This message will disappear after all relevant tasks have been resolved.
Semantic MediaWiki
There are 1 incomplete or pending task to finish installation of Semantic MediaWiki. An administrator or user with sufficient rights can complete it. This should be done before adding new data to avoid inconsistencies.![]() |
Coming soon |
Please understand this is draft, thank you
1. SafeLink Module Presentation
The Safe link module allows for the secure communication between a Host and the STM32WW4, at the level of the SDIO interface. In particular, the Safe link module allows the Host to ensure it is communicating with a real STM32WW4 provisioned by ST, to compute a common session key between the two devices and to perform encryption, decryption and authentication of the data exchanged on the SDIO interface. Finally, the Safe link offers a mechanism that update the session key periodically.
To ensure the security of the communication channel between a Host and the STM32WW4, the following conditions must be respected:
- The SDIO/SPI link must allow authentication and confidentiality of messages
- Prevention against passive eavesdropping and/or active tampering (injection of fault) on the link
- Forward secrecy
- The Host must be connected to authentic Typhon from ST
- Secure storage of key agreement private key
- SCA and fault protection of key agreement private key
- Safe link Security strength up to 192-bit for WPA3-Enterprise-192
Following methods have been retained to meet these requirements:
- Asymmetric Key agreement based on ECDH-key agreement P-384 ECC or P-256 ECC.
- Symmetric Key agreement base on challenge method and CMAC key agreement AES-256.
- AES-GCM packet encryption.
- Support of ephemeral keys pair, on STM32WW4 and on Host.
- The Host checks Typhon Certificate signature built by ST authority, based on ECDSA.
- The STM32WW4 private key is stored in its OTP Upper storage, tamper protected and decrypted by a ROM secret at EWS provisioning.
- The STM32WW4 Safe link code is protected against side channel attacks.