Silex Insight’s advanced eSecure IP module, including cryptographic acceleration, secure boot, sensitive key material and asset protection, is a complete solution that enables security applications to shield confidential information from untrusted applications running on the main processor. The eSecure module is highly configurable and thus provides a wide-range selection of security features, which can be adapted for any application for performance, area and energy consumption.
ZAYA Secure OS and ZAYA Microcontainers(μContainers) are now integrated with Silex Insight's eSecure IP to offer a secure programming model that security developers can easily develop their custom security extensions (PSA Application Root of Trust) in eSecure, where Silex Insight's eSecure is the PSA Root of Trust.
The solution offers built-in PSA Type 3(Highest) Isolation.
A brief introduction to ZAYA Secure OS
ZAYA Secure OS is a Secure Operating System for IoT Devices and designed according to IoT Security Certifications and Regulations. ZAYA is a PSA Certified Level 1 and PSA Functional API Certified Operation system that provides security mechanisms to meet PSA 10 Security Goals.
ZAYA Secure OS creates an isolated Trusted Execution Environment(TEE) on the running environment and handles all security mechanisms in the TEE space for the whole IoT device, which custom users’ implementations cannot violate. This approach makes the user applications security-free, and the application developer can focus on only custom device features.
ZAYA offers a certification friendly environment, thanks to its modular model. Certified ZAYA Kernel/TEE and ZAYA User Executions are independent executions with different and separate signatures. Any modification on a Certification-Free User execution does not change the Certified Kernel/TEE; therefore, there is no need for a new assessment on the Certified TEE.
ZAYA is a “Configureless” Operating System that does not modify the Certified Kernel/TEE for changing User Execution configurations, so any configuration modification in User Space does not need a new assessment on the Certified Kernel/TEE.
ZAYA Secure OS is a rich operating system that provides multiple multi-threaded executions with process isolation and primitives. ZAYA brings Rich OS features such as Containerisation into MMU-less Microcontrollers for security and functional safety purposes.
ZAYA Secure OS offers containerisation for MMU-less Microcontrollers, called ZAYA Microcontainers. ZAYA Microcontainers have similar capabilities to Rich OS Containerisation, such as Linux or Docker Containers.
ZAYA Microcontainers offer
Platform-Agnostic Development Environment: A mutual development environment and easy user application migration from one architecture to another.
Independent Design & Development: ZAYA Secure OS and Microcontainers can be designed & developed using different toolchains and IDEs.
Multi-Threaded Environment: Each ZAYA Microcontainer is also multi-threaded like an individual application.
An isolated execution environment: Microcontainers can violate neither other Microcontainers nor the rest of the system.
Deployment-Friendly: Any size Microcontainer can be installed and upgraded individually in the field.
ZAYA Microcontainer provides a secure development environment for IoT Developers, and ZAYA Microcontainers are protected using PSA Security Goals by ZAYA Secure OS.
Secure Install/Update: An individual ZAYA MicroContainer can be installed/upgraded using signed and encrypted OTA Packages in the field.
Anti-Rollback: ZAYA Microcontainer upgrades, ZAYA Device Security Lifecycle Update Requests and Access Policy Update Requests are protected against anti-rollback attacks.
Secure Boot: ZAYA Microcontainers are authenticated at each device startup.
Isolation: ZAYA Microcontainers are isolated from each other in run-time.
Interaction: ZAYA Microcontainers can securely interact with ZAYA Secure OS and other Microcontainers.
Secure Storage: ZAYA Microcontainer sensitive data is stored in Isolated ZAYA TEE space accessible from PSA Functional API.
Cryptography Services: ZAYA Microcontainers make use of Cryptography Services from Certified ZAYA TEE space accessible from PSA Functional API.
Attestation: ZAYA Secure OS keeps Microcontainer details in the secure Attestation Token.
Lifecycle: ZAYA Microcontainers are parts of the Security Lifecycle.
In addition to PSA Security Goals, ZAYA also manages Microcontainer accesses using Microcontainer Access Policy.
ZAYA Secure OS allows developers to define Resources to perform access right checks on entities. A ZAYA resource can be a logical (e.g., a logical/SW operation) or physical (HW Peripheral). Logical resources are accessible by a System Call request to ZAYA Secure OS, while Physical Resources are directly accessible by ZAYA Microcontainers using the HW Peripheral register addresses.
A ZAYA resource can also have different access levels (no-access/restricted, high privilege, low privilege etc.). A ZAYA Microcontainer can access a Resource only if the Microcontainer privilege level is equal to or higher than the Resource Privilege Level, and it is not a restricted resource. Otherwise, the Microcontainer is terminated due to a violation attempt.
By default, A ZAYA Microcontainer cannot access any custom resource. The developer must specify access right for the ZAYA Microcontainer for a specific resource. But, if the resource privilege level is higher than the Microcontainer privilege level, the Microcontainer still cannot access the resource even if the developer gives access.
