| Acronyms |
Definition |
Comment
|
| ADAC |
Authentication Debug Access Control |
Arm® protocol specification that allows a target to securely authenticate a debug host.
|
| AEAD |
Authenticated Encryption with Associated Data |
-
|
| AES |
Advanced Encryption Standard |
-
|
| ARoT |
Application Root of Trust |
-
|
| ASS |
Additional Secure Services |
Part of the secure manager
|
| BL |
Bootloader |
-
|
| CLI |
Command-Line Interface |
-
|
| CM |
Contract Manufacturer |
-
|
| DA |
Debug Authentication |
Process based on ADAC protocol.
|
| DAP |
Debug Access Port |
-
|
| DFU |
Device Firmware Update |
For example through USB.
|
| DHUK |
Derived Hardware Unique Key |
256 bits, Unique Key based on the device Root HUK, not accessible by software, debug, or test mode.
|
| DUA |
Device Unique Authentication |
pre-provisioned keys/certificates.
|
| ECC |
Error Code Correction |
-
|
| ECC |
Elliptic Curve Cryptography |
-
|
| ECDSA |
Elliptic Curve Digital Signature Algorithm |
Public Key Crypto, asym keys, variant of DSA but with shorter key.
|
| EPOCH-NS / -S |
Nonsecure/Secure Monotonic Counter |
Avoid key reuse, or control regression.
|
| FWU |
Firmware Update |
-
|
| GSS |
Generic Secure Services |
Part of the secure manager
|
| GTZC |
Global TrustZone® Controller |
-
|
| HDP |
Hide Protection |
Hide and protect the secure user memory.
|
| HDPL |
Hardware Protection Level. |
Temporal isolation levels (controlled by a monotonic counter); HDPL0: RSS (never erased); HDPL1: iRot, HDPL2: Urot, HDPL3: Appli.
|
| HSM |
Hardware Security Module |
Can be programmed by the Trusted Package Creator
|
| HUK |
Hardware Unique Key |
-
|
| IA |
Initial Attestation |
-
|
| IPC |
Inter Processor Communication |
-
|
| ITS |
Internal Trusted Storage |
API that permits to write data in a trusted storage.
|
| KDF |
Key Derivation Function |
Taking as input RHUK & TrustZone® state & Key Usage State) to generate the DHUKy.
|
| KMOD |
Key Mode |
Key uses the state mode
|
| KMS |
Key Management Services |
-
|
| MPU |
Memory Protection Unit |
-
|
| NS |
Non-Secure |
-
|
| NSPE |
Non Secure Processing Environment |
-
|
| OBK |
Option Byte Key |
-
|
| OBKeys |
Option Byte Keys |
hardware secure storage.
|
| OEM |
Original Equipment Manufacturer |
-
|
| OEM-CM |
Original Equipment Manufacturer Contract Manufacturer |
-
|
| OEMiRoT |
Original Equipment Manufacturer immutable Root of Trust |
First boot stage developped by OEM, located in user flash and used instead of STiROT
|
| OEMuRoT |
Original Equipment Manufacturer updatable Root of Trust |
Second boot stage developped by OEM
|
| PKA |
Public Key Algorithm |
Also named asymmetric algorithm.
|
| PRoT |
PSA Root of Trust |
-
|
| PSA |
Platform Security Architecture |
-
|
| PSA level |
Arm® Security standard certification |
Level one to three, PSA level three (physical attack robustness).
|
| RDP |
Readout Protection |
Level zero (no protection), level one (enabled), level two (read protection and debugger deactivated).
|
| RHUK |
Root Hardware Unique Key |
256 bits, immutable, nonvolatile used to create DHUK, never used as it is.
|
| RoT |
Root of Trust |
-
|
| RSS |
Root Security System |
Embedded in System Memory
|
| RSSFS |
Root Security System First Stage |
Embedded in System Memory
|
| SAES |
Secure Advanced Encryption System |
Side channel attack resistant.
|
| SB |
Secure Boot |
-
|
| SBS |
System configuration, Boot and Security |
-
|
| SBSFU |
Secure Boot Secure Firmware Update |
-
|
| SESIP |
Security Evaluation Standard for IOT Platform |
Level one to five, SESIP3 > PSA level two, SESIP4/5 for secure element/smart card.
|
| SFI |
Secure Firmware Install |
For L462 delivered in RDP1, the 42k secure bootloader is erased at the end of SFI.
|
| SM |
Secure Manager |
ST updatable Secure Framework
|
| SMAK |
Secure Manager Access Kit |
-
|
| SMDK |
Secure Module Development Kit |
-
|
| SMI |
Secure Module Install |
-
|
| SMU |
Secure Module Update |
-
|
| SPE |
Secure Processing Environment |
-
|
| SSFI |
Secure ST Firmware Install |
-
|
| STiRoT |
ST immutable Root of Trust Software |
Located in system flash immutable, first boot stage
|
| STuRoT |
ST updatable Root of Trust |
-
|
| TF-M |
Trusted Firmware |
Trusted Firmware for cortex M, Open source software Arm® framework.
|
| TLV |
Type Length Value |
Containing image metadata placed at the end of the image.
|
| TPC |
Trusted Package Creator |
ST provided tool.
|
| TZ |
TrustZone® |
-
|
| UBE |
Unique Boot Entry |
Option byte for boot path selection.
|
| URoT |
Updatable Root of Trust |
Software located in user flash, second boot stage, see STuRoT and OEMuRoT
|
| WM |
Watermark |
-
|
| WRP |
Write Protection |
-
|
| XIP |
eXecute In Place |
-
|
| XO |
eXecute Only |
-
|