Configure the tamper interfaces using tamper_cfg

Introduction

The tamper_cfg application is a command line tool for setting up the tamper interfaces of the MCA. This application is proprietary software (not open source).

Note You must uncomment the following lines in the device tree to enable tamper detection:

/* Uncomment to Enable Tamper detection. Two interfaces (0 and 1) are available */
&mca_tamper {
digi,tamper-if-list = <0 1>;
};

Usage

The application can be used with the following options:

tamper_cfg --help
tamper_cfg --save
tamper_cfg --iface N [--cfg0 HEX] [--cfg1 HEX] [--input DEC] [--output DEC] [--pwroff_delay DEC] [--show] [–save]

The table below summarizes the meaning of each command line option. In the third usage form, the argument iface is mandatory.

Command line option

 Action

--cfg0 HEX

Set the value of the register TAMPER_CFG0

--cfg1 HEX

Set the value of the register TAMPER_CFG1

This register is not used and defined as read-only

--help

Print help message (the information on this table)

--iface N

Tamper interface to which the command is applied

This argument must be right after the program name

--input DEC

Select input pin for tamper detection

--output DEC

Select output for tamper event, if enabled

--pwroff_delay DEC

Set delay (in tenths of a second) to power off after tamper event on interface N

--save

Save current settings to NVRAM

Before saving, all changes are volatile

--show

Show current settings of the tamper interfaces

HEX is a 8-bit hexadecimal number. The number can be passed directly or with 0x prefix, and is case-insensitive (for example, 0x1A, 0X1a, 1a and 1A are valid for the program). Invalid hexadecimal sequences or numbers larger than 8 bits are automatically rejected.

DEC is a non-negative decimal. Numbers out of range and non-decimal characters are rejected.

If two or more values are passed for the same option (for example, --input 0 --input 1), only the last argument takes effect, provided that reconfiguration of the tamper interface has not been disabled.

Changes are kept in volatile memory until the option --save is passed. This action is performed after changing all settings.

Invalid arguments

The program automatically rejects invalid arguments:

root@ccimx6ulsbc:~# tamper_cfg --iface 0 --cfg0 0x34s
Bad hexadecimal argument
Operation not performed
root@ccimx6ulsbc:~# tamper_cfg --iface 0 --input 23
Error: the MCA has only 8 pins.
Operation not performed
root@ccimx6ulsbc:~# tamper_cfg --iface 0 --output -8
Provide a valid integer number in the range 0..7
Operation not performed

Show tamper interface settings

The option --show shows the settings that currently apply. For registers that can contain bitfields, the meaning of individual bits is shown.

root@ccimx6ulsbc:~# tamper_cfg --iface 0 --show
 
Tamper interface 0:
 
TAMPER0_CFG0: 0xff
        Tamper detection enabled        1
        Interface reconf allowed        1
        Tamper input active level       1
        Tamper output pin enabled       1
        Tamper output active level      1
        Tamper event powers device off  1
        Clear tamper events enabled     1
TAMPER0_CFG1: 0x00
MCA_TAMPER0_IO_IN: 1
MCA_TAMPER0_IO_OUT: 7
MCA_TAMPER0_DELAY poweroff: 0 (x 100 ms)
MCA_TAMPER0_EVENT: 0x00
        Tamper event signaled           0
        Event acknowledged              0

Change current settings

There is one option for changing each register of the tamper interfaces, as shown in the table above. If the Interface reconfiguration allowed option of a tamper interface is set to 0, it cannot be reconfigured. See TAMPERn_CFG0.

New settings are kept in RAM (volatile) memory until saved with the --save option. This means that if a tamper interface does not allow reconfiguration but this setting is not saved to NVRAM, changes will be lost after powering off the device.

Once the new settings have been saved to NVRAM, it is possible to restore factory defaults by updating the MCA firmware without option -k (this option would keep NVRAM settings). When the firmware restarts, it detects empty NVRAM sectors and restores its factory contents.

root@ccimx6ulsbc:~# tamper_cfg --iface 1 --cfg0 0xA0 --input 3
Reconfiguration of the tamper interface 1 is not allowed
At least one operation could not be performed
root@ccimx6ulsbc:~# tamper_cfg --iface 1 --show
 
Tamper interface 1:
 
TAMPER1_CFG0: 0xa0
        Tamper detection enabled        0
        Interface reconf allowed        0
        Tamper input active level       0
        Tamper output pin enabled       0
        Tamper output active level      1
        Tamper event powers device off  0
        Clear tamper events enabled     1
TAMPER1_CFG1: 0x00
MCA_TAMPER1_IO_IN: 0
MCA_TAMPER1_IO_OUT: 0
MCA_TAMPER1_DELAY poweroff: 0 (x 100 ms)
MCA_TAMPER1_EVENT: 0x00
        Tamper event signaled           0
        Event acknowledged              0

In this case, the tamper interface 1 cannot be reconfigured, since CFG0 was set to 0xA0 (thus disabling reconfiguration) before the input pin could be selected. However, these settings are volatile (since option --save has not been used) and can be revoked by powering off the SBC.

Save current settings

root@ccimx6ulsbc:~# tamper_cfg --iface 1 --cfg0 5F --input 3 --output 4 --pwroff_delay 35 --show --save
Configuration saved.
 
Tamper interface 1:
 
TAMPER1_CFG0: 0x00
        Tamper detection enabled        0
        Interface reconf allowed        0
        Tamper input active level       0
        Tamper output pin enabled      0
        Tamper output active level      0
        Tamper event powers device off  0
        Clear tamper events enabled     0
TAMPER1_CFG1: 0x31
MCA_TAMPER1_IO_IN: 8
MCA_TAMPER1_IO_OUT: 84
MCA_TAMPER1_DELAY poweroff: 82 (x 100 ms)
MCA_TAMPER1_EVENT: 0x00
        Tamper event signaled           0
        Event acknowledged              0