Case Study | Linaro, A Zephyr Project Member

For Resource-constrained IoT Embedded Devices Across Multiple Architectures

The Zephyr Project is an open-source collaborative effort hosted by the Linux Foundation and created to bring industry leaders together to build a best-in-breed small, scalable, real-time operating system (RTOS) optimized for IoT devices across multiple architectures. Zephyr has achieved PSA Certified Level 1 and PSA Functional API Certification to help with the development of secure IoT devices. Instrumental to that certification has been Linaro, a Zephyr Project Member, which brings together industry and the open-source engineering community to collaboratively develop software on Arm.

“PSA Certified means that companies using Zephyr can start developing products with a high level of assurance that the product is going to meet minimum security standards right out of the box,” says Kevin Townsend, Senior Embedded Engineer with Linaro, an open-source collaborative engineering organization and member of the Zephyr Project. “PSA Certified gives the IoT community specialized, up-to-date knowledge and out-of-the-box functionality upon which to build their own systems.”

With PSA Certified, I know that out of the box, I have a very solid foot in the door to making a reasonably secure device, platform, or ecosystem if I’m basing it off something that is PSA Certified Level 1 or has the Functional API Certification.
Kevin Townsend, Senior Embedded Engineer, Linaro, a Zephyr Project Member

Secure and Non-secure Integration

As a key security element, Zephyr has integrated Trusted Firmware-M (TF-M), an open-source implementation of PSA, that runs on the secure side of the device, while Zephyr remains on the non-secure side. All fundamental security operations, including cryptography and secure boot, run on TF-M.

“Features like cryptography are hard to implement today simply because there are so many options for different algorithms and different libraries,” Townsend explains. “It’s important to choose cryptographic algorithms that are up to date with vulnerabilities that are out there today, and not everybody has this knowledge. With Zephyr and TF-M, those specific technical decisions have already been dealt with by experts.” While the certification process was different for PSA Functional API Certification and PSA Level 1 Certified, Townsend found it to be smooth and transparent—especially PSA Functional API Certification which involved running a sample application with a set of API test suites.

“It is nice to have a set of tests that you can easily run to assure that your non-secure firmware is playing well with the secure side,” Townsend said. The tests also provide feedback if something isn’t working: “I know when a test fails, so I know where to look to solve the problem.”

A Solid Security Foundation

For the Zephyr Project, PSA Certified is a way of assuring manufacturers of remotely deployed devices that they are getting security features that have been developed and tested by experts. It also can reduce time-to-market with fewer development cycles, helping to ensure data comes from trusted sources and remains secure.

“It’s difficult to find the engineering resources to implement remote systems securely,” Townsend says. “With PSA Certified, I know that out of the box, I have a very solid foot in the door to making a reasonably secure device, platform, or ecosystem if I’m basing it off something that is PSA Certified Level 1 or has the Functional API certification.”

About Linaro

Linaro leads collaboration in the Arm ecosystem and helps companies work with the latest open source technology. The company has over 250 engineers working on more than 70 open source projects, developing and optimizing software and tools, ensuring smooth product roll-outs, and reducing maintenance costs. Work happens across segments including data center & cloud, edge & fog, IoT & embedded, consumer, machine intelligence, autonomous vehicles, and high-performance computing. Linaro is distribution neutral: it wants to provide the best software foundations to everyone by working upstream and aims to reduce non-differentiating and costly low-level fragmentation. The effectiveness of the Linaro approach has been demonstrated by Linaro consistently being listed as one of the top ten company contributors, worldwide, to Linux kernels since 3.10.

To ensure commercial quality software, Linaro’s work includes comprehensive tests and validation on member hardware platforms. The full scope of Linaro engineering work is open to all online.

Ease Security Development on Your Platform

PSA Certified is a global partnership providing a security framework and independent evaluation that demonstrates your commitment to security. We offer a real solution that builds trust in the IoT and help you to deliver confidence to your customers and simplify security across the IoT value chain.

Next Steps

Join the fastest growing security ecosystem, all aligned on a common foundation that builds trust in the Internet of Things.

Share this page

The PSA Certified name, PSA Certified logos, PSA Functional API Certified logo featured on this website are registered trademarks or trademarks of Arm Limited (or its subsidiaries) in the US and/or elsewhere. All rights reserved. Other brands and names mentioned on this website may be the trademarks of their respective owners.

Copyright © 2021 Arm Limited (or its affiliates). All rights reserved.

Sign Up to Receive the Latest from PSA Certified