1. Introduction

1.1. About Platform Security Architecture

This document is one of a set of resources provided by Arm that can help organizations develop products that meet the security requirements of PSA Certified on Arm-based platforms. The PSA Certified scheme provides a framework and methodology that helps silicon manufacturers, system software providers and OEMs to develop more secure products. Arm resources that support PSA Certified range from threat models, standard architectures that simplify development and increase portability, and open-source partnerships that provide ready-to-use software. You can read more about PSA Certified here at www.psacertified.org and find more Arm resources here at developer.arm.com/platform-security-resources.

1.2. About the Secure Storage API

The interface described in this document is a PSA Certified API, that provides key/value storage interfaces for use with device-protected storage. The Secure Storage API describes two interfaces for storage:

Internal Trusted Storage API

An interface for storage provided by the Platform Root of Trust (PRoT).

Protected Storage API

An interface for external protected storage.

The Internal Trusted Storage API must be implemented in the PRoT as described in the Platform Security Model [PSM] specification.

If there are no Application Root of Trust (ARoT) services that rely on it, the Protected Storage API can be implemented in the NSPE. Otherwise, the Protected Storage API must be implemented in an ARoT within the SPE.

You can find additional resources relating to the Secure Storage API here at arm-software.github.io/psa-api/storage, and find other PSA Certified APIs here at arm-software.github.io/psa-api.