B Document history

Date

Changes

June 2019

1.0.0

  • First stable release

August 2019

1.0.1

  • Fixed typos and descriptions based on feedback.

  • Recommend type byte 0x01 for arm_psa_UEID.

  • Remove erroneous guidance regarding EAT’s origination claim - it should not be used to find a verification service.

February 2020

1.0.2

  • Clarify the claim number of Instance ID

  • Permit COSE-Mac0 for signing tokens (with appropriate warning)

  • Update URLs

October 2022

1.0.3

  • Relicensed the document under Attribution-ShareAlike 4.0 International with a patent license derived from Apache License 2.0. See License.

  • Fix CBOR type of arm_psa_origination to text string. Spec and example were in conflict, and the example was correct.

  • Added CDDL definition to the appendices, which can be helpful to developers.

  • Instance ID definition for symmetric keys has been improved. The specific constructions are now recommended rather than normative.

  • Clarified the optionality of map entries in the Software Components claim.

September 2025

1.0.4

  • Updated introduction to reflect GlobalPlatform assuming the governance of the PSA Certified evaluation scheme.

May 2026

2.0.0

  • Update the API to use the PSA attestation token, defined in Arm's Platform Security Architecture (PSA) Attestation Token [RFC9783]. The token and report format, CDDL definition, and example token are no longer required in this specification.