This message will disappear after all relevant tasks have been resolved.
Semantic MediaWiki
There are 1 incomplete or pending task to finish installation of Semantic MediaWiki. An administrator or user with sufficient rights can complete it. This should be done before adding new data to avoid inconsistencies.Security related acronyms for STM32H5
| Abbreviation | Definition | Comment |
|---|---|---|
| ADAC | Authentication Debug Access Control | Arm® protocol specification that allows a target to securely authenticate a debug host. |
| AEAD | Authenticated Encryption with Associated Data | - |
| AES | Advanced Encryption Standard | - |
| ASS | Additional Secure Services | Part of the secure manager - STM32H5 |
| BL | Bootloader | - |
| CLI | Command-Line Interface | - |
| CM | Contract Manufacturer | - |
| DA | Debug Authentication | Process based on ADAC protocol. |
| DAP | Debug Access Port | - |
| DFU | Device Firmware Update | For example through USB. |
| DHUK | Derived Hardware Unique Key | 256 bits, Unique Key based on the device Root HUK, not accessible by software, debug, or test mode. |
| DUA | Device Unique Authentication | For STM32H5, pre-provisioned keys/certificates. |
| ECC | Error Code Correction | - |
| ECC | Elliptic Curve Cryptography | - |
| ECDSA | Elliptic Curve Digital Signature Algorithm | Public Key Crypto, asym keys, variant of DSA but with shorter key. |
| EPOCH-NS / -S | Nonsecure/Secure Monotonic Counter | Avoid key reuse, or control regression. |
| GSS | Generic Secure Services | Part of the secure manager STM32H5. |
| GTZC | Global TrustZone® Controller | - |
| HDP | Hide Protection | Hide and protect the secure user memory. |
| HDPL | Hardware Protection Level. | Temporal isolation levels (controlled by a monotonic counter); HDPL0: RSS (never erased); HDPL1: iRot, HDPL2: Urot, HDPL3: Appli. |
| HSM | Hardware Security Module | Can be programmed by the Trusted Package Creator |
| HUK | Hardware Unique Key | - |
| IROT | Immutable (unchangeable) Root of Trust | See STiRoT. |
| ITS | Internal Trusted Storage | API that permits to write data in a trusted storage. |
| KDF | Key Derivation Function | Taking as input RHUK & TrustZone® state & Key Usage State) to generate the DHUKy. |
| KMOD | Key Mode | Key uses the state mode |
| KMS | Key Management Services | - |
| MPU | Memory Protection Unit | - |
| OBK | Option Byte Key | - |
| OBKeys | Option Byte Keys | For STM32H5: 8 Kbytes of hardware secure storage. |
| OEM | Original Equipment Manufacturer | - |
| OEM-CM | Original Equipment Manufacturer Contract Manufacturer | - |
| PKA | Public Key Algorithm | Also named asymmetric algorithm. |
| PSA | Platform Security Architecture | - |
| PSA level | Arm® Security standard certification | Level one to three, PSA level three (physical attack robustness). |
| RDP | Readout Protection | Level zero (no protection), level one (enabled), level two (read protection and debugger deactivated). |
| RHUK | Root Hardware Unique Key | 256 bits, immutable, nonvolatile used to create DHUK, never used as it is. |
| RoT | Root of Trust | - |
| SAES | Secure Advanced Encryption System | Side channel attack resistant. |
| SB | Secure Boot | - |
| SBSFU | Secure Boot Secure Firmware Update | - |
| SESIP | Security Evaluation Standard for IOT Platform | Llevel one to five, SESIP3 > PSA level two, SESIP4/5 for secure element/smart card. |
| SFI | Secure Firmware Install | For L462 delivered in RDP1, the 42k secure bootloader is erased at the end of SFI. |
| SM | Secure Manager | - |
| SMAK | Secure Manager Access Kit | - |
| SMDK | Secure Module Development Kit | - |
| SMI | Secure Module Install | - |
| SMU | Secure Module Update | - |
| SSFI | Secure ST Firmware Install | - |
| STiRoT | ST immutable Root of Trust Software | Located in system flash immutable, first stage of boot, STM32H5. |
| STuROT | ST updatable Root of Trust | - |
| TFM | Trusted Firmware | Support PSA L2 open source software Arm® framework. |
| TLV | Type Length Value | Containing image metadata placed at the end of the image. |
| TPC | Trusted Package Creator | ST provided tool. |
| TZ | TrustZone® | - |
| UBE | Unique Boot Entry | Option byte for boot path selection. |
| UROT | Updatable Root of Trust | Software located in user flash, second boot stage. |
| WM | Watermark | - |
| WRP | Write Protection | - |
| XIP | eXecute In Place | - |
| XO | eXecute Only | - |