The tamper interface allows you to program a predefined tamper action—system power off—that automatically occurs after a preconfigured timeout from the tamper event. However, typical response actions include one or several of the following generic responses:

  • Activate a physical indicator (tamper-evident seals, on screen indicators, etc.).

  • Send a notification.

  • Take destructive action such as erasing critical information of the system or rendering it unable to boot.

The Digi Embedded for Android Board Support Package provides the necessary firmware to easily detect tamper events and perform the corresponding response actions. These hooks are the same for both digital and analog tamper detection interfaces.

U-Boot

The bootloader performs the following actions during system initialization:

  • It checks if the tamper interfaces are enabled.

  • If enabled, it checks if there are any unacknowledged tamper events.

  • If there are events pending acknowledgment, it calls the function mca_tamper_take_actions(). This function is declared as weak-link, so customers can override it with a custom implementation that accommodates their security needs (such as erasing a partition, sending a notification, or triggering an alarm output).

  • It acknowledges the event once the response actions have been executed.

If the predefined flow does not meet the requirements for a specific device, you can customize it using the bootloader code (board/digi/common/tamper.c).

Device tree bindings

The tamper detection interface must be enabled in the device tree. To do so, uncomment the following lines:

	/*
	 * Uncomment to enable tamper detection. There are two digital (0 and 1)
	 * and two analog (2 and 3) tamper interfaces.
	 */
	&mca_tamper {
		digi,tamper-if-list = <0 1 2 3>;
	};

Android

You can manage tamper events from your Android application. See TrustFence tamper API for more information about the tamper APIx.

The TrustFence Tamper Sample Application demonstrates the usage of the tamper API. In this example, you can detect and interact with tamper events.

Linux

Linux handles tamper events and acknowledgment via an IIO driver. For each tamper interface available, the driver will create the following entries:

  • A character device node (i.e.: /dev/iio:device0). This device generates standard IIO events when the event occurs. You can read the events and their timestamps using the standard API provided by the kernel for the IIO devices.

  • A sysfs directory (i.e.: /sys/bus/iio/iio:device0). This directory has the following entries:

    • tamper_events: you can use this entry to poll the tamper interface status and to acknowledge an event. Reading it returns a string with the status (none, signaled, or signaled+acked). To acknowledge the event, write ack or 0.

    • in_activityn_raw: this read-only entry returns the value of TAMPERn_EVENT.

    • timestamp: this read-only entry returns the timestamp (as a 64-bit Linux epoch time) at which the tamper event was registered.

For the tamper driver to load, the following conditions must be true when Linux boots: