores is dedicated to PSA usage only and implements SPE. Mbed PSA provides PSA APIs proxy implementation on non-secure core, which redirects execution to SPE. |
31 | | -- ARMv8-M - new generation of ARM processors featuring TrustZone-M architecture. |
32 | | - PSA support for this platforms is in final stages of development and will be added to the list of Mbed PSA supported platforms shortly. |
| 26 | +- Non PSA platform: These are single core ARMv7-M targets. |
| 27 | +On these targets Mbed PSA provides the same PSA services exposing PSA APIs as it would on PSA targets. |
| 28 | +PSA emulation layer allows seamless software portability to more security oriented targets. |
| 29 | +- Asymmetric Multiprocessing (AMP) systems: Multi core ARMv7-M targets (for example, PSoC6 featuring CM4 and CM0+ cores). |
| 30 | +On these targets one of the cores is dedicated to PSA usage only and implements SPE. |
| 31 | +Mbed PSA provides PSA APIs proxy implementation on non-secure core, which redirects execution to the SPE. |
| 32 | +- ARMv8-M: New generation of ARM processors featuring TrustZone-M architecture. |
| 33 | +PSA support for this platforms is in final stages of development and will be added to the list of Mbed PSA supported platforms shortly. |
33 | 34 |
|
34 | 35 | ### Mbed PSA Services |
35 | 36 |
|
36 | | -Mbed PSA provides list of following services: |
| 37 | +Mbed PSA provides the following services: |
37 | 38 | - PSA RoT internal storage |
38 | 39 | - PSA Crypto APIs |
0 commit comments