Approved version. Approved on: 15:03, 17 August 2023
- Last edited one month ago ago
Security Acronyms
| Abbreviation | Definition | Comment |
|---|---|---|
| ADAC | Authentication Debug Access Control | Arm® protocol specification that allows a target to securely authenticate a debug host. |
| AEAD | Authenticated Encryption with Associated Data | - |
| AES | Advanced Encryption Standard | - |
| ARoT | Application Root of Trust | - |
| ASS | Additional Secure Services | Part of the secure manager |
| BL | Bootloader | - |
| CLI | Command-Line Interface | - |
| CM | Contract Manufacturer | - |
| DA | Debug Authentication | Process based on ADAC protocol. |
| DAP | Debug Access Port | - |
| DFU | Device Firmware Update | For example through USB. |
| DHUK | Derived Hardware Unique Key | 256 bits, Unique Key based on the device Root HUK, not accessible by software, debug, or test mode. |
| DUA | Device Unique Authentication | pre-provisioned keys/certificates. |
| ECC | Error Code Correction | - |
| ECC | Elliptic Curve Cryptography | - |
| ECDSA | Elliptic Curve Digital Signature Algorithm | Public Key Crypto, asym keys, variant of DSA but with shorter key. |
| EPOCH-NS / -S | Nonsecure/Secure Monotonic Counter | Avoid key reuse, or control regression. |
| FWU | Firmware Update | - |
| GSS | Generic Secure Services | Part of the secure manager |
| GTZC | Global TrustZone® Controller | - |
| HDP | Hide Protection | Hide and protect the secure user memory. |
| HDPL | Hardware Protection Level. | Temporal isolation levels (controlled by a monotonic counter); HDPL0: RSS (never erased); HDPL1: iRot, HDPL2: Urot, HDPL3: Appli. |
| HSM | Hardware Security Module | Can be programmed by the Trusted Package Creator |
| HUK | Hardware Unique Key | - |
| IA | Initial Attestation | - |
| IPC | Inter Processor Communication | - |
| IRoT | Immutable (unchangeable) Root of Trust | See STiRoT and OEMiRoT |
| ITS | Internal Trusted Storage | API that permits to write data in a trusted storage. |
| KDF | Key Derivation Function | Taking as input RHUK & TrustZone® state & Key Usage State) to generate the DHUKy. |
| KMOD | Key Mode | Key uses the state mode |
| KMS | Key Management Services | - |
| MPU | Memory Protection Unit | - |
| NS | Non-Secure | - |
| NSPE | Non Secure Processing Environment | - |
| OBK | Option Byte Key | - |
| OBKeys | Option Byte Keys | hardware secure storage. |
| OEM | Original Equipment Manufacturer | - |
| OEM-CM | Original Equipment Manufacturer Contract Manufacturer | - |
| OEMiRoT | Original Equipment Manufacturer immutable Root of Trust | First boot stage developped by OEM, located in user flash and used instead of STiROT |
| OEMuRoT | Original Equipment Manufacturer updatable Root of Trust | Second boot stage developped by OEM |
| PKA | Public Key Algorithm | Also named asymmetric algorithm. |
| PRoT | PSA Root of Trust | - |
| PSA | Platform Security Architecture | - |
| PSA level | Arm® Security standard certification | Level one to three, PSA level three (physical attack robustness). |
| RDP | Readout Protection | Level zero (no protection), level one (enabled), level two (read protection and debugger deactivated). |
| RHUK | Root Hardware Unique Key | 256 bits, immutable, nonvolatile used to create DHUK, never used as it is. |
| RoT | Root of Trust | - |
| RSS | Root Security System | Embedded in System Memory |
| RSSFS | Root Security System First Stage | Embedded in System Memory |
| SAES | Secure Advanced Encryption System | Side channel attack resistant. |
| SB | Secure Boot | - |
| SBSFU | Secure Boot Secure Firmware Update | - |
| SESIP | Security Evaluation Standard for IOT Platform | Llevel one to five, SESIP3 > PSA level two, SESIP4/5 for secure element/smart card. |
| SFI | Secure Firmware Install | For L462 delivered in RDP1, the 42k secure bootloader is erased at the end of SFI. |
| SM | Secure Manager | ST updatable Secure Framework |
| SMAK | Secure Manager Access Kit | - |
| SMDK | Secure Module Development Kit | - |
| SMI | Secure Module Install | - |
| SMU | Secure Module Update | - |
| SPE | Secure Processing Environment | - |
| SSFI | Secure ST Firmware Install | - |
| STiRoT | ST immutable Root of Trust Software | Located in system flash immutable, first boot stage |
| STuRoT | ST updatable Root of Trust | - |
| TFM | Trusted Firmware | Support PSA L2 open source software Arm® framework. |
| TLV | Type Length Value | Containing image metadata placed at the end of the image. |
| TPC | Trusted Package Creator | ST provided tool. |
| TZ | TrustZone® | - |
| UBE | Unique Boot Entry | Option byte for boot path selection. |
| URoT | Updatable Root of Trust | Software located in user flash, second boot stage, see STuRoT and OEMuRoT |
| WM | Watermark | - |
| WRP | Write Protection | - |
| XIP | eXecute In Place | - |
| XO | eXecute Only | - |