sundp
/
STM32CubeWL
mirror of https://github.com/STMicroelectronics/STM32CubeWL.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
STM32CubeWL/Middlewares/ST/STM32_Key_Management_Services/Release_Notes.html

265 lines
8.7 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta charset="utf-8" />
<meta name="generator" content="pandoc" />
<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" />
<title>Release Notes for STM32 Key Management Services</title>
<style>
code{white-space: pre-wrap;}
span.smallcaps{font-variant: small-caps;}
span.underline{text-decoration: underline;}
div.column{display: inline-block; vertical-align: top; width: 50%;}
div.hanging-indent{margin-left: 1.5em; text-indent: -1.5em;}
ul.task-list{list-style: none;}
</style>
<link rel="stylesheet" href="_htmresc/mini-st.css" />
<!--[if lt IE 9]>
<script src="//cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv-printshiv.min.js"></script>
<![endif]-->
</head>
<body>
<div class="row">
<div class="col-sm-12 col-lg-4">
<div class="card fluid">
<div class="sectione dark">
<center>
<h1 id="release-notes-for-stm32-key-management-services"><small>Release Notes for</small> STM32 Key Management Services</h1>
<p>Copyright © 2019 STMicroelectronics<br />
</p>
<a href="https://www.st.com" class="logo"><img src="_htmresc/st_logo.png" alt="ST logo" /></a>
</center>
</div>
</div>
<h1 id="license">License</h1>
<p>This software component is licensed by ST under Ultimate Liberty license SLA0044, the “License”;</p>
<p>You may not use this file except in compliance with the License.</p>
<p>You may obtain a copy of the License at: <a href="http://www.st.com/SLA0044">SLA0044</a></p>
<h1 id="purpose">Purpose</h1>
<p>Key Management Services (KMS) provides cryptographic services through <a href="http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-errata01-os-complete.html%3E">the standard PKCS#11 APIs (developed by OASIS)</a> allowing to abstract the key value to the caller (using object ID and not directly the key value). KMS can be executed inside a protected/isolated environment in order to ensure that key value cant be accessed by an unauthorized code running outside the protected/isolated environment.</p>
<p><br />
The figure below shows the overall KMS architecture.</p>
<figure>
<img src="_htmresc/KMS.png" alt="" /><figcaption>KMS overview</figcaption>
</figure>
<p>KMS manages 3 types of keys:<br />
</p>
<ul>
<li>Static embedded keys :<br />
<ul>
<li>Predefined keys embedded within the code that cant be modified<br />
</li>
<li>Unmutable keys<br />
</li>
</ul></li>
<li>Updatable keys with static ID :<br />
<ul>
<li>Keys IDs are predefined in the system<br />
</li>
<li>Key(s) can be injected or updated in a NVM storage via a secure procedure using Static Embedded Keys(authenticity check, data integrity check and data decryption)<br />
</li>
<li>Key cant be deleted<br />
</li>
<li>Provisionnable keys<br />
</li>
</ul></li>
<li>Updatable keys with dynamic ID :<br />
<ul>
<li>Keys IDs are defined when keys are created using KMS services<br />
</li>
<li>Key value can be updated using KMS services<br />
</li>
<li>Key can be deleted<br />
</li>
<li>Runtime keys<br />
</li>
</ul></li>
</ul>
<p>KMS supports this subset of PKCS#11 APIs:<br />
</p>
<ul>
<li>Object management functions: creation / update / deletion / search<br />
</li>
<li>AES Encrypt &amp; Decrypt functions<br />
</li>
<li>SHA Digest functions<br />
</li>
<li>RSA Sign / Verify functions<br />
</li>
<li>ECDSA Verify functions<br />
</li>
<li>ECC key pair generation<br />
</li>
<li>ECDH key derivation<br />
</li>
</ul>
<p><br />
For more details, refer to <a href="https://www.st.com/st-web-ui/static/active/en/resource/technical/document/user_manual/DM00414687.pdf">UM2262</a> : Getting started with X-CUBE-SBSFU expansion package, Chapter 4.</p>
</div>
<section id="update-history" class="col-sm-12 col-lg-8">
<h1>Update History</h1>
<div class="collapse">
<input type="checkbox" id="collapse-section7" checked aria-hidden="true"> <label for="collapse-section7" aria-hidden="true"><strong>v1.1.5 / 4-September-2020</strong></label>
<div>
<h2 id="main-changes">Main Changes</h2>
<ul>
<li>Minor fix for build issues</li>
</ul>
<h2 id="known-limitations">Known Limitations</h2>
<ul>
<li>None</li>
</ul>
<h2 id="backward-compatibility">Backward Compatibility</h2>
<ul>
<li>Fully compatible with previous version</li>
</ul>
</div>
</div>
<div class="collapse">
