FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Tamper Detection on STM32H753

toni2
Associate

‎2025-02-17 1:10 PM - edited ‎2025-02-17 1:12 PM

Hello,

I try to implement a tamper detection for my project. In general, it works. When the device is only powered by a coin cell and a tamper is detected, the backup registers are erased and unfortunately also the backup RAM. When the device is powered and a tamper is detected while the firmware is accessing the backup RAM, an imprecise memfault is generated.

Because of performance reasons, I didn't try to guard every byte written into the backup RAM. Instead, I only guard a std::copy, and this (obviously) is not enough. Because of that, I tried to enable the tamper interrupt to catch the tamper event and solve it, before I continue with the copy. The data copied into the backup RAM will be corrupted, but that is okay and can easily corrected. But unfortunately, this does also not work. I still get a memfault before I get the tamper interrupt.

What I want to archive is to delete only the RTC backup registers during a tamper event. That is the place where I keep my secret keys. The backup RAM should be untouched.

Now to my questions:

Is there a ways to disable the backup RAM erase with this MCU?

When it is not possible to disable the backup RAM erase, is there a safe way to access the backup RAM while the tamper detection is enabled?

Thanks for you help in advance!

Toni

Labels:
0 Kudos
2 REPLIES 2
toni2
Associate

‎2025-02-25 12:11 AM

No one with an idea to solve it? :(

0 Kudos
rpm95
Associate

‎2025-07-18 9:20 AM

It may be interesting for you to check the Reference Manual RM0481.

 

Extract from that document (rev4 page 155):

Software filtering mechanism
Each tamper source can be configured not to launch an immediate erase, by setting the corresponding TAMPxNOER bit in TAMP_CR2 (for external tamper pin) or TAMP_CR3 (for internal tamper).
In such situation, when the tamper flag is raised, access to below secrets is blocked until all tamper flags are cleared:
  • DHUK in SAES: fixed to a dummy value
  • Backup registers, backup SRAM, SRAM2: read as 0, write-ignored
  • AES, SAES, and HASH peripherals: automatically reset by RCC
  • PKA peripheral: reset, with memory use blocked (meaning PKA not usable)
Once the application, notified by the tamper event, analyzes the situation, there are two possible cases:
  • The application launches secrets erase with a software command (confirmed tamper).
  • The application clears the flags to release secrets blocking (false tamper).
Note: If the tamper software fails to react to such a tamper flag, an IWDG reset triggers an automatic erasing of secrets

Good luck ! 

0 Kudos
Top