Configure the tamper interface

This topic only covers the configuration of external tamper pins. Refer to the STM32MP13 Hardware Reference Manual for information on internal tampers.

Device tree configuration

The TAMP controller is a secure peripheral and, as such, it can only be configured in OP-TEE device tree. The device tree binding is documented at https://github.com/digi-embedded/optee_os/blob/3.16.0/stm/maint/documentation/devicetree/bindings/hwmon/st%2Cstm32-tamp.yaml.

Configure an external tamper (passive)

The following example configures GPIOB_IO2 as a passive tamper. Passive tamper detects level/edge changes on the pin. The following example configures a rising-edge detection:

STM32MP13 device tree

&tamp {
	status = "okay";
	st,tamp_passive_nb_sample = <4>;
	st,tamp_passive_sample_clk_div = <16384>;

	tamp_passive@7 {
		pinctrl-0 = <&ccmp13_tamp0_in7_pin_a>;
		st,trig_on;
		status = "okay";
	};
};

&pinctrl {
	ccmp13_tamp0_in7_pin_a: ccmp13_tamp0_in7_pin_0 {
		pins {
			pinmux = <STM32_PINMUX('B', 2, RSVD)>;
			st,tamp_id = <7>;
		};
	};
};

Configure an external tamper (active)

The following example configures two pads, (GPIOB_IO2, and GPIOI_IO3) as active tamper. The two pads must be externally connected to each other. Active tamper sends periodic random values on the output pin and raises a tamper event if the wrong data is read on the input pin.

You can configure the number of mismatches detected before the system raises a tamper event.

STM32MP13 device tree

&tamp {
	status = "okay";

	tamp_active@1 {
		pinctrl-0 = <&ccmp13_tamp0_in7_pin_a &ccmp13_tamp0_out5_pin_a>;
		status = "okay";
	};
};

&pinctrl {
	/* TAMP_IN */
	ccmp13_tamp0_in7_pin_a: ccmp13_tamp0_in7_pin_0 {
		pins {
			pinmux = <STM32_PINMUX('B', 2, RSVD)>;
			st,tamp_id = <7>;
		};
	};
	/* TAMP_OUT */
	ccmp13_tamp0_out5_pin_a: ccmp13_tamp0_out5_pin_0 {
		pins {
			pinmux = <STM32_PINMUX('I', 3, RSVD)>;
			st,tamp_id = <5>;
		};
	};
};

For external tamper in active mode, the first pinctrl must be the input and the second the output pin.

Enable external tamper in OP-TEE

The external tampers have to be activated in OP-TEE platform configuration file core/arch/arm/plat-stm32mp1/main.c.

The following example shows how to enable the TAMP_IN7 that has been configured in the device tree to be used in passive mode.

static TEE_Result stm32_configure_tamp(void)
{
[...]
	/*
	 * EXT_TAMPx needs to exist but also to be activated in DT. Here, we
	 * check if the EXT_TAMP7 is defined in DT.
	 */
	res = stm32_tamp_activate_tamp(EXT_TAMP7, TAMP_ERASE,
					stm32mp1_etamper_action);
	if (res == TEE_ERROR_BAD_PARAMETERS)
		DMSG("no EXT_TAMP7 on this platform");
	else if (res == TEE_ERROR_ITEM_NOT_FOUND)
		DMSG("EXT_TAMP7 in pin was not found in device tree");
[...]
}

This activates the desired TAMPER_ID in ERASE or NOERASE mode and sets stm32mp1_etamper_action() as the callback to run when the tamper is detected.

After making these modifications, rebuild OP-TEE to include the changes in the FIP image:

$ bitbake -f -C compile tf-a-stm32mp