The tamper interface provides a mechanism to detect unauthorized attempts to access the system, such as the opening of the enclosure. In a tamper event, you can either erase or block secrets (backup registers, root hardware unique key, boot hardware key, SAES, CRYP1/2 and HASH peripherals). You can configure tamper event behavior in the OP-TEE platform configuration and device tree.

Tamper features

  • 128 backup registers: the backup registers are implemented in the RTC domain that remains powered-on by VBAT (if using a coin cell).

  • Up to 16 tamper pins for 8 external tamper detection events.

  • 14 internal tamper events to protect against transient or environmental perturbation attacks.

  • Any tamper detection can generate a RTC timestamp event.

  • Any tamper detection can erase the backup registers and backup SRAM.

  • 2 monotonic counters.

Tamper detection mode

There are two types of tamper detection:

  • Internal: events detected by internal peripherals of the STM32MP25 SoC

  • External: events that produce a change on a GPIO pin

Internal tamper

The internal tamper detection supports the following peripherals:

  • VBAT voltage monitoring.

  • Temperature monitoring.

  • LSE monitoring clock stop toggling.

  • HSE monitoring clock stop toggling and over frequency detection.

  • RTC calendar overflow.

  • Monotonic counter 1 overflow.

  • Monotonic counter 2 overflow.

  • JTAG/SWD access.

  • VDDCORE monitoring under/over voltage.

  • VDDCPU (Cortex A35) monitoring under/over voltage.

  • IWDG1 reset when caused by watchdog timeout when a potential tamper is pending.

  • IWDG3 reset when caused by watchdog timeout when a potential tamper is pending.

  • IWDG5 reset when caused by watchdog timeout when a potential tamper is pending.

  • Cryptographic IPs fault (SAES or PKA or TRNG).

Refer to the STM32MP25 Hardware Reference Manual for information on internal tampers.

Not all internal tamper events work in all low power modes. Refer to the Tamper and backup registers chapter of the STM32MP25 Hardware Reference Manual for additional information.

External tamper

The external tamper detection events can be configured as:

  • Passive: detects a level or an edge change on the pin.

  • Active: continuous comparison between tamper output and input to protect from physical open-short attacks.

The external tamper detection modes are available in all low-power modes and VBAT.

Refer to the following topics for configuring the external tamper: