Device tree configuration
The TAMP controller is a secure peripheral and, as such, it can only be configured in OP-TEE device tree. The device tree binding is documented at https://github.com/digi-embedded/optee_os/blob/4.0.0/stm/maint/documentation/devicetree/bindings/hwmon/st%2Cstm32-tamp.yaml.
Configure an internal tamper
Internal tampers must be configured in OP-TEE device tree with the st,tamp-internal-tampers property.
The following example configures two internal tampers:
&tamp {
status = "okay";
st,tamp_passive_nb_sample = <4>;
st,tamp_passive_sample_clk_div = <16384>;
st,tamp-internal-tampers =
<INT_TAMPER_BKUP_DOMAIN_THRESHOLD TAMPER_CONFIRMED_MODE>,
<INT_TAMPER_TEMPERATURE_MONITORING TAMPER_POTENTIAL_MODE>;
};Configure an external tamper (passive)
The following example configures GPIOB_IO2 as a passive tamper. Passive tamper detects level/edge changes on the pin.
&tamp {
status = "okay";
st,tamp_passive_nb_sample = <4>;
st,tamp_passive_sample_clk_div = <16384>;
tamp-passive {
tamper-gpios = <&gpiob 2 0>;
st,tamp-mode = <TAMPER_CONFIRMED_MODE>;
st,tamp-id = <2>;
status = "okay";
};
};Configure an external tamper (active)
The following example configures two pads, (GPIOB_IO2 and GPIOI_IO3) as active tamper. The two pads must be externally connected to each other. Active tamper sends periodic random values on the output pin (gpioi 3) and raises a tamper event if the wrong data is read on the input pin (gpiob 2).
| You can configure the number of mismatches detected before the system raises a tamper event. |
&tamp {
status = "okay";
tamp-active {
/* tamper-gpios = <&TAMP_IN7> , <&TAMP_OUT5> */
tamper-gpios = <&gpiob 2 0>, <&gpioi 3 0>;
st,tamp-mode = <TAMPER_CONFIRMED_MODE>;
st,tamp-id = <7>, <5>;
status = "okay";
};
};
