Security acronyms and definitions

Revision as of 17:51, 25 May 2023 by Registered User
This message will disappear after all relevant tasks have been resolved.
Semantic MediaWiki
There are 1 incomplete or pending task to finish installation of Semantic MediaWiki. An administrator or user with sufficient rights can complete it. This should be done before adding new data to avoid inconsistencies.

Security related acronyms for STM32H5

Abbreviation Definition
ADAC Authentication Debug Access Control (Arm protocol specification that allows a target to securely authenticate a debug host)
AEAD Authenticated Encryption with Associated Data.
AES Advanced Encryption Standard
ASS Additional Secure Services (part of the secure manager - STM32H5)
BL Boot Loader
CLI Command Line Interface
CM Contract Manufacturer
DA Debug Authentication ( process based on ADAC protocol )
DAP Debug Access Port
DFU Device Firmware Update (e.g through USB)
DHUK Derived HUK (256 bits, Unique Key based on the device RHUK, not accessible by SW, debug or test mode)
DUA Device Unique Authentication (for STM32H5; pre-provisioned keys/certificates)
ECC Error Code Correction
ECC Elliptic Curve Cryptography
ECDSA Elliptic Curve Digital Signature Algorithm (Public Key Crypto, asym keys, variant of DSA but with shorter key)
EPOCH-NS / -S (Non-Secure/ Secure)Monotonic Counter to avoid key reuse, or to control regression
GSS Generic Secure Services (part of the secure manager STM32H5)
GTZC Global TrustZone® Controller
HDP Hide Protection. Hide and protect the secure user memory
HDPL Hardware Protection Level. Temporal isolation levels (controlled by a monotonic counter); HDPL0: RSS (never erased); HDPL1: iRot, HDPL2: Urot, HDPL3: Appli
HSM Hardware Security Module (can be programmed by the Trusted Package Creator)
HUK Hardware Unique Key
IROT Immutable (unchangeable) Root of Trust; (see STiRoT)
ITS Internal Trusted Storage ( API allowing to write data in a trusted storage)
KDF Key Derivation Function (taking as input RHUK & TrustZone state & Key Usage State) to generate the DHUK
KMOD Key Mode (Key use state mode)
KMS Key Management Services
MPU Memory Protection Unit
OBK Option Byte Key
OBKeys Option Byte Keys ( For STM32H5: 8Kbytes of HW secure storage)
OEM Original Equipment Manufacturer
OEM-CM Original Equipment Manufacturer Contract Manufacturer
PKA Public Key Algorithm (also named aka asymmetric algorithm)
PSA Platform Security Architecture
PSA level ARM Security standard certification, level1 to 3, PSA level3 (physical attack robustness)
RDP Readout Protection. Level 0 (no protection), Level 1 (enabled), Level2 (read protection and debugger deactivatted)
RHUK Root Hardware Unique Key (256 bits, immutable, Non Volatile- used to create DHUK, never used as it is)
RoT Root of Trust
SAES Secure Advanced Encryption System (side channel attack resistant)
SB Secure Boot
SBSFU Secure Boot Secure Firmware Update
SESIP Security Evaluation Standard for IOT Platform (level1 to 5, SESIP3 > PSA level2, SESIP4/5 for secure element/smart card)
SFI Secure Firmware Install (for L462 delivered in RDP1, the 42k secure bootloader is erased at the end of SFI)
SM Secure Manager
SMAK Secure Manager Access Kit
SMDK Secure Module Development Kit
SMI Secure Module Install
SMU Secure Module Update
SSFI Secure ST Firmware Install
STiRoT ST Immutable Root Of Trust Software ( located in system flash immutable, first stage of boot, STM32H5 )
STuROT ST updatable Root Of Trust
TFM Trusted Firmware (support PSA L2, open source software ARM framework)
TLV Type Length Value (containing image metadata, placed at the end of the image)
TPC Trusted Package Creator (ST provided tool)
TZ Trust Zone
UBE Unique Boot Entry (option byte for boot path selection)
UROT Updatable Root of Trust (Software located in user flash, second boot stage)
WM Water Mark
WRP Write Protection
XIP eXecute In Place
XO eXecute Only



Retrieved from "https://wiki.st.com/stm32mcu/index.php?title=Security:Security_acronyms_and_definitions&oldid=34298"