STM32MP15 Tamper configuration

Revision as of 11:54, 5 April 2022 by Nicolas Toromanoff (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

1 Overview[edit]

The STM32 MPUs embed tamper detection management. Tamper management and configuration have been added to the secure OS to select and detect events.

STM32MP15 microprocessors offer 5 internal tampers and 3 external tampers.

The internal tampers are the following:

  • RTC voltage domain monitoring
  • LSE monitoring
  • HSE monitoring
  • RTC calendar overflow
  • Monotonic counter overflow

External tampers can be configured to be passive or active.

On a tamper event detection, the backup registers are cleared and the Backup SRAM is read-protected and cannot be accessed until the next reset.

The Automatic erase mode can be configured for external tampers. It is enabled by default but can be turned off if the user application needs to control erase operations.

2 Software configuration[edit]

The tamper driver only exists in the OP-TEE. Internal and external tampers have to be configured in:


The device tree enable the TAMP ip and configure the external tamper (active, passive, level, etc...) The main.c activate the wanted TAMPER_ID, in ERASE or NOERASE mode, and define the callback to call in case of event. An external TAMPER can be activate only if the corresponding TAMPER_ID is enable in device tree.

Example :

static uint32_t int_tamp1_callback(int id) {
	MSG("Backup domain voltage threshold monitoring tamper event occurs");
	
	/* ... */
	/* specific application event management */
	/* ... */
	
	return TAMP_CB_ACK_AND_RESET; 
}

stm32_tamp_activate(INT_TAMP1, TAMP_ERASE, tamp1_callback);

Value return by the callback define if the driver will ack the event, and reset the board. If the event is configured as NOERASE, the callback may check if true positive, and if yes, erase manually secret (with stm32_tamp_erase_secret()) and return TAMP_CB_ACK_AND_RESET, if false positive, juste return TAMP_CB_ACK (this will unlock secret IPs).

The main.c configure also the permission access of the TAMP register (privileged mode, secure mode), and if Backup SRAM is include in the secret IPs list.


2.1 Internal tampers[edit]

By default, only internal tampers 1, 2, 3 , 4 are enabled, configure as ERASE, and the callback will reset the board.

2.2 External tampers[edit]

No external tamper are configured on STM32MP15 Discovery Board.