| This topic only covers the configuration of external tamper pins. Refer to the STM32MP13 Hardware Reference Manual for information on internal tampers. |
Device tree configuration
The TAMP controller is a secure peripheral and, as such, it can only be configured in OP-TEE device tree. The device tree binding is documented at https://github.com/digi-embedded/optee_os/blob/4.0.0/stm/maint/documentation/devicetree/bindings/hwmon/st%2Cstm32-tamp.yaml.
Configure an external tamper (passive)
The following example configures GPIOB_IO2 as a passive tamper. Passive tamper detects level/edge changes on the pin. The following example configures a rising-edge detection:
STM32MP13 device tree
&tamp {
status = "okay";
st,tamp_passive_nb_sample = <4>;
st,tamp_passive_sample_clk_div = <16384>;
tamp-button {
tamper-gpios = <&gpioB 2 0>;
st,tamp-mode = <TAMPER_CONFIRMED_MODE>;
st,tamp-id = 7;
status = "okay";
};
};Configure an external tamper (active)
The following example configures two pads, (GPIOB_IO2, and GPIOI_IO3) as active tamper. The two pads must be externally connected to each other. Active tamper sends periodic random values on the output pin and raises a tamper event if the wrong data is read on the input pin.
| You can configure the number of mismatches detected before the system raises a tamper event. |
STM32MP13 device tree
&tamp {
status = "okay";
tamp-active {
tamper-gpios = <&gpioB 2 0>, <&gpioI 3 0>;
st,tamp-mode = <TAMPER_CONFIRMED_MODE>;
st,tamp-id = <7>, <5>;
status = "okay";
};
};