This message will disappear after all relevant tasks have been resolved.
Semantic MediaWiki
There are 1 incomplete or pending task to finish installation of Semantic MediaWiki. An administrator or user with sufficient rights can complete it. This should be done before adding new data to avoid inconsistencies.Security related acronyms for STM32H5
Abbreviation | Definition |
---|---|
ADAC | Authentication Debug Access Control (Arm protocol specification that allows a target to securely authenticate a debug host) |
AEAD | Authenticated Encryption with Associated Data. |
AES | Advanced Encryption Standard |
ASS | Additional Secure Services, part of the secure manager (STM32H5) |
BL | Boot Loader |
CLI | Command Line Interface |
CM | Contract Manufacturer |
DA | Debug Authentication process based on ADAC protocol |
DAP | Debug Access Port |
DFU | Device Firmware Update (e.g through USB) |
DHUK | Derived HUK (256 bits, Unique Key based on the device RHUK, not accessible by SW, debug or test mode) |
DUA | Device Unique Authentication (for STM32H5; pre-provisioned keys/certificates) |
ECC | Error Code Correction |
ECC | Elliptic Curve Cryptography |
ECDSA | Elliptic Curve Digital Signature Algorithm (Public Key Crypto, asym keys), variant of DSA but with shorter key |
EPOCH-NS / -S | (Non-Secure/ Secure)Monotonic Counter to avoid key reuse, or to control regression |
GSS | Generic Secure Services (part of the secure manager STM32H5) |
GTZC | Global TrustZone® Controller |
HDP | Hide Protection. Hide and protect the secure user memory |
HDPL | Hardware Protection Level. Temporal isolation levels (controlled by a monotonic counter); HDPL0: RSS (never erased); HDPL1: iRot, HDPL2: Urot, HDPL3: Appli |
HSM | Hardware Security Module (can be programmed by the Trusted Package Creator) |
HUK | Hardware Unique Key |
IROT | Immutable (unchangeable) Root of Trust; (see STiRoT) |
ITS | Internal Trusted Storage, API allowing to write data in a trusted storage |
KDF | Key Derivation Function (taking as input RHUK & TrustZone state & Key Usage State) to generate the DHUK |
KMOD | Key Use State Mode |
KMS | Key Management Services |
MPU | Memory Protection Unit |
OBK | Option Byte Key |
OBKeys | Option Byte Keys; For STM32H5: 8Kbytes of HW secure storage |
OEM | Original Equipment Manufacturer |
OEM-CM | Original Equipment Manufacturer Contract Manufacturer |
PKA | Public Key Algorithm (also named aka asymmetric algorithm) |
PSA | Platform Security Architecture |
PSA level | ARM Security standard certification, level1 to 3, PSA level3 (physical attack robustness) |
RDP | RDP Level 0/1/2, read out protection |
RHUK | Root Hadware Unique Key (256 bits, immutable, Non Volatile) used to create DHUK, never used as it is |
RoT | Root of Trust |
SAES | Secure Advanced Encryption System (side channel attack resistant) |
SB | Secure Boot |
SBSFU | Secure Boot Secure Firmware Update |
SESIP | Security Evaluation Standard for IOT Platform, level1 to 5, SESIP3 > PSA level2, SESIP4/5 for secure element/smart card |
SFI | Secure Firmware Install (for L462 delivered in RDP1, the 42k secure bootloader is erased at the ned of SFI |
SM | Secure Manager |
SMAK | Secure Manager Access Kit |
SMDK | Secure Module Development Kit |
SMI | Secure Module Install |
SMU | Secure Module Update |
SSFI | Secure ST Firmware Install |
STiRoT | Immutable Root Of Trust Software located in system flash immutable (first stage of boot) STM32H5 |
STuROT | ST updatable Root Of Trust |
TFM | Trusted Firmware (support PSA L2), open source software ARM framework |
TLV | Type Length Value (containing image metadata, placed at the end of the image) |
TPC | Trusted Package Creator (ST provided tool) |
TZ | Trust Zone |
UBE | Unique Boot Entry (option byte for boot path selection) |
UROT | Updatable Root of Trust; Software located in user flash, second boot stage |
WM | Water Mark |
WRP | Write Protection |
XIP | Execute In Place |
XO | Execute Only |