This article shows which backup registers are used for system aspects in STM32 MPU Embedded Software distribution and so, which ones remain free for the application needs.
1. Article purpose[edit | edit source]
This article explains how the TAMP backup registers are used by STM32MPU Embedded Software on STM32MP13.
2. Overview[edit | edit source]
The STM32MP13 embeds 32 backup registers of 32 bits. A programmable border allows these backup registers to be split into a secure and a non-secure groupa.
3. Backup register usage[edit | edit source]
This paragraph explains the default usage of backup registers by the ROM code and STM32MPU Embedded Software distribution. The subsequent chapter then shows the backup register mapping used to fulfill those needs.
Information |
Backup register(s) might be used for another purpose by the application when the feature(s) listed below is/are not used by the said application |
3.1. Boot counter feature[edit | edit source]
The BOOT_COUNTER is used by U-Boot to detect boot failures between its execution and before the complete Linux application initialization :
- It is incremented by U-Boot
- It is reset by the application
Hence if U-Boot reads a non-null value after a reset, this means that something went wrong at boot time. This information can be used to initiate entry into a fail safe mode.
3.2. Boot mode selection feature[edit | edit source]
The BOOT_MODE register is used to propagate boot mode information from one component to the next boot stage, on cold boot or after a reset:
- The ROM code executes a serial boot if BOOT_MODE[7:0] is equal to 0xFF, as stated in the ROM code boot device selection strategy. In this case, the backup register is reset by the ROM code before proceeding with the serial boot mode. Other values are ignored by the ROM code.
- TF-A gets the selected boot device from the ROM code context in SYSRAM and writes it into BOOT_MODE[15:8] for U-Boot[1]. The boot interface type is written into BOOT_MODE[15:12], and the instance used is written into BOOT_MODE[11:8]. TF-A also writes other information in this register. The partition that was used to boot is written into BOOT_MODE[19:16], and the BL2 authentification status from ROM code into BOOT_MODE[23:20].
- U-Boot uses the BOOT_MODE register to get TF-A and Linux kernel (as explained in the next bullet) information[2] in order to select the desired boot mode (among "NORMAL", "STM32PROG", ...[1]) and build the appropriate "chosen" node in the device tree. This device tree is given to the Linux kernel for its start up, as explained in the "Runtime configuration" paragraph in Documentation/devicetree/usage-model.rst .
- The Linux kernel can force a reboot mode by writing to the BOOT_MODE register. This writing is done via the "reboot" Linux command, that is configured via the compatible "syscon-reboot-mode" in the device tree [2].
3.3. Firmware update info feature[edit | edit source]
The FWU_INFO is used by TF-A BL2 to detect boot failures between its execution and before the complete Linux application initialization during a Secure Firmware Update.
3.4. SAES secret key feature[edit | edit source]
The SAES secret key registers can be used to own a 256 bits key that is carried to SAES internal peripheral via a buried hardware bus. This solution allows to protect the key with the tamper mechanism: these registers together with SAES memory and registers are erased as soon as a tamper event occurs.
Notice that, when this feature is used, the concerned backup registers should be set as 'secure'.
Look for 'boot hardware key' in the STM32MP13 Reference Manuals for more information about this feature.
4. Memory mapping[edit | edit source]
The table below shows the backup register mapping used by STM32MPU Embedded Software.
The TAMP backup register base address is 0x5C00A100, corresponding to TAMP_BKP0R.
TAMP register | Securitya | ROM / software register name | Comment |
---|---|---|---|
TAMP_BKP31R | Non-secure | BOOT_COUNTER | See Boot counter feature |
TAMP_BKP30R | Non-secure | BOOT_MODE | See Boot mode selection feature |
TAMP_BKP29R | Non-secure | (Free) | |
TAMP_BKP28R | Non-secure | (Free) | |
TAMP_BKP27R | Non-secure | (Free) | |
TAMP_BKP26R | Non-secure | (Free) | |
TAMP_BKP25R | Non-secure | (Free) | |
TAMP_BKP24R | Non-secure | (Free) | |
TAMP_BKP23R | Non-secure | (Free) | |
TAMP_BKP22R | Non-secure | (Free) | |
TAMP_BKP21R | Non-secure | (Free) | |
TAMP_BKP20R | Non-secure | (Free) | |
TAMP_BKP19R | Non-secure | (Free) | |
TAMP_BKP18R | Non-secure | (Free) | |
TAMP_BKP17R | Non-secure | (Free) | |
TAMP_BKP16R | Non-secure | (Free) | |
TAMP_BKP15R | Non-secure | (Free) | |
TAMP_BKP14R | Secure Write/ Non-secure Read | (Free) | |
TAMP_BKP13R | Secure Write/ Non-secure Read | (Free) | |
TAMP_BKP12R | Secure Write/ Non-secure Read | (Free) | |
TAMP_BKP11R | Secure Write/ Non-secure Read | (Free) | |
TAMP_BKP10R | Secure Write/ Non-secure Read | FWU_INFO | See Firmware update info feature |
TAMP_BKP9R | Secure | (Free) | |
TAMP_BKP8R | Secure | (Free) | |
TAMP_BKP7R | Secure | SAES secret key | See SAES secret key feature |
TAMP_BKP6R | Secure | ||
TAMP_BKP5R | Secure | ||
TAMP_BKP4R | Secure | ||
TAMP_BKP3R | Secure | ||
TAMP_BKP2R | Secure | ||
TAMP_BKP1R | Secure | ||
TAMP_BKP0R | Secure |
a: the security borders are configured by the Secure OS (look for st,backup-zones in TAMP configuration), so the OP-TEE device tree has to be modified if a different border is needed.
5. References[edit | edit source]