This topic only covers the configuration of external tamper pins. Refer to the STM32MP13 Hardware Reference Manual for information on internal tampers.

Device tree configuration

The TAMP controller is a secure peripheral and, as such, it can only be configured in OP-TEE device tree. The device tree binding is documented at https://github.com/digi-embedded/optee_os/blob/3.16.0/stm/maint/documentation/devicetree/bindings/hwmon/st%2Cstm32-tamp.yaml.

Configure an external tamper (passive)

The following example configures GPIOB_IO2 as a passive tamper. Passive tamper detects level/edge changes on the pin. The following example configures a rising-edge detection:

STM32MP13 device tree
&tamp {
	status = "okay";
	st,tamp_passive_nb_sample = <4>;
	st,tamp_passive_sample_clk_div = <16384>;

	tamp_passive@7 {
		pinctrl-0 = <&ccmp13_tamp0_in7_pin_a>;
		st,trig_on;
		status = "okay";
	};
};

&pinctrl {
	ccmp13_tamp0_in7_pin_a: ccmp13_tamp0_in7_pin_0 {
		pins {
			pinmux = <STM32_PINMUX('B', 2, RSVD)>;
			st,tamp_id = <7>;
		};
	};
};

Configure an external tamper (active)

The following example configures two pads, (GPIOB_IO2, and GPIOI_IO3) as active tamper. The two pads must be externally connected to each other. Active tamper sends periodic random values on the output pin and raises a tamper event if the wrong data is read on the input pin.

You can configure the number of mismatches detected before the system raises a tamper event.
STM32MP13 device tree
&tamp {
	status = "okay";

	tamp_active@1 {
		pinctrl-0 = <&ccmp13_tamp0_in7_pin_a &ccmp13_tamp0_out5_pin_a>;
		status = "okay";
	};
};

&pinctrl {
	/* TAMP_IN */
	ccmp13_tamp0_in7_pin_a: ccmp13_tamp0_in7_pin_0 {
		pins {
			pinmux = <STM32_PINMUX('B', 2, RSVD)>;
			st,tamp_id = <7>;
		};
	};
	/* TAMP_OUT */
	ccmp13_tamp0_out5_pin_a: ccmp13_tamp0_out5_pin_0 {
		pins {
			pinmux = <STM32_PINMUX('I', 3, RSVD)>;
			st,tamp_id = <5>;
		};
	};
};
For external tamper in active mode, the first pinctrl must be the input and the second the output pin.

Enable external tamper in OP-TEE

The external tampers have to be activated in OP-TEE platform configuration file core/arch/arm/plat-stm32mp1/main.c.

The following example shows how to enable the TAMP_IN7 that has been configured in the device tree to be used in passive mode.

static TEE_Result stm32_configure_tamp(void)
{
[...]
	/*
	 * EXT_TAMPx needs to exist but also to be activated in DT. Here, we
	 * check if the EXT_TAMP7 is defined in DT.
	 */
	res = stm32_tamp_activate_tamp(EXT_TAMP7, TAMP_ERASE,
					stm32mp1_etamper_action);
	if (res == TEE_ERROR_BAD_PARAMETERS)
		DMSG("no EXT_TAMP7 on this platform");
	else if (res == TEE_ERROR_ITEM_NOT_FOUND)
		DMSG("EXT_TAMP7 in pin was not found in device tree");
[...]
}

This activates the desired TAMPER_ID in ERASE or NOERASE mode and sets stm32mp1_etamper_action() as the callback to run when the tamper is detected.

After making these modifications, rebuild OP-TEE to include the changes in the FIP image:

$ bitbake -f -C compile tf-a-stm32mp