The tamper interface provides a mechanism to detect unauthorized attempts to access the system, such as the opening of the enclosure. In a tamper event, you can either erase or block secrets (backup registers, root hardware unique key, boot hardware key, SAES and HASH peripherals). You can configure tamper event behavior in the OP-TEE platform configuration and device tree.

Tamper features

  • 32 backup registers: the backup registers are implemented in the RTC domain that remains powered-on by VBAT (if using a coin cell).

  • Up to 12 tamper pins for 8 external tamper detection events.

  • 13 internal tamper events to protect against transient or environmental perturbation attacks.

  • Any tamper detection can generate a RTC timestamp event.

  • Any tamper detection can erase the backup registers and backup SRAM.

  • Two monotonic counters.

Tamper detection mode

There are two types of tamper detection:

  • Internal: events detected by internal peripherals of the STM32MP13 SoC

  • External: events that produce a change on a GPIO pin

Internal tamper

The internal tamper detection supports the following peripherals:

  • VBAT voltage monitoring.

  • Temperature monitoring.

  • LSE monitoring clock stop toggling.

  • HSE monitoring clock stop toggling and over frequency detection.

  • RTC calendar overflow.

  • Monotonic counter 1 overflow.

  • Monotonic counter 2 overflow.

  • ADC2 analog watchdog monitoring 1.

  • ADC2 analog watchdog monitoring 2.

  • ADC2 analog watchdog monitoring 3.

  • JTAG/SWD access.

  • IWDG reset when tamper flag is set.

  • Cryptographic IPs fault (SAES or CRYP or PKA or TRNG).

Refer to the STM32MP13 Hardware Reference Manual for information on internal tampers. All tamper events can be enabled in the OP-TEE platform file at https://github.com/digi-embedded/optee_os/blob/3.16.0/stm/maint/core/arch/arm/plat-stm32mp1/main.c in the function stm32_configure_tamp().

The following internal tamper events are enabled by default:

Tamper index Tamper peripheral Configuration Callback

1

Backup domain voltage threshold monitoring

erase backup regs

reset board

2

Temperature monitoring

erase backup regs

reset board

3

LSE monitoring

erase backup regs

reset board

4

HSE monitoring

erase backup regs

reset board

7

ADC2 analog watchdog monitoring 1

erase backup regs

reset board

12

ADC2 analog watchdog monitoring 2

erase backup regs

reset board

13

ADC2 analog watchdog monitoring 3

erase backup regs

reset board

Not all internal tamper events work in all low power modes. Refer to the Tamper and backup registers chapter of the STM32MP13 Hardware Reference Manual for additional information.

External tamper

The external tamper detection events can be configured as:

  • Passive: detects a level or an edge change on the pin.

  • Active: continuous comparison between tamper output and input to protect from physical open-short attacks.

The external tamper detection modes are available in all low-power modes and VBAT.

Refer to the following topics for configuring the external tamper: