The tamper interface provides a mechanism to detect unauthorized attempts to access the system, such as the opening of the enclosure. In a tamper event, you can either erase or block secrets (backup registers). You can configure tamper event behavior in the OP-TEE platform configuration and device tree.

Tamper features

  • 32 backup registers: the backup registers are implemented in the RTC domain that remains powered-on by VBAT (if using a coin cell).

  • Three external tamper detection events.

  • Six internal tamper events to protect against transient or environmental perturbation attacks.

  • Any tamper detection can generate a RTC timestamp event.

  • Any tamper detection can erase the backup registers and backup SRAM.

  • One monotonic counter.

Tamper detection mode

There are two types of tamper detection:

  • Internal: events detected by internal peripherals of the STM32MP15 SoC

  • External: events that produce a change on a GPIO pin

Internal tamper

The internal tamper detection supports the following peripherals:

  • VBAT voltage monitoring.

  • Temperature monitoring.

  • LSE monitoring clock stop toggling.

  • HSE monitoring clock stop toggling and over frequency detection.

  • RTC calendar overflow.

  • Monotonic counter 1 overflow.

Refer to the STM32MP15 Hardware Reference Manual for information on internal tampers. All tamper events can be enabled in the OP-TEE platform file at https://github.com/digi-embedded/optee_os/blob/4.0.0/stm/maint/core/arch/arm/plat-stm32mp1/main.c in the function stm32_configure_tamp().

The following internal tamper events are enabled by default:

Tamper index Tamper peripheral Configuration Callback

1

RTC power domain

erase backup regs

reset board

2

Temperature monitoring

erase backup regs

reset board

3

LSE monitoring

erase backup regs

reset board

4

HSE monitoring

erase backup regs

reset board
Not all internal tamper events work in all low power modes. Refer to the Tamper and backup registers chapter of the STM32MP15 Hardware Reference Manual for additional information.

External tamper

The external tamper detection events can be configured as:

  • Passive: detects a level or an edge change on the pin.

  • Active: continuous comparison between tamper output and input to protect from physical open-short attacks.

The external tamper detection modes are available in all low-power modes and VBAT.

Refer to the following topics for configuring the external tamper: