CalvinBackup/STM32-SupplyChain-Advisory
1
0
Fork 0
mirror of https://github.com/JGoyd/STM32-SupplyChain-Advisory.git synced 2026-02-12 17:22:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update README with additional context on firmware risks

Browse Source 
Clarify the implications of firmware variants with security omissions.
This commit is contained in:
Joseph Goydish II
2025-12-22 16:40:38 -05:00
committed by GitHub
parent 5e8bd177cf
commit 7995e0f303
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@@ -27,6 +27,10 @@ Review your asset inventory for STM32-based embedded modules with the following
```
0ea3266ebf7833990d48387fdce60da6c5d43832316563267a3db634b751e773
```
- **Additional Hash Digest (SHA256):**
```
6292be980f542e0d1e9b48396274a5392caa501a9504f33ae35570c027e7e4ff
```
- **Build Timestamp:**
October 10, 2022
@@ -35,7 +39,7 @@ Review your asset inventory for STM32-based embedded modules with the following
- **Missing Security Features:**
No Memory Protection Unit (MPU), privilege separation, flash readout protection, input validation, or atomic memory operations
This firmware has been observed in supply chain modules and devices from various integrators and original design manufacturers (ODMs/OEMs).
This firmware has been observed in supply chain modules and devices from various integrators and original design manufacturers (ODMs/OEMs). Multiple firmware variants exhibiting the same security omissions and build details have been found in field deployments—matching either hash indicates risk.
---