1. Article purpose[edit | edit source]
The purpose of this article is to explain how the TAMP backup registers are used by STM32MPU Embedded Software.
2. Overview[edit | edit source]
The STM32MP15 embeds 32 backup registers of 32 bits. A programmable border allows to split those backup registers into a secure and a non-secure group.
By default, the ROM code defines the 10 first backup registers as secure, but this secure/non-secure border can be changed later on from the secure context.
3. Backup registers usage[edit | edit source]
This paragraph explains the default backup registers usage by the ROM code and STM32MPU Embedded Software distribution.
Then, the next chapter shows the backup register mapping used to fulfill those needs.
It is important to notice that the backup registers are erased when a tamper detection occurs in TAMP internal peripheral |
3.1. At boot time[edit | edit source]
- Non-secure backup registers are used:
- during a cold boot:
- by U-Boot to initialize the boot counter, that should be reset later on by the application.
- after a reset:
- by the ROM code to get an eventual forced boot mode that was set before reset. Notice that the ROM code is only interprating the value 0xFF to trigger a serial boot, as shown in the ROM code boot device selection strategy. In that case, the backup register is reset by the ROM code before proceeding with the serial boot mode. Other values are ignored by the ROM code but may be interprated by U-Boot, as described just below.
- by U-Boot to get an eventual forced boot mode that was set before reset. This can be useful to set U-Boot in programmer mode after a reboot, for instance.
- by U-Boot to increment the boot counter and perform given actions if a predefined number of successive boots is reached, due to cyclic resets before the application is alive (and clears the counter).
- during a cold boot:
- Secure backup registers are used:
- to tell to the FSBL (TF-A or U-Boot SPL) how to behave:
- on cold boot, the ROM code sets the magic number to 0x0: this value tells to the FSBL that a complete DDR initialization is needed before jumping to the SSBL (U-Boot).
- on wakeup from Standby with DDR in self-refresh low power mode, if the magic number == 0xCA7FACE0 then the FSBL performs a partial DDR initialization to exit Self-Refresh then it branches the Arm® Cortex®-A7 core 0 non-secure execution to the given branch address (in Linux® kernel, that was set during secure context saving before the Standby low power mode entering).
- by Linux® kernel on Arm® Cortex®-A7 core 0 (via a PSCI secure service) to tell to the ROM code how to start Arm® Cortex®-A7 core 1 (and enable the SMP mode): when Arm® Cortex®-A7 core 1 non-secure sees the magic number == 0xCA7FACE1 then it jumps to the given branch address.
- by the ROM code during wakeup from Standby low power mode to recover the Cortex®-M4 firmware integrity check value and compare it to the one computed on RETRAM before starting the Cortex®-M4 again.
- to tell to the FSBL (TF-A or U-Boot SPL) how to behave:
Notice: the ROM code knows if Cortex®-A7 and/or Cortex®-M4 have to be restarted after Standby thanks to RCC_MP_BOOTCR register, so the backup registers are not used here.
3.2. At runtime[edit | edit source]
- Non secure backup registers
- own the boot counter and should be reset by the application after a successful startup.
- are used to store Cortex®-M4 retention firmware integrity check value before going to Standby mode, if the Cortex®-M4 needs to be started on wakeup from Standby mode by the ROM code.
- Secure backup registers
- are used by secure services to store:
4. Memory mapping[edit | edit source]
The table below shows the backup register mapping used by STM32MPU Embedded Software.
The TAMP backup register base address is 0x5C00A100, corresponding to TAMP_BKP0R.
TAMP register | Security | ROM / software register name | Comment |
---|---|---|---|
TAMP_BKP31R | Non-secure | M4_WAKEUP_AREA_HASH | This register can be used to store a SHA-256 value computed on M4_WAKEUP_AREA_LENGTH bytes in RETRAM starting from M4_WAKEUP_AREA_START, before entering in low power Standby mode. This allows the ROM code to perform an integrity check on wakeup before starting the coprocessor. |
TAMP_BKP30R | Non-secure | ||
TAMP_BKP29R | Non-secure | ||
TAMP_BKP28R | Non-secure | ||
TAMP_BKP27R | Non-secure | ||
TAMP_BKP26R | Non-secure | ||
TAMP_BKP25R | Non-secure | ||
TAMP_BKP24R | Non-secure | ||
TAMP_BKP23R | Non-secure | M4_WAKEUP_AREA_LENGTH | Amount of bytes hashed in RETRAM to compute the integrity check value |
TAMP_BKP22R | Non-secure | M4_WAKEUP_AREA_START | Start address in RETRAM from where the integrity check value has to be computed |
TAMP_BKP21R | Non-secure | BOOT_COUNTER | Boot counter |
TAMP_BKP20R | Non-secure | BOOT_MODE[1] | Boot mode context information |
TAMP_BKP19R | Non-secure | (Reserved for future use) | |
TAMP_BKP18R | Non-secure | CORTEX_M_STATE | Cortex-M state (written by Cortex-M / read by Cortex-A) |
TAMP_BKP17R | Non-secure | COPRO_RSC_TBL_ADDRESS | Coprocessor resource table base address |
TAMP_BKP16R | Non-secure | (Reserved for future use) | |
TAMP_BKP15R | Non-secure | (Reserved for future use) | |
TAMP_BKP14R | Non-secure | (Reserved for future use) | |
TAMP_BKP13R | Non-secure | (Reserved for future use) | |
TAMP_BKP12R | Non-secure | (Reserved for future use) | |
TAMP_BKP11R | Non-secure | (Reserved for future use) | |
TAMP_BKP10R | Non-secure | (Reserved for future use) | |
TAMP_BKP9R | Secure | (Reserved for future use) | |
TAMP_BKP8R | Secure | (Reserved for future use) | |
TAMP_BKP7R | Secure | (Reserved for future use) | |
TAMP_BKP6R | Secure | (Reserved for future use) | |
TAMP_BKP5R | Secure | BRANCH_ADDRESS[1] | CPU0 or CPU1 branch address |
TAMP_BKP4R | Secure | MAGIC_NUMBER[1] | CPU0 or CPU1 boot magic number |
TAMP_BKP3R | Secure | M4_SECURITY_PERIMETER_EXTI3 | Value of AEIC TZENR3 |
TAMP_BKP2R | Secure | M4_SECURITY_PERIMETER_EXTI2 | Value of AEIC TZENR2 |
TAMP_BKP1R | Secure | M4_SECURITY_PERIMETER_EXTI1 | Value of AEIC TZENR1 |
TAMP_BKP0R | Secure | WAKEUP_SEC | Wakeup parameters |