Configure the tamper interface

Device tree configuration

The TAMP controller is a secure peripheral and, as such, it can only be configured in OP-TEE device tree. The device tree binding is documented at https://github.com/digi-embedded/optee_os/blob/4.0.0/stm/maint/documentation/devicetree/bindings/hwmon/st%2Cstm32-tamp.yaml.

Configure an internal tamper

Internal tampers must be configured in OP-TEE device tree with the st,tamp-internal-tampers property. The following example configures two internal tampers:

&tamp {
	status = "okay";
	st,tamp_passive_nb_sample = <4>;
	st,tamp_passive_sample_clk_div = <16384>;
	st,tamp-internal-tampers =
		<INT_TAMPER_BKUP_DOMAIN_THRESHOLD TAMPER_CONFIRMED_MODE>,
		<INT_TAMPER_TEMPERATURE_MONITORING TAMPER_POTENTIAL_MODE>;
};

Configure an external tamper (passive)

The following example configures GPIOZ_IO2 as a passive tamper. Passive tamper detects level/edge changes on the pin.

&tamp {
	status = "okay";
	st,tamp_passive_nb_sample = <4>;
	st,tamp_passive_sample_clk_div = <16384>;

	tamp-passive {
		tamper-gpios = <&gpioz 2 0>;
		st,tamp-mode = <TAMPER_CONFIRMED_MODE>;
		st,tamp-id = <3>;
		st,trig-on; /* Set active level to HIGH for the DVK tamper button */
		status = "okay";
	};
};

Tamper pin must be configured as secure and managed by OP-TEE. Make the following change to your OP-TEE device tree:

&gpioz {
        st,protreg = <
                RIFPROT(RIF_IOPORT_PIN(0), RIF_UNUSED, RIF_UNLOCK, RIF_NSEC, RIF_NPRIV, RIF_UNUSED, RIF_SEM_DIS, RIF_CFDIS)
                RIFPROT(RIF_IOPORT_PIN(1), RIF_UNUSED, RIF_UNLOCK, RIF_NSEC, RIF_NPRIV, RIF_UNUSED, RIF_SEM_DIS, RIF_CFDIS)
-               RIFPROT(RIF_IOPORT_PIN(2), RIF_UNUSED, RIF_UNLOCK, RIF_NSEC, RIF_NPRIV, RIF_UNUSED, RIF_SEM_DIS, RIF_CFDIS)
+               RIFPROT(RIF_IOPORT_PIN(2), RIF_UNUSED, RIF_UNLOCK, RIF_SEC, RIF_PRIV, RIF_CID1, RIF_SEM_DIS, RIF_CFEN)
                RIFPROT(RIF_IOPORT_PIN(3), RIF_UNUSED, RIF_UNLOCK, RIF_NSEC, RIF_NPRIV, RIF_UNUSED, RIF_SEM_DIS, RIF_CFDIS)
                RIFPROT(RIF_IOPORT_PIN(4), RIF_UNUSED, RIF_UNLOCK, RIF_NSEC, RIF_NPRIV, RIF_UNUSED, RIF_SEM_DIS, RIF_CFDIS)
                RIFPROT(RIF_IOPORT_PIN(5), RIF_UNUSED, RIF_UNLOCK, RIF_NSEC, RIF_NPRIV, RIF_UNUSED, RIF_SEM_DIS, RIF_CFDIS)

Configure an external tamper (active)

The following example configures two pads, (GPIOG_IO1 and GPIOZ_IO2) as active tamper. The two pads must be externally connected to each other. Active tamper sends periodic random values on the output pin (gpioz 2) and raises a tamper event if the wrong data is read on the input pin (gpiog 1).

You can configure the number of mismatches detected before the system raises a tamper event.

&tamp {
	status = "okay";

	tamp-active {
		/* tamper-gpios = <&TAMP_IN4> , <&TAMP_OUT7> */
		tamper-gpios = <&gpiog 1 0>, <&gpioz 2 0>;
		st,tamp-mode = <TAMPER_CONFIRMED_MODE>;
		st,tamp-id = <4>, <7>;
		status = "okay";
	};
};

Both tamper pins must be configured as secure and managed by OP-TEE. Make the following change to your OP-TEE device tree:

 &gpiog {
        st,protreg = <
                RIFPROT(RIF_IOPORT_PIN(0), RIF_UNUSED, RIF_UNLOCK, RIF_NSEC, RIF_NPRIV, RIF_UNUSED, RIF_SEM_DIS, RIF_CFDIS)
-               RIFPROT(RIF_IOPORT_PIN(1), RIF_UNUSED, RIF_UNLOCK, RIF_NSEC, RIF_NPRIV, RIF_UNUSED, RIF_SEM_DIS, RIF_CFDIS)
+               RIFPROT(RIF_IOPORT_PIN(1), RIF_UNUSED, RIF_UNLOCK, RIF_SEC, RIF_PRIV, RIF_CID1, RIF_SEM_DIS, RIF_CFEN)
                RIFPROT(RIF_IOPORT_PIN(2), RIF_UNUSED, RIF_UNLOCK, RIF_NSEC, RIF_NPRIV, RIF_UNUSED, RIF_SEM_DIS, RIF_CFDIS)
                RIFPROT(RIF_IOPORT_PIN(3), RIF_UNUSED, RIF_UNLOCK, RIF_NSEC, RIF_NPRIV, RIF_UNUSED, RIF_SEM_DIS, RIF_CFDIS)
                RIFPROT(RIF_IOPORT_PIN(4), RIF_UNUSED, RIF_UNLOCK, RIF_NSEC, RIF_NPRIV, RIF_UNUSED, RIF_SEM_DIS, RIF_CFDIS)

[...]

&gpioz {
        st,protreg = <
                RIFPROT(RIF_IOPORT_PIN(0), RIF_UNUSED, RIF_UNLOCK, RIF_NSEC, RIF_NPRIV, RIF_UNUSED, RIF_SEM_DIS, RIF_CFDIS)
                RIFPROT(RIF_IOPORT_PIN(1), RIF_UNUSED, RIF_UNLOCK, RIF_NSEC, RIF_NPRIV, RIF_UNUSED, RIF_SEM_DIS, RIF_CFDIS)
-               RIFPROT(RIF_IOPORT_PIN(2), RIF_UNUSED, RIF_UNLOCK, RIF_NSEC, RIF_NPRIV, RIF_UNUSED, RIF_SEM_DIS, RIF_CFDIS)
+               RIFPROT(RIF_IOPORT_PIN(2), RIF_UNUSED, RIF_UNLOCK, RIF_SEC, RIF_PRIV, RIF_CID1, RIF_SEM_DIS, RIF_CFEN)
                RIFPROT(RIF_IOPORT_PIN(3), RIF_UNUSED, RIF_UNLOCK, RIF_NSEC, RIF_NPRIV, RIF_UNUSED, RIF_SEM_DIS, RIF_CFDIS)
                RIFPROT(RIF_IOPORT_PIN(4), RIF_UNUSED, RIF_UNLOCK, RIF_NSEC, RIF_NPRIV, RIF_UNUSED, RIF_SEM_DIS, RIF_CFDIS)
                RIFPROT(RIF_IOPORT_PIN(5), RIF_UNUSED, RIF_UNLOCK, RIF_NSEC, RIF_NPRIV, RIF_UNUSED, RIF_SEM_DIS, RIF_CFDIS)