STM32MP13 backup registers

1 Article purpose[edit source]

This article explains how the TAMP backup registers are used by STM32MPU Embedded Software on STM32MP13.

2 Overview[edit source]

The STM32MP13 embeds 32 backup registers of 32 bits. A programmable border allows these backup registers to be split into a secure and a non-secure group^a.

3 Backup register usage[edit source]

This paragraph explains the default usage of backup registers by the ROM code and STM32MPU Embedded Software distribution. The subsequent chapter then shows the backup register mapping used to fulfill those needs.

Warning

It is important to notice that the backup registers can be erased when a tamper detection occurs in TAMP internal peripheral

Information

Backup register(s) might be used for another purpose by the application when the feature(s) listed below is/are not used by the said application

3.1 Boot counter feature[edit source]

The BOOT_COUNTER is used by U-Boot to detect boot failures between its execution and before the complete Linux application initialization :

• It is incremented by U-Boot
• It is reset by the application

Hence if U-Boot reads a non-null value after a reset, this means that something went wrong at boot time. This information can be used to initiate entry into a fail safe mode.

Warning

This feature is disabled by default, since TF-A BL2 firmware update feature takes care of a boot counter management

3.2 Boot mode selection feature[edit source]

The BOOT_MODE register is used to propagate boot mode information from one component to the next boot stage, on cold boot or after a reset:

• The ROM code executes a serial boot if BOOT_MODE[7:0] is equal to 0xFF, as stated in the ROM code boot device selection strategy. In this case, the backup register is reset by the ROM code before proceeding with the serial boot mode. Other values are ignored by the ROM code.
• TF-A gets the selected boot device from the ROM code context in SYSRAM and writes it into BOOT_MODE[15:8] for U-Boot^[1].
• U-Boot uses the BOOT_MODE register to get TF-A and Linux kernel (as explained in the next bullet) information^[2] in order to select the desired boot mode (among "NORMAL", "STM32PROG", ...^[1]) and build the appropriate "chosen" node in the device tree. This device tree is given to the Linux kernel for its start up, as explained in the "Runtime configuration" paragraph in Documentation/devicetree/usage-model.rst .
• The Linux kernel can force a reboot mode by writing to the BOOT_MODE register. This writing is done via the "reboot" Linux command, that is configured via the compatible "syscon-reboot-mode" in the device tree ^[2].

3.3 Firmware update info feature[edit source]

The FWU_INFO is used by TF-A BL2 to detect boot failures between its execution and before the complete Linux application initialization during a Secure Firmware Update.

3.4 SAES secret key feature[edit source]

The SAES secret key registers can be used to own a 256 bits key that is carried to SAES internal peripheral via a buried hardware bus. This solution allows to protect the key with the tamper mechanism: these registers together with SAES memory and registers are erased as soon as a tamper event occurs.
Notice that, when this feature is used, the concerned backup registers should be set as 'secure'.
Look for 'boot hardware key' in the STM32MP13 Reference Manuals for more information about this feature.

4 Memory mapping[edit source]

The table below shows the backup register mapping used by STM32MPU Embedded Software.
The TAMP backup register base address is 0x5C00A100, corresponding to TAMP_BKP0R.

a: the security borders are configured by OP-TEE in core/arch/arm/plat-stm32mp1/main.c , so the source code has to be modified if a different border is needed. Look for "zone" keyword in the file.

5 References[edit source]