When asked if chips made from processor cores and secure IP from RISC-V and others could be PSA certified, Ronco re-iterated that PSA Certified is not ISA-specific. Right now, PSA Certified is gaining traction from the ARM ecosystem partners because it gives them a point of differentiation, Ronco said.
"The PSA is a methodology for security and covers things like roots of trust, methods of authentification, threat models and so on. What is also important is that it provides a consistency around the language," he said. The language consistency is important for helping engineers understand and communicate the issues around security.
The three defined security levels are there because one size does not fit all and maintaining security is about managing risk and applying the appropriate level of engineering resources, Ronco said.
Similarly given that security threats will change over time it becomes necessary that there is over-the-air updating of security, Ronco said, which in turn means there needs to be a secure method for managing the updating of security.
Paul Williamson, general manager of emerging businesses at ARM, also stressed the open nature of PSA, in a statement. "PSA gave the industry a framework for standardizing the design of secure IoT devices, and PSA Certified brings together the leading global independent security testing labs to evaluate the implementation of these principles."
One thing that would probably have to change before other IP providers would be ready to get involved is the status of the PSA administration. Right now such things as copyrights, trademarks and logos are owned by ARM. It would probably be necessary to set up an independent, consortium-owned collaborative engineering group to take control of these things.
Related links and articles: