ZAYA Secure Kernel
A Secure OS that Ensures a Secure Product
Developing secure IoT products not only requires a secure operating system, but an OS that is also user friendly, manufacturing friendly, and certification friendly. To achieve this, the ZAYA real-time operating system (RTOS) is PSA Certified Level 1 and PSA Functional API Certified and combines security with other key features, such as isolation between application and independent executables.
UK, Cambridge-based ZAYA (which is named after a Tibetan word for victorious woman) draws from its founders’ experience in the highly regulated and mature payment-systems market to offer a feature-rich RTOS that can be personalized for small devices across multiple IoT verticals.
“IoT security is still in its infancy and the rules of the game are changing,” explains founder and CEO, Murat Cakmak. “IoT device manufacturers are finally waking up to the need to protect data and ensure privacy, so we added security as a design element that not only ensures the OS is secure but helps secure the product, too.”
Just 2-years ago, ZAYA was secure but when manufacturers asked for proof, we didn’t have any. Now we don’t have to convince them we’re secure, we can just show them the PSA Certified accreditation, which proves we’ve been tested by an independent authority
-Murak Cakmak, CEO and founder, ZAYA
Legislation Creates a Perfect Storm
Faced with new legislation all over the world (including the EU, UK, and the US) device manufacturers must balance the need for security with limited resources and rising costs. Cakmak sees PSA Certified as a major step forward in the standardization of IoT security that can help achieve that balance and satisfy regulatory requirements.
“The PSA Certified program means you can implement a solution that has been independently verified as secure and is supported by industry leaders and the global Arm ecosystem,” he explains. “The Platform Security Architecture (PSA) not only requires you to meet security standards, but it offers solutions you can implement to help you meet its certification requirements.”
For ZAYA, the journey to certification was relatively fast since the company was familiar with payment-system security and already met a significant number of PSA requirements. However, one change made during the process was to adapt its software to secure application and non-secure application hardware mechanisms.
“The OS had to work on PSA Functional API Certified device, we used the Arm Musca-B1 Test Chip Boards and we ported our OS across,” Cakmak explains. “This was an eye-opening experience and we were able to adapt our OS quickly to this new hardware architecture.”
ZAYA Secure Kernel
Lab Assessments Run Smoothly
As a fiscally prudent CEO of a relatively young startup, Cakmak was also cognizant of the high cost of engaging with security experts in lab assessments, where hourly rates can quickly add up. A main advantage of the PSA Certified process is the ability to test the requirements internally using a test suite before submitting to lab assessment.
“PSA Certified offers functional API test suites that you can use on your own laptop, so you can see if you meet the requirements before going into the lab,” he says. “When you know you’re ready, you can go to the lab to be assessed and certified without facing multiple costly assessment rounds.”
In addition to offering the highest level of protection using Trusted Firmware-M on TrustZone for Armv8-M, ZAYA now offers a smooth and secure migration to Armv7-M through its secure kernel. PSA Functional API Certified means it is proven to help transform non-secure Armv7-M Arm MCUs to functionally secure devices.
“Standards are essential and certification by a third-party means we can offer credible end-to-end security solutions where there are currently security leaks,” Cakmak says. “Just 2-years ago, ZAYA was secure but when manufacturers asked for proof, we didn’t have any. Now we can just show them the PSA Certified accreditation, which proves we’ve been assessed by an independent authority.”
How Can PSA Certified Help You?
The PSA Functional APIs establish a foundation for security services that enables secure end-to-end deployments. The APIs are easy to understand regardless of the underlying hardware or firmware and provide increased software agility and portability that reduces the complexities of security for system software providers.
Learn more about the PSA Functional APIs and how our functional API test suites can benefit you. You can also discover more about PSA Certified Level 1 and how it can help protect your brand, revenue, and reputation.