2025-08-12 4:55 PM - edited 2025-08-12 5:06 PM
I'm trying to somehow pass information about tampering event from OP-TEE to Linux userspace by means of Tamper Backup registers but I seem to have a problem.
I added this to kernel dts:
&nvram {
my_free_backup_register: tamp-bkp@c4 {
reg = <0xC4 0x4>;
};
};
&usart2 {
// Other stuff before nvmem
nvmem-cells = <&my_free_backup_register>;
nvmem-cell-names = "my_backup_register";
};
I tried to write to that register from OP-TEE function stm32_tamp_etamper_action using io_write32 function. Then I'm trying to read that register from OP-TEE immediately after the write and looks like the register has not been written to.
Also, in Linux userspace in /sys/bus/nvmem/devices/ I can see stm32-tamp-nvram0 but when I hexdump its nvmem file it's just a bunch of zeroes. I can't seem to find that nvmem-cells in usart2 either.
Solved! Go to Solution.
2025-08-13 8:09 PM
Ok, so looks like I wasn't able to write to TAMP_BKP49R because I had to first acknowledge tamper to unlock the register by clearing tamper flag in _TAMP_SCR. Then I was able to successfully write to it from OP-TEE and read from Linux with:
root@stm32mp2:~# hexdump -C /sys/bus/nvmem/devices/stm32-tamp-nvram0/nvmem
2025-08-13 12:25 AM - edited 2025-08-13 12:26 AM
Hello @rossU,
You use TAMP_BKP49R, which is in Zone2 (Read Nonsecure/Write secure) : you should be able to read it from the linux kernel: could you please detail how you read this tamper in linux ?
BR,
Christophe
2025-08-13 8:09 PM
Ok, so looks like I wasn't able to write to TAMP_BKP49R because I had to first acknowledge tamper to unlock the register by clearing tamper flag in _TAMP_SCR. Then I was able to successfully write to it from OP-TEE and read from Linux with:
root@stm32mp2:~# hexdump -C /sys/bus/nvmem/devices/stm32-tamp-nvram0/nvmem