Last edited 11 months ago

STM32MP15 Tamper configuration

This message will disappear after all relevant tasks have been resolved.
Semantic MediaWiki
There are 1 incomplete or pending task to finish installation of Semantic MediaWiki. An administrator or user with sufficient rights can complete it. This should be done before adding new data to avoid inconsistencies.
Applicable for STM32MP15x lines

1. Overview[edit source]

The STM32 MPUs embed tamper detection management. Tamper management and configuration have been added to the secure OS to select and detect events.

STM32MP15 microprocessors offer 6 internal tampers and 3 external tampers.

The internal tampers are the following:

  • Backup domain voltage threshold monitoring
  • Temperature monitoring
  • LSE monitoring
  • HSE monitoring
  • RTC calendar overflow
  • Monotonic counter overflow

External tampers can be configured to be passive or active.

On a tamper event detection, the backup registers are cleared and the Backup SRAM is read-protected and cannot be accessed until the next reset.

The Automatic erase mode can be configured for external tampers. It is enabled by default but can be turned off if the user application needs to control erase operations.

2. Software configuration[edit source]

The tamper driver only exists in the OP-TEE. Internal and external tampers have to be configured in:


The device tree enable the TAMP ip and configure the external tamper (active, passive, level, etc...) The main.c activate the wanted TAMPER_ID, in ERASE or NOERASE mode, and define the callback to call in case of event. An external TAMPER can be activate only if the corresponding TAMPER_ID is enable in device tree.

Example : 

static uint32_t int_tamp1_callback(int id) {
	MSG("Backup domain voltage threshold monitoring tamper event occurs");
	
	/* ... */
	/* specific application event management */
	/* ... */
	
	return TAMP_CB_ACK_AND_RESET; 
}

stm32_tamp_activate(INT_TAMP1, TAMP_ERASE, tamp1_callback);

Value return by the callback define if the driver will ack the event, and reset the board. If the event is configured as NOERASE, the callback may check if true positive, and if yes, erase manually secret (with stm32_tamp_erase_secret()) and return TAMP_CB_ACK_AND_RESET, if false positive, juste return TAMP_CB_ACK (this will unlock secret IPs).

The main.c configure also the permission access of the TAMP register (privileged mode, secure mode), and if Backup SRAM is include in the secret IPs list.


2.1. Internal tampers[edit source]

By default, only internal tampers 1, 2, 3, 4 are enabled, configured as ERASE, and the callback will reset the board.

Warning white.png Warning
Tampers are enabled but the monitoring in PWR is not set. PWR->CR2.MONEN is not configurable via device-tree. User must set start the monitoring using PWR->CR2.MONEN, for example, in main.c stm32_configure_tamp() function.

2.2. External tampers[edit source]

No external tamper are configured on STM32MP15 Discovery Board.


Operating system

Low speed external oscillator (STM32 clock source)

High speed external oscillator (STM32 clock source)

Real time clock

Open portable trusted execution environment

Tamper

Operating system

Low speed external oscillator (STM32 clock source)

High speed external oscillator (STM32 clock source)

Real time clock

Open portable trusted execution environment

Tamper

Retrieved from "https://wiki.st.com/stm32mpu-ecosystem-v4/index.php?title=STM32MP15_Tamper_configuration&oldid=92000"