aboutsummaryrefslogtreecommitdiff
path: root/docs/standards/psa_certification.rst
blob: e9a888c91493c0268da97b6c31ceb51a487d481f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
PSA Certification Requirements
==============================

Trusted services contribute to meeting PSA security requirements.  In the context of PSA certification, the scope and required
capabilities of supported trusted services are guided by:

    - The security primitives needed by system software for PSA level 1 checklist compliance.
    - Test coverage of the certification test suite used for PSA Functional API certification.

To determine what security primitives are needed, the 'system software' PSA scope has been used as a reference.  The current PSA
level 1 questionnaire is highly Cortex-M specific so some interpretation is needed to map requirements to Cortex-A based designs
that use a rich-OS such as Linux.  The following assessment is based on the assumption that the PSA system software scope
encompasses an entire Linux distribution.  The reference system software for the assessment will include:

    - TF-A.
    - Secure partition manager (OP-TEE with FF-A extensions performs this role).
    - Set of trusted services, deployed in S-EL0 secure partitions that are built-in to the OP-TEE image to allow early loading.
    - Normal-world boot loader.  EDK2 with Grub used as reference.
    - Linux kernel.
    - Root filesystem that includes generic services, libraries and program binaries.

Product developers will extend the base distribution to add application specific components.

PSA System Software Questionnaire Analysis
------------------------------------------

The following table lists PSA level 1 assessment questions with an attempt to identify the back-end security primitives that are
needed to meet the requirement.  The table is based on PSA Certified Level 1 Questionnaire Version 2.1.

.. list-table:: PSA Questionnaire Analysis
    :widths: 13 40 15 15 28
    :header-rows: 1

    * - Requirement
      - Summary
      - Depends on
      - TS used
      - Comment
    * - R1.1
      - | System software and application software update
        | verification using immutable root-of-trust.
      - Verify signed hash
      - Crypto
      - Depends on secure for persistent key storage.
    * - R1.2
      - | System software and application software update
        | anti-rollback protection.
      - Increment only NV counter
      - | Secure Storage (for protecting normal
        | world components)
      - | TF-A uses OTP fuses for early boot stages. This requirement is much more difficult to meet
        | on Cortex-A compared to M as
        | there are potentially many separately updatable components.
    * - R2.1
      - Protected device ID
      - Sign hash
      - Crypto
      - Depends on secure storage for persistent key storage.
    * - R2.2
      - Secure storage
      - Replay protected persistent storage, tied to device
      - Secure storage
      - | A filesystem mount that provided file storage with the required security properties would be
        | the conventional interface for user-space processes.
    * - R2.3
      - Crypto best practices
      - TRNG for random number and key generation
      - Crypto
      - Crypto service will need an entropy source.
    * - R3.1
      - Remote server authentication
      - Verify signed hash
      - Crypto
      - Depends on secure storage for persistent key storage.
    * - R3.2
      - Communication encryption
      - Kernel encryption support
      - None
      - Not a use-case for trusted services.
    * - R3.3
      - TLS authentication support
      - Sign & verify hash
      - Crypto
      - TLS library such as Mbed TLS needs to use Crypto service.
    * - R4.1
      - Provide attestation token for device life-cycle state
      - Secure life-cycle state variable, Sign message.
      - Attestation, Secure lifecycle, Crypto
      -
    * - R4.2
      - Unused functionality disabled
      - Secure life-cycle state variable
      - Secure Lifecycle
      - | Although the PSA questionnaire doesn't state this, in practice, the minimal capabilities
        | required will depend on the device lifecycle state. This will extend to all parts of the
        | system software, including trusted service capabilities.
    * - R4.3
      - Secure logging
      - Sign hash for non-repudiable log.
      - Crypto
      - | PSA questionnaire isn't specific about non-repudiation but for security auditing purposes,
        | this may be a requirement. For example, for industrial IoT applications where conformance
        | to IEC 62443 is important, verifiable log data that can be reliably traced, back to the
        | originating device is understood to be required.
    * - R4.4
      - Restricted log file access
      - File access control
      -	None
      - File access using standard Linux DAC or MAC if used.
    * - R4.5
      - Data on external interfaces checked defensively
      - Good coding practices in application components
      -
      - | The same could be applied for messages crossing any security boundary e.g. trusted service
        | interfaces. PSA only mentions external interfaces and critical APIs but for Cortex-A, this
        | likely to be insufficient.
    * - R4.6
      - Principle of least privileges
      - Use of Linux isolation, access control and other containment methods.
      -
      - | No direct dependency on trusted services but access to TS held assets must be controlled
        | according to principle of least privileges.
    * - R5.1
      - Passwords not resettable
      - Enforcing password policy
      -
      -
    * - R5.2
      - Password best practices
      - Enforcing password policy
      -
      -
    * - R5.3
      - User authentication using critical security parameters
      - Depends on auth method
      - Crypto (possibly)
      - | Requirement is not specific enough to determine if there is a trusted service dependency.
        | Dependency may be indirect, say to authenticate an Oauth2 server.
    * - R6.1
      - Externally applied configuration signed
      - Verify signed hash
      - Crypto
      - Similar to firmware update verification requirement.
    * - R7.1
      - Persistent storage of user data must support destructive erase
      - Destructive erase	secure Storage (possibly)
      - Secure storage
      - | File based storage with a filesystem mount with the required security properties would be the
        | conventional way to provide persistent storage to user-space processes.

Observations
------------

- All dependencies on the PSA Crypto service involve persistent keys.  Volatile key support is not needed for compliance.
- Applying R4.2 to system software doesn't really make sense.  The system software features that are needed are largely
  determined by the application software that implements the device functionality.  For a supplier of the base system software,
  a super-set of required functionality is likely to be the right offering but with the facility to allow features to be
  configured by device developers.  The ability to apply a configuration that limits functionality would be a more useful goal.
- Although the PSA certification document doesn't mention this, available device capabilities need to be a function of device
  life-cycle state.  For example, some features used during manufacture should not be available when a device is delivered to
  end users.
- It's hard to see anyone using the PSA Protected Storage API directly.  However, enabling a filesystem mount with equivalent
  security properties would be beneficial.  For example, a protected storage filesystem driver that uses the Protected Storage
  service as its back-end would be a good fit.  The PSA Protected Storage API would never be used directly by user-space
  applications.
- Logging with the guarantee of non-repudiation is really required to support audit use-cases.  Without that guarantee, it's
  just logging.

PSA Functional API Tests
------------------------

Functional API tests suites are currently available for:

    - PSA Crypto
    - PSA Attestation
    - PSA Storage

Running and passing API tests is not a requirement for PSA level 1 certification.  However, incorporating the API tests into the
trusted service test process is obviously beneficial as a way of demonstrating a defined set of functionality.

Functional API tests focus on valid behavior testing and are quite thorough in exercising all required functionality that can be
observed at each API.  To pass all tests, the service implementation needs to be complete, at least from a functional
perspective.

Test code depends on an implementation of the PSA C APIs for each service under test.

--------------

*Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.*

SPDX-License-Identifier: BSD-3-Clause