<input type="checkbox" id="collapse-section6" aria-hidden="true"> <label for="collapse-section6" aria-hidden="true"><strong>v1.1.4 / 24-July-2020</strong></label>
<div>
<h2 id="main-changes-1">Main Changes</h2>
<ul>
<li>CHM documentation updated<br />
</li>
</ul>
<h2 id="known-limitations-1">Known Limitations</h2>
<ul>
<li>None</li>
</ul>
<h2 id="backward-compatibility-1">Backward Compatibility</h2>
<ul>
<li>Fully compatible with previous version</li>
</ul>
</div>
</div>
<div class="collapse">
<input type="checkbox" id="collapse-section5" aria-hidden="true"> <label for="collapse-section5" aria-hidden="true"><strong>v1.1.3 / 2-July-2020</strong></label>
<div>
<h2 id="main-changes-2">Main Changes</h2>
<ul>
<li>Warnings issues fixes<br />
</li>
</ul>
<h2 id="known-limitations-2">Known Limitations</h2>
<ul>
<li>None</li>
</ul>
<h2 id="backward-compatibility-2">Backward Compatibility</h2>
<ul>
<li>Fully compatible with previous version</li>
</ul>
</div>
</div>
<div class="collapse">
<input type="checkbox" id="collapse-section4" aria-hidden="true"> <label for="collapse-section4" aria-hidden="true"><strong>v1.1.2 / 1-July-2020</strong></label>
<div>
<h2 id="main-changes-3">Main Changes</h2>
<ul>
<li><p>Configuration switch placement review<br />
</p></li>
<li><p>Warnings and spelling issues fixes<br />
</p></li>
</ul>
<h2 id="known-limitations-3">Known Limitations</h2>
<ul>
<li>None</li>
</ul>
<h2 id="backward-compatibility-3">Backward Compatibility</h2>
<ul>
<li>Fully compatible with previous version</li>
</ul>
</div>
</div>
<div class="collapse">
<input type="checkbox" id="collapse-section3" aria-hidden="true"> <label for="collapse-section3" aria-hidden="true"><strong>v1.1.1 / 12-June-2020</strong></label>
<div>
<h2 id="main-changes-4">Main Changes</h2>
<ul>
<li><p>C_STM_ImportBlob update to specify blob download area<br />
</p></li>
<li><p>Allow multiple C_Initialize and C_Finalize imbricated calls<br />
</p></li>
</ul>
<h2 id="known-limitations-4">Known Limitations</h2>
<ul>
<li>None</li>
</ul>
<h2 id="backward-compatibility-4">Backward Compatibility</h2>
<ul>
<li>Break of compatibility with V1.1.0 (New parameter C_STM_ImportBlob)</li>
</ul>
</div>
</div>
<div class="collapse">
<input type="checkbox" id="collapse-section2" aria-hidden="true"> <label for="collapse-section2" aria-hidden="true"><strong>v1.1.0 / 11-May-2020</strong></label>
<div>
<h2 id="main-changes-5">Main Changes</h2>
<ul>
<li><p>New features and improvements introduced in this release are :</p>
<ul>
<li><p>Object search<br />
</p></li>
<li><p>ECC key pair generation<br />
</p></li>
<li><p>ECDH key derivation<br />
</p></li>
<li><p>Memory management improved (introduction of different allocators)<br />
</p></li>
<li><p>Lock keys and services vendor APIs<br />
</p></li>
<li><p>iKMS/niKMS folders replaces tKMS one<br />
</p>
<ul>
<li>Use iKMS when caller is isolated from KMS by a secure enclave<br />
</li>
<li>Use niKMS when caller is not isolated from KMS by a secure enclave<br />
</li>
</ul></li>
<li><p>MPU isolation support in iKMS<br />
</p></li>
<li><p>kms_config.h redesign (better scalability and config build time check)<br />
</p></li>
</ul></li>
<li><p>Bug fixes</p>
<ul>
<li>AES CMAC moved to Sign/Verify services<br />
</li>
<li>Secure enforcement when using KMS in a secure enclave<br />
</li>
<li>PKCS#11 compliance (returned value, parameters handling…)<br />
</li>
</ul></li>
</ul>
<h2 id="known-limitations-5">Known Limitations</h2>
<ul>
<li>None</li>
</ul>
<h2 id="backward-compatibility-5">Backward Compatibility</h2>
<ul>
<li>Break of compatibility with V1.0.0</li>
</ul>
</div>
</div>
<div class="collapse">
<input type="checkbox" id="collapse-section1" aria-hidden="true"> <label for="collapse-section1" aria-hidden="true"><strong>v1.0.0 / 13-July-2019</strong></label>
<div>
<h2 id="main-changes-6">Main Changes</h2>
<h3 id="first-official-release">First official release</h3>
<p>Official delivery of Key Management Services for STM32 series, compliant with PKCS#11 APIs from OASIS.</p>
<h2 id="known-limitations-6">Known Limitations</h2>
<p>None</p>
</div>
</div>
</section>
</div>
<footer class="sticky">
<p>For complete documentation on STM32 Microcontrollers, visit: [<a href="http://www.st.com/STM32">www.st.com/stm32</a>]</p>
<em>This release note uses up to date web standards and, for this reason, should not be opened with Internet Explorer but preferably with popular browsers such as Google Chrome, Mozilla Firefox, Opera or Microsoft Edge.</em>
</footer>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink