Last edited 2 months ago

STM32MP13 backup registers

Applicable for STM32MP13x lines

This article shows which backup registers are used for system aspects in STM32 MPU Embedded Software distribution and so, which ones remain free for the application needs.

1. Article purpose[edit source]

This article explains how the TAMP backup registers are used by STM32MPU Embedded Software on STM32MP13.

2. Overview[edit source]

The STM32MP13 embeds 32 backup registers of 32 bits. A programmable border allows these backup registers to be split into a secure and a non-secure groupa.

3. Backup register usage[edit source]

This paragraph explains the default usage of backup registers by the ROM code and STM32MPU Embedded Software distribution. The subsequent chapter then shows the backup register mapping used to fulfill those needs.

Warning white.png Warning
It is important to notice that the backup registers can be erased when a tamper detection occurs in TAMP internal peripheral
Info white.png Information
Backup register(s) might be used for another purpose by the application when the feature(s) listed below is/are not used by the said application

3.1. Boot counter feature[edit source]

The BOOT_COUNTER is used by U-Boot to detect boot failures between its execution and before the complete Linux application initialization :

  • It is incremented by U-Boot
  • It is reset by the application

Hence if U-Boot reads a non-null value after a reset, this means that something went wrong at boot time. This information can be used to initiate entry into a fail safe mode.

Warning white.png Warning
This feature is disabled by default, since TF-A BL2 firmware update feature takes care of a boot counter management

3.2. Boot mode selection feature[edit source]

The BOOT_MODE register is used to propagate boot mode information from one component to the next boot stage, on cold boot or after a reset:

  • The ROM code executes a serial boot if BOOT_MODE[7:0] is equal to 0xFF, as stated in the ROM code boot device selection strategy. In this case, the backup register is reset by the ROM code before proceeding with the serial boot mode. Other values are ignored by the ROM code.
  • TF-A gets the selected boot device from the ROM code context in SYSRAM and writes it into BOOT_MODE[15:8] for U-Boot[1]. The boot interface type is written into BOOT_MODE[15:12], and the instance used is written into BOOT_MODE[11:8]. TF-A also writes other information in this register. The partition that was used to boot is written into BOOT_MODE[19:16], and the BL2 authentification status from ROM code into BOOT_MODE[23:20].
  • U-Boot uses the BOOT_MODE register to get TF-A and Linux kernel (as explained in the next bullet) information[2] in order to select the desired boot mode (among "NORMAL", "STM32PROG", ...[1]) and build the appropriate "chosen" node in the device tree. This device tree is given to the Linux kernel for its start up, as explained in the "Runtime configuration" paragraph in Documentation/devicetree/usage-model.rst .
  • The Linux kernel can force a reboot mode by writing to the BOOT_MODE register. This writing is done via the "reboot" Linux command, that is configured via the compatible "syscon-reboot-mode" in the device tree [2].

3.3. Firmware update info feature[edit source]

The FWU_INFO is used by TF-A BL2 to detect boot failures between its execution and before the complete Linux application initialization during a Secure Firmware Update.

3.4. SAES secret key feature[edit source]

The SAES secret key registers can be used to own a 256 bits key that is carried to SAES internal peripheral via a buried hardware bus. This solution allows to protect the key with the tamper mechanism: these registers together with SAES memory and registers are erased as soon as a tamper event occurs.
Notice that, when this feature is used, the concerned backup registers should be set as 'secure'.
Look for 'boot hardware key' in the STM32MP13 Reference Manuals for more information about this feature.

4. Memory mapping[edit source]

The table below shows the backup register mapping used by STM32MPU Embedded Software.
The TAMP backup register base address is 0x5C00A100, corresponding to TAMP_BKP0R.

TAMP register Securitya ROM / software register name Comment
TAMP_BKP31R Non-secure BOOT_COUNTER See Boot counter feature
TAMP_BKP30R Non-secure BOOT_MODE See Boot mode selection feature
TAMP_BKP29R Non-secure (Free)
TAMP_BKP28R Non-secure (Free)
TAMP_BKP27R Non-secure (Free)
TAMP_BKP26R Non-secure (Free)
TAMP_BKP25R Non-secure (Free)
TAMP_BKP24R Non-secure (Free)
TAMP_BKP23R Non-secure (Free)
TAMP_BKP22R Non-secure (Free)
TAMP_BKP21R Non-secure (Free)
TAMP_BKP20R Non-secure (Free)
TAMP_BKP19R Non-secure (Free)
TAMP_BKP18R Non-secure (Free)
TAMP_BKP17R Non-secure (Free)
TAMP_BKP16R Non-secure (Free)
TAMP_BKP15R Non-secure (Free)
TAMP_BKP14R Secure Write/ Non-secure Read (Free)
TAMP_BKP13R Secure Write/ Non-secure Read (Free)
TAMP_BKP12R Secure Write/ Non-secure Read (Free)
TAMP_BKP11R Secure Write/ Non-secure Read (Free)
TAMP_BKP10R Secure Write/ Non-secure Read FWU_INFO See Firmware update info feature
TAMP_BKP9R Secure (Free)
TAMP_BKP8R Secure (Free)
TAMP_BKP7R Secure SAES secret key See SAES secret key feature

a: the security borders are configured by OP-TEE in core/arch/arm/plat-stm32mp1/main.c , so the source code has to be modified if a different border is needed. Look for "zone" keyword in the file.

5. References[edit source]