STM32MP257F-EV1 Tamper logging in Linux userspace

rossU · ‎2025-08-12

I'm trying to somehow pass information about tampering event from OP-TEE to Linux userspace by means of Tamper Backup registers but I seem to have a problem.

I added this to kernel dts:

&nvram {
	my_free_backup_register: tamp-bkp@c4 {
		reg = <0xC4 0x4>;
	};
};

&usart2 {
    // Other stuff before nvmem
	nvmem-cells = <&my_free_backup_register>;
	nvmem-cell-names = "my_backup_register"; 
};

I tried to write to that register from OP-TEE function stm32_tamp_etamper_action using io_write32 function. Then I'm trying to read that register from OP-TEE immediately after the write and looks like the register has not been written to.

Also, in Linux userspace in /sys/bus/nvmem/devices/ I can see stm32-tamp-nvram0 but when I hexdump its nvmem file it's just a bunch of zeroes. I can't seem to find that nvmem-cells in usart2 either.

rossU · ‎2025-08-13

Ok, so looks like I wasn't able to write to TAMP_BKP49R because I had to first acknowledge tamper to unlock the register by clearing tamper flag in _TAMP_SCR. Then I was able to successfully write to it from OP-TEE and read from Linux with:

root@stm32mp2:~# hexdump -C /sys/bus/nvmem/devices/stm32-tamp-nvram0/nvmem

View solution in original post

Christophe Guibout · ‎2025-08-13

Hello @rossU,

You use TAMP_BKP49R, which is in Zone2 (Read Nonsecure/Write secure) : you should be able to read it from the linux kernel: could you please detail how you read this tamper in linux ?

BR,

Christophe

In order to give better visibility on the answered topics, please click on 'Accept as Solution' on the reply which solved your issue or answered your question.

rossU · ‎2025-08-13

Ok, so looks like I wasn't able to write to TAMP_BKP49R because I had to first acknowledge tamper to unlock the register by clearing tamper flag in _TAMP_SCR. Then I was able to successfully write to it from OP-TEE and read from Linux with:

root@stm32mp2:~# hexdump -C /sys/bus/nvmem/devices/stm32-tamp-nvram0/nvmem