The tamper interface allows you to program a predefined tamper action—system power off—that automatically occurs after a preconfigured timeout from the tamper event. However, typical response actions include one or several of the following generic responses:

  • Activate a physical indicator (tamper-evident seals, on screen indicators, etc.).

  • Send a notification.

  • Take destructive action such as erasing critical information of the system or rendering it unable to boot.

The Digi Embedded Yocto Board Support Package provides the necessary firmware to easily detect tamper events and perform the corresponding response actions. These hooks are the same for both digital and analog tamper detection interfaces.

U-Boot

The bootloader performs the following actions during system initialization:

  • It checks if the tamper interfaces are enabled.

  • If enabled, it checks if there are any unacknowledged tamper events.

  • If there are events pending acknowledgment, it calls the function mca_tamper_take_actions(). This function is declared as weak-link, so customers can override it with a custom implementation that accommodates their security needs (such as erasing a partition, sending a notification, or triggering an alarm output).

  • It acknowledges the event once the response actions have been executed.

If the predefined flow does not meet the requirements for a specific device, you can customize it using the bootloader code (board/digi/common/tamper.c).

Linux

Linux handles tamper events and acknowledgment via an IIO driver. For each tamper interface available, the driver will create the following entries:

  • A character device node (i.e.: /dev/iio:device0): this device generates standard IIO events when the event occurs. You can read the events and their timestamps using the standard API provided by the kernel for the IIO devices.

  • A sysfs directory (i.e.: /sys/bus/iio/iio:device0): this directory has the following entries:

    • tamper_events: you can use this entry to poll the tamper interface status and to acknowledge an event. Reading it returns a string with the status (none, signaled, or signaled+acked). To acknowledge the event, write ack or 0.

    • in_activityn_raw: this read-only entry returns the value of TAMPERn_EVENT.

    • timestamp: this read-only entry returns the timestamp (as a 64-bit Linux epoch time) at which the tamper event was registered.

The sample application tamper_sample is included in the dey-examples package of the meta-digi layer as a reference on how to detect tamper events, providing the hooks to implement the required response actions and acknowledge the event.

For the tamper driver to load, the following conditions must be true when Linux boots:

  • Tamper was configured using tamper_config application and the configuration was saved into NVRAM (see Configure the tamper interfaces).

  • The mca_tamper interface is enabled in the device tree.

Device tree bindings

The tamper detection interface must be enabled in the device tree. To do so, uncomment the following lines:

	/*
	 * Uncomment to enable tamper detection. There are two digital (0 and 1)
	 * and two analog (2 and 3) tamper interfaces.
	 */
	&mca_tamper {
		digi,tamper-if-list = <0 1 2 3>;
	};