FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Detecting Tamper Events While the Device is Powered Off on STM32MP1

aksamaz
Associate

‎2025-01-28 05:22 AM - edited ‎2025-01-28 05:47 AM

I am working with the STM32MP1 and using the STM32MP1 Ecosystem v6.0.0, Developer Package. have successfully enabled and configured the tamper detection feature using OP-TEE and the device tree. The tamper detection works as expected when the device is powered on. However, I am facing difficulties in detecting tamper events while the device is powered off.

I want to detect tamper events even when the device is powered off. From my understanding, the TAMP (Tamper) unit and RTC can operate from the VBAT domain, allowing tamper detection in power-off states. However, I have not been able to achieve this functionality.

 

Enabled the TAMP unit and configured the tamper pins in the device tree.

stm32mp135f-dk.dts:
 
&tamp {
st,tamp-passive-nb-sample = <4>;
st,tamp-passive-sample-clk-div = <16384>;
st,tamp-passive-precharge = <4>;
 
//wakeup-source;
//wakeup-parent = <&exti>;
 
/* Tamper button */
tamp-button {
tamper-gpios = <&gpioc 3 GPIO_PULL_UP>;
st,tamp-mode = <TAMPER_CONFIRMED_MODE>;
st,trig-on;
st,tamp-id = <5>;
status = "okay";
};
 
/* Connect pin8 and pin22 from CN8 */
tamp-active {
// LETTA tamper-gpios = <&gpioc 0 0>, <&gpioi 0 0>;
tamper-gpios = <&gpiof 10 0>, <&gpioi 2 0>;
st,tamp-mode = <TAMPER_CONFIRMED_MODE>;
st,tamp-id = <1>, <4>;
status = "disabled";
};
};

 

Tamper detection works as expected when the device is powered on.

VBAT Support:

The device has a backup battery (VBAT) connected, which should allow the TAMP unit to operate in power-off states.


I am unsure how to configure the system to detect tamper events while the device is powered off.

I am also unclear about the role of TF-A (Trusted Firmware-A) in this process and whether it needs to be configured to handle tamper events during power-off states.

Questions

Does TF-A need to be configured to handle tamper events detected while the device is powered off?

If so, how can I configure TF-A to read tamper flags from the TAMP unit during the boot process?

What steps are required to ensure that tamper events are detected and stored (e.g., in RTC backup registers) while the device is powered off?

How can I retrieve this information when the device is powered back on?

Are there any specific configurations or updates in STM32MP1 Ecosystem v6.0.0 that I should be aware of for this use case?

Additional Information

optee-os-stm32mp-4.0.0-stm32mp-r1

tf-a-stm32mp-v2.10.5-stm32mp-r1-r0

linux-stm32mp-6.6.48-stm32mp-r1-r0

 

The tamper detection is critical for my application, and I need to ensure it works in both powered-on and powered-off states.Could someone please guide me on how to achieve tamper detection while the device is powered off? Specifically:

How to configure TF-A and OP-TEE to handle tamper events in power-off states.

How to ensure tamper events are stored and retrieved when the device is powered back on.

Any relevant configurations or examples for STM32MP1 Ecosystem v6.0.0.

Thank you in advance for your support!

Labels:
0 Kudos
1 REPLY 1
GatienC
ST Employee

‎2025-01-29 06:26 AM - edited ‎2025-01-29 06:26 AM

Hello Aksamaz,

If a tamper is detected in power-off mode, in OSTLV6.0, TF-A will print out a tamper alert (TFA bl2_plat_setup.c (check_tamper_event).

More info as well here: Tamper configuration 

As of what to do when such event occurs, it is up to you to modify the sequence to save some information where you want it to be saved. (TF-A when coming back from a low-power state, or from power-off state). 

What you're trying to achieve should be possible as long as the tamper clock is still running in VBAT (i.e: LSE/LSI still active in power-off state) and that the TAMP peripheral configuration is correct.

I hope this helps,

Gatien

0 Kudos
Top