What is Internal Trusted Storage?
Secure storage is often a memory location within a system used to protect access to sensitive data such as encryption keys, user and service credentials, and other system data. Secure storage can be on the chip, such as within a flash memory bank or RAM location, or an external flash device like a NOR flash memory solution. The goal of secure storage is to prevent private data from being revealed outside the device or service using the data, and to prevent the private data from being cloned. Secure storage is often tied to the system Root-Of-Trust (RoT) services and uses cryptographic keys to encrypt the data and maintain its confidentiality and integrity.
There are several mechanisms that developers can use to create secure storage within their embedded systems. Trusted Firmware-M (TF-M) is a reference implementation of the Platform Security Architecture (PSA) IoT Security Framework1. The framework provides developers with several different secure services such as:
- Audit Logging
- Cryptography
- Firmware Updates
- Attestation
- Secure Storage
The secure storage capabilities of TF-M are broken up into two primary services: internal trusted storage (ITS) and protected storage (PS). ITS is a PSA RoT service for storing the most security-critical device data in internal memory. ITS differs from protected storage in the following ways:
- ITS is an internal PSA Root-Of-Trust service; PS is a PSA Root-Of-Trust Application service
- ITS is meant to protect memory on-chip; PS is intended to protect data stored off-chip
- PS has additional functionality for encrypting the external data, authenticating, and providing rollback protection
- ITS can be considered storage to protect data like keys and user credentials; PS might be regarded for larger datasets like firmware updates or other user data assets
The ITS Application Programming Interface (API) is a more specialized API than the PS API, which is a general-purpose API. Uses of the ITS API will be less common. It is intended to be used for assets that must be placed inside internal flash such as replay protection values for external storage, and keys used by components of the Platform RoT (ProT)2. Storing assets that don’t fit this requirement is allowed. In fact, many platforms will have the PS API call directly into the ITS API, such as on platforms that do not have external flash. It is expected that ITS API will have limited space, so it should be used for small, security-critical values.
1 Beningo, 2022, “5 Elements to a Secure Embedded System – Part #5 Secure Storage”
2 Arm Limited, 2022, “PSA Certified Secure Storage API 1.0”