Hardware Vulnerability Analysis - EN18031

brackeler · ‎2025-02-10

Hi,

I'm tasked with creating the documentation for assesing the compliance of our product in regard to EN18031.

The standard requires us to have checked if the relevant hardware has any publicly known security vulnerabilities. But when I asked our hardware guys about it, they just looked at me funny.

Is there a document where ST would advise about publicly know side-channel attack vectors or things like that?

The chip in question is a STM32L475.

Thanks a lot :)

Philipp

###### · ‎2025-02-10

Does this help?

https://www.st.com/resource/en/technical_note/tn1489-security-bulletin-tn1489stpsirt-physical-attacks-on-stm32-and-stm32cube-firmware-stmicroelectronics.pdf

Also look at STM32 "SESIP" and/or "PSA" ratings for your device and code.

Also check the "CVE" database for Critical Vulnerabilities and Exploits.

Billy OWEN · ‎2025-02-10

Hi @brackeler

This post has been escalated to the ST Online Support Team for additional assistance. We'll contact you directly.

Regards,

Billy