2024-09-02 10:55 PM
hi
i am trying to work with ST given example code of SBSFU for the U585 controller. Here my requirement is to add the active tampers to the system. in this given code i think tamper is only configured in the bootloader application only.
tamper detection only occurred when bootloader code is running . no detection on secure or non secure code , i only can see the tamper irq handler in boot code , no implementation in secure or non secure code.
i tried to remove the RTC and tamper configuration inside the bootloader code and tried to configure both in secure code that time its not working (initialization of RTC failing ,need to know weather some dependency is there or not with boot).
then i tried to configure the RTC in boot itself and tamper initialization in secure part there whenever tamper occurred in the application(while running secure or non secure code) code is getting hanged otherwise works perfectly.
whenever tamper occurred the tamper ISR not calling properly(tried with enabling the interrupt in the partition_stm32u5xx.h file )
note:
my requirement - need to use SBSFU project with trust zone (as ST given example), integrate 3 active tampers,1 passive tamper and 2 internal tamper(voltage, temperature) into boot/secure code(tamper only required in the application its fine if its not present in bootloader).then when tamper detection occurred need to erase SRAM2,backup ram, tamper back up registers (done automatically) , take a tamper timestamp , and notify the host system that a tamper has been occurred (since SBSFU initiate system reset whenever a tamper has been detected can't use that implementation).
any help in terms of some example codes or proper documents will be great .
regards
sabarinath
2024-10-28 05:16 PM
Hi @sabari1
yes I confirm, the Tampers are activated at the start of TFM_SBSFU_Boot and Used to protect sensitive data from physical attacks. Tamper remains active during TFM_Appli and TFM_Loader applications.
I will investigate how is it possible to modify or update the tampers configurations ? hope not locked by the secure boot which is immutable !!
Best Regards