The tamper interface provides a mechanism to detect unauthorized attempts to access the system, such as the opening of the enclosure. In a tamper event, you can either erase or block secrets (backup registers). You can configure tamper event behavior in the OP-TEE platform configuration and device tree.

Tamper features

  • 32 backup registers: the backup registers are implemented in the RTC domain that remains powered-on by VBAT (if using a coin cell).

  • 3 external tamper detection events.

  • 6 internal tamper events to protect against transient or environmental perturbation attacks.

  • Any tamper detection can generate a RTC timestamp event.

  • Any tamper detection can erase the backup registers and backup SRAM.

  • 1 monotonic counter.

Tamper detection mode

There are two types of tamper detection:

  • Internal: events detected by internal peripherals of the STM32MP15 SoC

  • External: events that produce a change on a GPIO pin

Internal tamper

The internal tamper detection supports the following peripherals:

  • VBAT voltage monitoring.

  • Temperature monitoring.

  • LSE monitoring clock stop toggling.

  • HSE monitoring clock stop toggling and over frequency detection.

  • RTC calendar overflow.

  • Monotonic counter 1 overflow.

Refer to the STM32MP15 Hardware Reference Manual for information on internal tampers.

Not all internal tamper events work in all low power modes. Refer to the Tamper and backup registers chapter of the STM32MP15 Hardware Reference Manual for additional information.

External tamper

The external tamper detection events can be configured as:

  • Passive: detects a level or an edge change on the pin.

  • Active: continuous comparison between tamper output and input to protect from physical open-short attacks.

The external tamper detection modes are available in all low-power modes and VBAT.

Refer to the following topics for configuring the external tamper: