Security:Security acronyms and definitions: Difference between revisions

Revision as of 10:50, 5 July 2023↑

Security related acronyms for STM32H5

Abbreviation	Definition	Comment
ADAC	Authentication Debug Access Control	Arm® protocol specification that allows a target to securely authenticate a debug host.
AEAD	Authenticated Encryption with Associated Data	-
AES	Advanced Encryption Standard	-
ASS	Additional Secure Services	Part of the secure manager - STM32H5
BL	Bootloader	-
CLI	Command-Line Interface	-
CM	Contract Manufacturer	-
DA	Debug Authentication	Process based on ADAC protocol.
DAP	Debug Access Port	-
DFU	Device Firmware Update	For example through USB.
DHUK	Derived Hardware Unique Key	256 bits, Unique Key based on the device Root HUK, not accessible by software, debug, or test mode.
DUA	Device Unique Authentication	For STM32H5, pre-provisioned keys/certificates.
ECC	Error Code Correction	-
ECC	Elliptic Curve Cryptography	-
ECDSA	Elliptic Curve Digital Signature Algorithm	Public Key Crypto, asym keys, variant of DSA but with shorter key.
EPOCH-NS / -S	Nonsecure/Secure Monotonic Counter	Avoid key reuse, or control regression.
GSS	Generic Secure Services	Part of the secure manager STM32H5.
GTZC	Global TrustZone® Controller	-
HDP	Hide Protection	Hide and protect the secure user memory.
HDPL	Hardware Protection Level.	Temporal isolation levels (controlled by a monotonic counter); HDPL0: RSS (never erased); HDPL1: iRot, HDPL2: Urot, HDPL3: Appli.
HSM	Hardware Security Module	Can be programmed by the Trusted Package Creator
HUK	Hardware Unique Key	-
IROT	Immutable (unchangeable) Root of Trust	See STiRoT.
ITS	Internal Trusted Storage	API that permits to write data in a trusted storage.
KDF	Key Derivation Function	Taking as input RHUK & TrustZone® state & Key Usage State) to generate the DHUKy.
KMOD	Key Mode	Key uses the state mode
KMS	Key Management Services	-
MPU	Memory Protection Unit	-
OBK	Option Byte Key	-
OBKeys	Option Byte Keys	For STM32H5: 8 Kbytes of hardware secure storage.
OEM	Original Equipment Manufacturer	-
OEM-CM	Original Equipment Manufacturer Contract Manufacturer	-
PKA	Public Key Algorithm	Also named asymmetric algorithm.
PSA	Platform Security Architecture	-
PSA level	Arm® Security standard certification	Level one to three, PSA level three (physical attack robustness).
RDP	Readout Protection	Level zero (no protection), level one (enabled), level two (read protection and debugger deactivated).
RHUK	Root Hardware Unique Key	256 bits, immutable, nonvolatile used to create DHUK, never used as it is.
RoT	Root of Trust	-
SAES	Secure Advanced Encryption System	Side channel attack resistant.
SB	Secure Boot	-
SBSFU	Secure Boot Secure Firmware Update	-
SESIP	Security Evaluation Standard for IOT Platform	Llevel one to five, SESIP3 > PSA level two, SESIP4/5 for secure element/smart card.
SFI	Secure Firmware Install	For L462 delivered in RDP1, the 42k secure bootloader is erased at the end of SFI.
SM	Secure Manager	-
SMAK	Secure Manager Access Kit	-
SMDK	Secure Module Development Kit	-
SMI	Secure Module Install	-
SMU	Secure Module Update	-
SSFI	Secure ST Firmware Install	-
STiRoT	ST immutable Root of Trust Software	Located in system flash immutable, first stage of boot, STM32H5.
STuROT	ST updatable Root of Trust	-
TFM	Trusted Firmware	Support PSA L2 open source software Arm® framework.
TLV	Type Length Value	Containing image metadata placed at the end of the image.
TPC	Trusted Package Creator	ST provided tool.
TZ	TrustZone®	-
UBE	Unique Boot Entry	Option byte for boot path selection.
UROT	Updatable Root of Trust	Software located in user flash, second boot stage.
WM	Watermark	-
WRP	Write Protection	-
XIP	eXecute In Place	-
XO	eXecute Only	-

@@ Line 132: / Line 132: @@
 <noinclude>
 {{PublicationRequestId | 27005| 2023-04-26 |}}
-[[Category:Security_with_STM32H5|98]]
+[[Category:Security_functions|99]]
+[[Category:Security_with_STM32H5|99]]
 </noinclude>