Using Tamper with TF-M in STM32U5

ZKRAC.1 · ‎2022-04-29

Hi,

In TFM and SBSFU applications, by default the anti-tamper protection is enabled for both internal tamper events and external tamper events. It is activated at the start of TFM_SBSFU_Boot, and remains active.

In case of tamper detection, sensitive data in SRAM2, caches and cryptographic peripherals are immediately erased, and the tamper interruption triggers a reset and the application is blocked (can't boot).

I'm using the anti-tamper protection in TFM with stm32U585, but I don't want the tamper interruption to trigger a reset, I have changed the default configuration in TAMP_IRQHandler(), but still a reset is triggered and the application is blocked at tamper detection, I have tried to catch reset causes (reset flags), and I have found a software reset flag (Set by hardware when a software reset occurs.) and NRST Pin reset flag (Set by hardware when a reset from the NRST pin occurs.), So I wonder what would be the cause of NRST reset, and is there any relation between NRST , TAMP and RTC, could the anti-tamper protection / RTC triggers NRST reset.

Is it even possible to change this default configuration in TFM_SBSFU_Boot ?

Any explanation or a hint, please !

Thank you.

Regards,

ZK

Jocelyn RICARD · ‎2022-06-29

Hello @ZKRAC.1,

In secureboot part, TAMP_IRQHandler is implemented in low_level_security.c and is calling NVIC_SystemReset(), reason why you have this behaviour.

In TFM part, the IRQ handler is located in the autogenerated file tfm_secure_irq_handlers_ipc.inc. It is sending the SPM_TAMPER_IRQ signal that is captured in platform_sp_init function:

if (signals & SPM_TAMPER_IRQ)

{

tfm_hal_system_reset();

}

So, in any case you end up in a reset.

Best regards

Jocelyn