Linaro, A Zephyr
Zephyr Open Source RTOS
For Resource-constrained IoT Embedded Devices Across Multiple Architectures
The Zephyr Project is an open source collaborative effort hosted by the Linux Foundation and created to bring industry leaders together to build a best-in-breed small, scalable, real-time operating system (RTOS) optimized for IoT devices across multiple architectures. Zephyr has achieved PSA Certified Level 1 and PSA Functional API Certification to help with the development of secure IoT devices. Instrumental to that certification has been Linaro, a Zephyr Project Member, which brings together industry and the open source engineering community to collaboratively develop software on Arm.
“PSA Certified means that companies using Zephyr can start developing products with a high level of assurance that the product is going to meet minimum security standards right out of the box,” says Kevin Townsend, Senior Embedded Engineer with Linaro, an open source collaborative engineering organization and member of the Zephyr Project. “PSA gives the IoT community specialized, up-to-date knowledge and out-of-the-box functionality upon which to build their own systems.”
With PSA Certified, I know that out of the box, I have a very solid foot in the door to making a reasonably secure device, platform, or ecosystem if I’m basing it off something that is PSA Certified Level 1 or has the Functional API Certification.
-Kevin Townsend, Senior Embedded Engineer, Linaro, & Zephyr Project member
Secure and Non-secure Integration
As a key security element, Zephyr has integrated Trusted Firmware-M (TF-M), an open source implementation of PSA, that runs on the secure side of the device, while Zephyr remains on the non-secure side. All fundamental security operations, including cryptography and secure boot, run on TF-M.
“Features like cryptography are hard to implement today simply because there are so many options for different algorithms and different libraries,” Townsend explains. “It’s important to choose cryptographic algorithms that are up to date with vulnerabilities that are out there today, and not everybody has this knowledge. With Zephyr and TF-M, those specific technical decisions have already been dealt with by experts.” While the certification process was different for PSA Functional API Certification and PSA Level 1 Certified, Townsend found it to be smooth and transparent—especially PSA Functional API Certification which involved running a sample application with a set of API test suites.
“It is nice to have a set of tests that you can easily run to assure that your non-secure firmware is playing well with the secure side,” Townsend said. The tests also provide feedback if something isn’t working: “I know when a test fails, so I know where to look to solve the problem.”
A Solid Security Foundation
For the Zephyr Project, PSA Certified is a way of assuring manufacturers of remotely deployed devices that they are getting security features that have been developed and tested by experts. It also can reduce time-to-market with fewer development cycles, helping to ensure data comes from trusted sources and remains secure.
“It’s difficult to find the engineering resources to implement remote systems securely,” Townsend says. “With PSA Certified, I know that out of the box, I have a very solid foot in the door to making a reasonably secure device, platform, or ecosystem if I’m basing it off something that is PSA Certified Level 1 or has the Functional API certification.”
Linaro leads collaboration in the Arm ecosystem and helps companies work with the latest open source technology. The company has over 250 engineers working on more than 70 open source projects, developing and optimizing software and tools, ensuring smooth product roll outs, and reducing maintenance costs. Work happens across segments including datacenter & cloud, edge & fog, IoT & embedded, consumer, machine intelligence, autonomous vehicles, and high-performance computing. Linaro is distribution neutral: it wants to provide the best software foundations to everyone by working upstream, and to reduce non differentiating and costly low-level fragmentation. The effectiveness of the Linaro approach has been demonstrated by Linaro consistently being listed as one of the top ten company contributors, worldwide, to Linux kernels since 3.10.
To ensure commercial quality software, Linaro’s work includes comprehensive test and validation on member hardware platforms. The full scope of Linaro engineering work is open to all online.
How Can PSA Certified Help You?
PSA Certified can benefit system software providers in two ways: Firstly, PSA Certified Level 1 allows you to demonstrate to your customers that you have implemented security best practice. Secondly they can use the PSA Functional APIs to interface to multiple chips with a PSA Root-of-Trust for functions such as trusted storage, attestationa and crypto.
Learn how PSA Certified's framework and resources can reduce your relaince on security experts, subseqently reducing costs and making best practice security more affordable.