This topic only covers the configuration of external tamper pins. Refer to the STM32MP13 Hardware Reference Manual for information on internal tampers. |
Device tree configuration
The TAMP controller is a secure peripheral and, as such, it can only be configured in OP-TEE device tree. The device tree binding is documented at https://github.com/digi-embedded/optee_os/blob/3.16.0/stm/maint/documentation/devicetree/bindings/hwmon/st%2Cstm32-tamp.yaml.
Configure an external tamper (passive)
The following example configures GPIOB_IO2 as a passive tamper. Passive tamper detects level/edge changes on the pin. The following example configures a rising-edge detection:
&tamp {
status = "okay";
st,tamp_passive_nb_sample = <4>;
st,tamp_passive_sample_clk_div = <16384>;
tamp_passive@7 {
pinctrl-0 = <&ccmp13_tamp0_in7_pin_a>;
st,trig_on;
status = "okay";
};
};
&pinctrl {
ccmp13_tamp0_in7_pin_a: ccmp13_tamp0_in7_pin_0 {
pins {
pinmux = <STM32_PINMUX('B', 2, RSVD)>;
st,tamp_id = <7>;
};
};
};
Configure an external tamper (active)
The following example configures two pads, (GPIOB_IO2, and GPIOI_IO3) as active tamper. The two pads must be externally connected to each other. Active tamper sends periodic random values on the output pin and raises a tamper event if the wrong data is read on the input pin.
You can configure the number of mismatches detected before the system raises a tamper event. |
&tamp {
status = "okay";
tamp_active@1 {
pinctrl-0 = <&ccmp13_tamp0_in7_pin_a &ccmp13_tamp0_out5_pin_a>;
status = "okay";
};
};
&pinctrl {
/* TAMP_IN */
ccmp13_tamp0_in7_pin_a: ccmp13_tamp0_in7_pin_0 {
pins {
pinmux = <STM32_PINMUX('B', 2, RSVD)>;
st,tamp_id = <7>;
};
};
/* TAMP_OUT */
ccmp13_tamp0_out5_pin_a: ccmp13_tamp0_out5_pin_0 {
pins {
pinmux = <STM32_PINMUX('I', 3, RSVD)>;
st,tamp_id = <5>;
};
};
};
For external tamper in active mode, the first pinctrl must be the input and the second the output pin. |
Enable external tamper in OP-TEE
The external tampers have to be activated in OP-TEE platform configuration file core/arch/arm/plat-stm32mp1/main.c
.
The following example shows how to enable the TAMP_IN7 that has been configured in the device tree to be used in passive mode.
static TEE_Result stm32_configure_tamp(void)
{
[...]
/*
* EXT_TAMPx needs to exist but also to be activated in DT. Here, we
* check if the EXT_TAMP7 is defined in DT.
*/
res = stm32_tamp_activate_tamp(EXT_TAMP7, TAMP_ERASE,
stm32mp1_etamper_action);
if (res == TEE_ERROR_BAD_PARAMETERS)
DMSG("no EXT_TAMP7 on this platform");
else if (res == TEE_ERROR_ITEM_NOT_FOUND)
DMSG("EXT_TAMP7 in pin was not found in device tree");
[...]
}
This activates the desired TAMPER_ID in ERASE or NOERASE mode and sets stm32mp1_etamper_action()
as the callback to run when the tamper is detected.
After making these modifications, rebuild OP-TEE to include the changes in the FIP image:
$ bitbake -f -C compile tf-a-stm32mp