1. Overview[edit source]
The STM32 MPUs embed a tamper detection management system. The tamper management and configuration functions have been added to the secure OS to select and detect events.
The STM32MP13 microprocessors offer 13 internal tampers and 8 external tampers.
The internal tampers are the following:
- Backup domain voltage threshold monitoring
- Temperature monitoring
- LSE monitoring
- HSE monitoring
- RTC calendar overflow
- JTAG/SWD access
- ADC2 analog watchdog monitoring 1
- Monotonic counter 1 overflow
- Cryptograpic IPs fault (SAES or CRYP or PKA or TRNG)
- Monotonic counter 2 overflow
- IWDG reset when tamper flag is set
- ADC2 analog watchdog monitoring 2
- ADC2 analog watchdog monitoring 3
The external tampers can be configured as passive (they detect a level or an hedge on one pin) or as active (2 pins have to be linked together, and the tamp hardware regularly sends a random level on the OUT pin, then reads IN pins and raises the tamper flag if the values mismatch).
On a tamper event detection, the backup registers are cleared and the secrets in SRAM3, SAES, CRYP, HASH peripherals and PKA SRAM are erased.
The Automatic erase mode can be configured for any tampers (internal and external). It is enabled by default but can be turned off (NOERASE) if the user application needs to control erase operations, if disabled the backup registers, SRAM3, and RHUK (root hardware unique key) in BSEC are locked (no read nor write are possible until event acknowledged), and SAES, CRYP, HASH peripherals and PKA SRAM are always erased.
The backup SRAM can be added to the list of secret IPs, and has a similar behavior as the SRAM3 (erased or locked).
2. Software configuration[edit source]
The tamper driver only exists in the OP-TEE Internal, and external tampers have to be configured in:
- TAMP device tree configuration
- Secure OS main security configuration file .
The device tree enables the TAMP IP and configures the external tamper (active, passive, level, and so on). The main.c activates the desired TAMPER_ID, in ERASE or NOERASE mode, and defines which is the callback in case of an event. An external TAMPER can be activated only if the corresponding TAMPER_ID is enabled in the device tree.
Example :
static uint32_t int_tamp1_callback(int id) { MSG("Backup domain voltage threshold monitoring tamper event occurs"); /* ... */ /* specific application event management */ /* ... */ return TAMP_CB_ACK_AND_RESET; } stm32_tamp_activate(INT_TAMP1, TAMP_ERASE, tamp1_callback);
The value returned by the callback defines if the driver acknowledges the event, and resets the board. If the event is configured as NOERASE, the callback may check:
- in case of true positive: erase manually secret (with stm32_tamp_erase_secret()) and returns TAMP_CB_ACK_AND_RESET
- in case of false positive: returns TAMP_CB_ACK (it unlocks the secret IPs).
The main.c configures the permission access of the TAMP register (privileged mode, secure mode), and it shows if the backup SRAM is included in the secret IPs list.
2.1. Internal tampers[edit source]
By default, only internal tampers 1, 2, 3, 4, 7, 12 and 13 are enabled, configured as ERASE, and the callback resets the board.
2.2. External tampers[edit source]
On the STM32MP13 Discovery board only external tamper 2 is activated in main.c and enabled in the device tree. Pressing the TAMP button raises the EXT_TAMP2 event, erases all secrets and resets the board.