Nordic Semiconductor announces today that its nRF9160 low power System-in-Package (SiP) with integrated LTE-M/NB-IoT modem and GNSS, and nRF5340 advanced multiprotocol System-on-Chip (SoC) have achieved Platform Security Architecture (PSA) Certified Level 2. The certification provides Nordic customers with an assurance that the nRF9160 and nRF5340 offer a secure platform upon which to build their IoT products.
PSA Certified provides a framework for securing connected devices, from analysis through to security assessment and certification. The framework provides standardized resources to help reverse the growing fragmentation of IoT requirements and ensure security is no longer a barrier to product development. This certification enables device makers to achieve the security required for their products through three levels of security assurance, each requiring increasingly rigorous hardware and software evaluation.
PSA Certified Level 2 provides a laboratory evaluation that a vendor’s PSA Root of Trust (PSA-RoT) can protect against scalable, remote software attacks. Evaluation Labs use vulnerability analysis and penetration testing of the PSA-RoT to establish if the nine security requirements of the PSA-RoT Protection Profile have been met. The SESIP evaluation methodology was used for this evaluation, which grants an additional SESIP Level 2 certification to the nRF9160 SiP and nRF5340 SoC. PSA Certified Level 2 incorporates Level 1. PSA Certified Level 1 assesses that a chip, software, or IoT device adheres to good security principles.
Nordic Semiconductor’s nRF9160 SiP is based on an Arm Cortex-M33 CPU core and is the first in its class to incorporate Arm TrustZone and Arm CryptoCell-310 security for Internet-level encryption and application protection. The nRF5340 features dual Arm Cortex-M33 cores and incorporates Arm CryptoCell-312, Arm TrustZone technology, and Secure Key Storage. The nRF5340’s combined security features enable advanced root-of-trust and secure firmware updates while protecting the SoC from malicious attack.