STM32MP15 Tamper configuration

Revision as of 10:42, 4 November 2020 by Registered User (→‎Internal tampers)
This message will disappear after all relevant tasks have been resolved.
Semantic MediaWiki
There are 1 incomplete or pending task to finish installation of Semantic MediaWiki. An administrator or user with sufficient rights can complete it. This should be done before adding new data to avoid inconsistencies.

1. Overview[edit source]

The STM32 MPU embeds tamper detection management. Tamper management and configuration have been added into the secure OS to configure and detect events.

STM32MP15 offers 5 internals and 3 externals tampers.

Internal tampers are:

  • RTC voltage domain monitoring
  • LSE monitoring
  • HSE monitoring
  • RTC calendar overflow (rtc_calovf)
  • Monotonic counter overflow

External tampers can be configured to be passive or active.

On a tamper event detection, the backup registers are cleared with SRAM.


2. Software configuration[edit source]

Warning white.png Warning
The tamper driver only exists in the Trusted Firmware-A.

Internal tampers and external tampers have to be configured into:

This second part is statically defined and must be customized depending on the application needs. The file contains two static tables, one for internal tampers, another for external ones.

2.1. Internal tampers[edit source]

Here is the structure that registers internal tamper. 

struct stm32_tamp_int {
	int id;
	void (*func)(int id);
};

Internal tamper structure contains:

  • an ID (linked to the existing SoC internal tamper)
  • a function that will be called on the detected tamper event. This function can be customized, default one just prints the tamper ID and resets the SoC.

A static list of tampers is automatically registered during the main security loop. 

static struct stm32_tamp_int int_tamp[PLAT_MAX_TAMP_INT] = {
	{
		.id = ITAMP1,
		.func = stm32mp1_tamper_action,
	},
...
}

By default, only internal tampers 1, 2, 3 and 4 are enabled.

2.2. External tampers[edit source]

Here is the structure that register external tampers. 

struct stm32_tamp_ext {
	int id;
	uint8_t mode;
	uint8_t erase;
	uint8_t evt_mask;
	void (*func)(int id);
};

External tamper structure contains:

  • an ID (linked to the SoC external tamper)
  • a mode (Could be passive or active tamper)
  • a erase mode (Erase or no erase)
  • an event mask (Default mask)
  • a function pointer (Function that will be called when tamper is detected)

Here is a configuration example for two external tampers enabled 

static struct stm32_tamp_ext ext_tamp[PLAT_MAX_TAMP_EXT] = {
{
		.id = EXT_TAMP1,                      // External tamper 1
		.mode = TAMP_TRIG_ON,                 // Tamper trigger event
		.erase = TAMP_NOERASE,                // Not erasing the backup registers
		.evt_mask = TAMP_NO_EVT_MASK,         // Mask is not set
		.func = NULL,                         // No function
},
{
		.id = EXT_TAMP2,                      // External tamper 2
		.mode = TAMP_ACTIVE,                  // Active tamper selected
		.erase = TAMP_NOERASE,                // Not erasing the backup registers and backup sram
		.evt_mask = TAMP_NO_EVT_MASK,         // Mask is not set
		.func = NULL,                         // No function
},
	TAMP_UNUSED,
}

Microprocessor Unit

Operating System

Real Time Clock

Low Speed External oscillator (STM32 clock source)

High Speed External oscillator (STM32 clock source)

Tamper

Retrieved from "https://wiki.st.com/stm32mpu-ecosystem-v2/index.php?title=STM32MP15_Tamper_configuration&oldid=74604"