This message will disappear after all relevant tasks have been resolved.
Semantic MediaWiki
There are 1 incomplete or pending task to finish installation of Semantic MediaWiki. An administrator or user with sufficient rights can complete it. This should be done before adding new data to avoid inconsistencies.1. Security acronyms
Acronyms | Definition | Comment |
---|---|---|
ADAC | Authentication Debug Access Control | Arm® protocol specification that allows a target to securely authenticate a debug host. |
AEAD | Authenticated Encryption with Associated Data | - |
AES | Advanced Encryption Standard | - |
ARoT | Application Root of Trust | - |
ASS | Additional Secure Services | Part of the secure manager |
BL | Bootloader | - |
CLI | Command-Line Interface | - |
CM | Contract Manufacturer | - |
DA | Debug Authentication | Process based on ADAC protocol. |
DAP | Debug Access Port | - |
DFU | Device Firmware Update | For example through USB. |
DHUK | Derived Hardware Unique Key | 256 bits, Unique Key based on the device Root HUK, not accessible by software, debug, or test mode. |
DUA | Device Unique Authentication | pre-provisioned keys/certificates. |
ECC | Error Code Correction | - |
ECC | Elliptic Curve Cryptography | - |
ECDSA | Elliptic Curve Digital Signature Algorithm | Public Key Crypto, asym keys, variant of DSA but with shorter key. |
EPOCH-NS / -S | Nonsecure/Secure Monotonic Counter | Avoid key reuse, or control regression. |
FWU | Firmware Update | - |
GSS | Generic Secure Services | Part of the secure manager |
GTZC | Global TrustZone® Controller | - |
HDP | Hide Protection | Hide and protect the secure user memory. |
HDPL | Hardware Protection Level. | Temporal isolation levels (controlled by a monotonic counter); HDPL0: RSS (never erased); HDPL1: iRot, HDPL2: Urot, HDPL3: Appli. |
HSM | Hardware Security Module | Can be programmed by the Trusted Package Creator |
HUK | Hardware Unique Key | - |
IA | Initial Attestation | - |
IPC | Inter Processor Communication | - |
ITS | Internal Trusted Storage | API that permits to write data in a trusted storage. |
KDF | Key Derivation Function | Taking as input RHUK & TrustZone® state & Key Usage State) to generate the DHUKy. |
KMOD | Key Mode | Key uses the state mode |
KMS | Key Management Services | - |
MPU | Memory Protection Unit | - |
NS | Non-Secure | - |
NSPE | Non Secure Processing Environment | - |
OBK | Option Byte Key | - |
OBKeys | Option Byte Keys | hardware secure storage. |
OEM | Original Equipment Manufacturer | - |
OEM-CM | Original Equipment Manufacturer Contract Manufacturer | - |
OEMiRoT | Original Equipment Manufacturer immutable Root of Trust | First boot stage developped by OEM, located in user flash and used instead of STiROT |
OEMuRoT | Original Equipment Manufacturer updatable Root of Trust | Second boot stage developped by OEM |
PKA | Public Key Algorithm | Also named asymmetric algorithm. |
PRoT | PSA Root of Trust | - |
PSA | Platform Security Architecture | - |
PSA level | Arm® Security standard certification | Level one to three, PSA level three (physical attack robustness). |
RDP | Readout Protection | Level zero (no protection), level one (enabled), level two (read protection and debugger deactivated). |
RHUK | Root Hardware Unique Key | 256 bits, immutable, nonvolatile used to create DHUK, never used as it is. |
RoT | Root of Trust | - |
RSS | Root Security System | Embedded in System Memory |
RSSFS | Root Security System First Stage | Embedded in System Memory |
SAES | Secure Advanced Encryption System | Side channel attack resistant. |
SB | Secure Boot | - |
SBSFU | Secure Boot Secure Firmware Update | - |
SESIP | Security Evaluation Standard for IOT Platform | Level one to five, SESIP3 > PSA level two, SESIP4/5 for secure element/smart card. |
SFI | Secure Firmware Install | For L462 delivered in RDP1, the 42k secure bootloader is erased at the end of SFI. |
SM | Secure Manager | ST updatable Secure Framework |
SMAK | Secure Manager Access Kit | - |
SMDK | Secure Module Development Kit | - |
SMI | Secure Module Install | - |
SMU | Secure Module Update | - |
SPE | Secure Processing Environment | - |
SSFI | Secure ST Firmware Install | - |
STiRoT | ST immutable Root of Trust Software | Located in system flash immutable, first boot stage |
STuRoT | ST updatable Root of Trust | - |
TF-M | Trusted Firmware | Trusted Firmware for cortex M, Open source software Arm® framework. |
TLV | Type Length Value | Containing image metadata placed at the end of the image. |
TPC | Trusted Package Creator | ST provided tool. |
TZ | TrustZone® | - |
UBE | Unique Boot Entry | Option byte for boot path selection. |
URoT | Updatable Root of Trust | Software located in user flash, second boot stage, see STuRoT and OEMuRoT |
WM | Watermark | - |
WRP | Write Protection | - |
XIP | eXecute In Place | - |
XO | eXecute Only | - |
2. Security definitions
Name | Definition | Comment |
---|---|---|
Active slot | User flash slot where code is executed. | - |
Download slot | User flash slot where code is downloaded to be later installed in active slot. | - |
Primary slot | Same definition as active slot. | MCUboot naming |
Secondary slot | Same definition as download slot. | MCUboot naming |
Update agent | Software running on nonsecure domain responsible of the firmware update procedure. | - |