This page contains technical information about the cryptography interfaces in the Arm Platform Security Architecture (PSA) and related documents and software. For more information about the Platform Security Architecture, see the Arm Developer website.
The PSA Cryptography API is a C programming interface for applications that wish to store cryptographic keys and use them to perform cryptographic operations.
Status: beta — version 1.0.0 beta 3. Minor changes and clarifications are planned before 1.0. Additional features are planned for 1.x releases.
Reference documentation: HTML, PDF
Reference implementation: Mbed Crypto
PSA includes functional specifications describing a hardware abstraction layer covering cryptographic accelerators, secure elements and entropy sources.
The accelerator interface lets you drivers for cryptographic accelerators into an implementation of the PSA Cryptography API. Cryptographic accelerators perform cryptographic operations with keys in clear text.
For more information, see PSA cryptography accelerator driver interface.
The accelerator interface lets you drivers for external cryptoprocessors into an implementation of the PSA Cryptography API. External cryptoprocessors such as secure elements and smart cards perform cryptographic operations with keys accessed via opaque handles.
For more information, see PSA secure element driver interface.
The accelerator interface lets you drivers for entropy sources such as Hardware Random Number Generators (HRNG), also known as True Random Number Generators (TRNG), into an implementation of the PSA Cryptography API.
For more information, see PSA entropy source driver interface.
Arm welcomes feedback on the design of the PSA cryptography interfaces. If you think something could be improved, please open an issue on the Mbed Crypto Github repository. Alternatively, if you prefer to provide your feedback privately, please email us at mbed-crypto@arm.com. All feedback received by email is treated confidentially.