Trusted Edge Security Architecture (TESA)

ADI’s security for the Intelligent Edge is seamlessly integrated into CodeFusion Studio through Trusted Edge.

Trusted Edge provides the foundational layer of security within the Trusted Edge Security Architecture (TESA), combining industry-standard cryptographic APIs with the hardware-based security capabilities of ADI platforms.

Features

• Flexibility – Choose from multiple industry-standard crypto libraries that best fit your application.
• Simplicity – Access hardware security features across ADI’s complete digital portfolio.
• Reduced time-to-market – Reduce time-to-market with foundational security services that simplify implementation.

Installation

Complete the software request form

The TESA security package is distributed under a non-disclosure agreement (NDA) through myAnalog.

Note

A myAnalog account is required. Login or sign up at analog.com

1. Access the Software Request Form.
2. Log in or sign up for a myAnalog account.
3. Complete the required fields in the Software Recipient Information section.
4. Complete the required fields in the Commercial information section.

5. In the Software requested section, select Security for the target technology.

   Important

   Leave Processor/SoC and Hardware Platform blank.

   

6. Check the box for your preferred operating system: Windows, macOS, or Linux.

7. Review the privacy settings and check the applicable boxes.
8. Click Submit.

You will receive a confirmation at the email address you provided in the software request form. Allow 10 business days for ADI to review your request. Once your NDA is approved, you will be granted access to the TESA package through the CodeFusion Studio Package Manager. This package provides the security toolchain and components required for developing trusted applications.

Install the TESA package

After your NDA is approved, you can install the TESA package directly from the CodeFusion Studio Package Manager.

To install:

1. Configure partner access. Complete the setup steps provided with your NDA approval to enable access to restricted repositories.
2. Install the TESA package using one of the following methods:
   • Command Palette
   • Command line (cfsutil)

Note

The TESA package is only available to NDA-approved partners. For repository setup details, refer to your internal installation guide or contact your ADI representative.

Security Foundation Layer

The Security Foundation Layer provides the core building blocks of TESA. It defines the middleware, frameworks, and tools that implement trusted execution, cryptographic operations, secure boot, and lifecycle management across supported ADI MCUs.

TESA middleware

TESA middleware implements the foundational security stack for the Trusted Edge architecture, integrating cryptographic libraries, APIs, and MCU-level frameworks such as Trusted Firmware-M and MCUboot.

Cryptographic libraries and APIs

TESA supports multiple cryptographic backends and APIs, including:

• Crypto library options

  • mbedTLS
  • wolfSSL
  • PSA Crypto API

• ADI extensions

  • ADI USS API
  • Root of Trust Services

• Unified Security Software (USS)

  • Secure Storage
  • Crypto Toolbox
  • Secure Communication
  • Universal Crypto Library (UCL)

MCU framework integration

TESA integrates with multiple MCU-level security frameworks to deliver trusted boot, firmware validation, and lifecycle management.

Trusted Firmware-M (TF-M)

Trusted Firmware-M (TF-M) is the platform security architecture reference implementation aligning with PSA Certified guidelines.

ADI’s implementation, delivered through TESA, provides out-of-the-box support for the open source TF-M build using mbedTLS, as well as a premium configuration that enhances security performance through Universal Crypto Library (UCL).

For a list of supported devices, see TF-M ADI platforms.

For information on setting up and using TF-M in CFS, see Arm® TrustZone®.

MCUboot

MCUboot is included with TF-M to provide Level-2 bootloader functionality within the boot chain. TESA enhances MCUboot with UCL, enabling secure boot and improved cryptographic performance.

Unified Security Software

USS extends standard PSA and ADI APIs through a backend that delivers:

• Secure Boot
• Secure Channel
• Lifecycle Management
• Secure Storage
• Cryptographic Toolbox
• Attestation

USS includes standalone MCU-only software security emulations for ADI devices.

The PSA Crypto implementation within USS is called the ADI Universal Crypto Library (UCL). UCL provides high-performance cryptographic algorithms for ADI MCUs, supporting hashing, encryption/decryption, signature verification, key exchange, and random number generation.
It also includes countermeasures against side-channel attacks and leverages the hardware accelerator of the target ADI platform whenever applicable.

TESA Driver

USS provides rich, hardware-independent APIs for:

• Crypto
• Life cycle management
• Secure storage

TESA Toolkit

The TESA toolkit includes utility scripts and firmware for:

• Generating signatures
• Enabling Secure Boot ROM

The TESA toolkit is available on GitHub at TESA-Toolkit

USS Supported boards

• MAX32650
  • EVKit V1
  • FTHR
  • AD-SWIOT1L-SL
• MAX32657
  • EVKit V1
• MAX32670
  • EVKit V1
• MAX32690
  • AD-APARD32690-SL
  • EVKit V1
  • FTHR
  • EVAL-ADIN1110
  • MAXQ1065EVKIT