ZAYA Microcontainer Access Policies are part of Microcontainer and must be signed by a trusted source. Otherwise, it is rejected, and the Microcontainer cannot access any custom resource.
A Microcontainer access policy can be modified in the field, and the developer can change the access rights by a secure upgrade. It is protected by Anti-Rollback protection that an attacker cannot revert access policy to previous rights.
The idea behind the Access Policy is that simplify access management and hide complex architectural relations and state changes from the developer. It offers a platform-agnostic logical interface that can be easily migrated from one architecture to another.
ZAYA and Silex Insight's eSecure IP Integration
ZAYA Secure OS as PSA Root of Trust in Silex Insight's eSecure
ZAYA Secure OS is now integrated with Silex Insight's eSecure IP to provide a complete solution that meets all PSA Certification requirements.
ZAYA Secure OS runs in Silex Insight's eSecure IP, called PSA Updateable Root of Trust (PSA Updatable RoT).
ZAYA is a PSA Certified Level 1 Operating System, and ZAYA and Silex Insight's eSecure integration meets all PSA 10 Security Goals, including accelerated Cryptographic operations, thanks to eSecure HW Crypto Accelerators.
ZAYA Secure OS provides different privileged spaces in Silex Insight's eSecure
Highest Privilege for Essential Security Operations from Silex Insight's eSecure (PSA Root of Trust)
Lower privilege for custom Security Extensions like Application Root of Trust, which cannot violate Silex Insight's eSecure operations (Root of Trust) space.
ZAYA Secure Microcontainerisation in Silex Insight's eSecure as PSA Application Root of Trust(s)
Security developers can use all these secure, user & deployment friendly ZAYA Microcontainers to develop their custom Security Extensions, such as PSA Application Root of Trust (PSA aRoT), running in Silex Insight's eSecure securely.
PSA Application RoTs in ZAYA Microcontainers can be individually designed, developed, installed and upgraded in the field, which makes it deployment-friendly, and the access rights of the App RoTs can be securely updated in the field, protected by Anti-Rollback protection.
Silex Insight's eSecure and ZAYA OS Integration provide all "essential" security mechanisms such as PSA 10 Security Goal, but some IoT Vertical may need specific security requirements.
For example, highly regulated security-critical Payment Terminals need application-specific requirements such as EMV(Eurocard, Mastercard, Visa) certification; these custom requirements are apart from the essential Payment Terminal security requirements and need to be protected from User Applications and should not violate the Root of Trust.
Herein, ZAYA Microcontainers offers a secure environment for EMV Kernel.
A developer can
- develop its EMV Kernel and certify individually
- get certified Plug&Play EMV Kernel from ZAYA (ZAYA Microservices)
- install&replace the EMV Kernel in the field after production
- upgrade the EMV Kernel
Thanks to the Modular architecture provided by ZAYA. The application running in the Host CPU can use EMV Kernel as a service from isolated Silex Insight's eSecure.
Another example use case could be variations of Cryptographic Algorithms. For example, the ECIES (Elliptic Curve Integrated Encryption Scheme) algorithm may differ, and the Vendor may need its specific implementation. Herein, a specific ECIES can be implemented in a ZAYA Microcontainer in Silex Insight's eSecure to offer a custom security service for the application running on the Host CPU.
Security developers are free to use ZAYA Microcontainers in Silex Insight's eSecure for any purpose to create custom security services that make use of crypto services from eSecure.
ZAYA and Silex Insight's eSecure; Security-Free Applications
ZAYA and Silex Insight's eSecure handle all essential security requirements, and the application running in the Host CPU makes use of security (cryptography, key storage etc.) from eSecure. This approach makes the user application security-free, and the user application can focus only on its custom features. There is no need for Vendors to invest in security know-how and building a security team.
ZAYA and Silex Insight's eSecure; Certification-Free Applications
The security certification process is a challenging and high-cost process for IoT vendors, increasing the market entry barrier. Herein, the re-usability of certification helps vendors to reduce security certification costs.
ZAYA and Silex Insight's eSecure integration are certified and can be certified for various verticals (IoT, Payment, Automative, etc.). As a single certified HW IP, eSecure+ZAYA powered products shall likely be exempted from the security certifications(depending on the certifications).
The Silex Insight's eSecure+ZAYA powered solution can, at least, be "Certification-Ready" that needs a lower-cost "lightweight" assessment.
ZAYA offers a modular environment for developers. Each module (eSecure Core as RoT, App RoTs etc.), is a design-time and run-time independent module that has an individual cryptographic signature, so a modification on a module does not affect other "certified" module images&signatures, so there will be no need for a new security assessment for the unmodified certified modules.
If you would like to hear more technical details about ZAYA and Silex Insight's eSecure integration, please contact firstname.lastname@example.org