 Hello, and welcome to this presentation of the STM32 tamper and backup registers. It covers the main features of this peripheral, which is used to ensure security protection against physical and environmental external attacks. The TAMP peripheral features an ultra-low-power anti-tamper detection, which runs in all low-power modes. Additionally, the TAMP is functional even when the main supply is off and the VBAT domain supplied by a backup battery. The TAMP block embeds 128 bytes of backup registers used to preserve data when the main supply is off. These backup registers can be used to store secure data as they are erased when a tamper event is detected on the tamper pins. In addition, the backup SRAM is also erased when a tamper event occurs. Three external events can be detected with three different configuration modes depending on the security application requirements, and six internal events can be generated based on embedded monitors ensuring protection against environmental attacks. The TAMP registers can be configured to be protected against non-secure access. The key features of the TAMP are 128 bytes of backup registers split into 32 32-bit backup registers. These registers are preserved in all low-power modes and in VBAT mode and are erased when a tamper detection event occurs on any one of the three tamper pins or on the internal tamper monitors. Up to three external tamper events are supported. The modes of these tamper events can be configured either in passive mode or in active mode, allowing either three passive tamper pins and events or one active tamper plus one passive tamper event available in all low-power modes and VBAT. The passive mode can either be IO edge detection or level detection with configurable filtering and internal pull-up, which is the lowest power tamper detection mode. The anti-tamper circuitry includes ultra-low-powered digital filtering, avoiding false tamper detections on IOs. Each external tamper event can be individually configured to erase or not the backup registers and backup SRAM. Six internal events from various monitors also erase the backup registers and backup SRAM. The tamper events can generate an RTC timestamp event. The Quad-SPI interface is fully compatible with the one available on the STM32-L4 and STM32-F7 series, allowing a straightforward reuse of applications developed on these devices when this interface is managed by the ARM Cortex-M4 core. Here is the TAMP block diagram. The TAMP has two clock sources. The first one is the TAMP clock, RTC CLK, which is only used for the tamper detection in level mode with filtering and for active tamper detection. The second clock is the APB clock used for TAMP and backup registers, read and write accesses. Tamper's edge detection or internal tamper's detection do not need any clock. The TAMP clock can use either the high-speed external oscillator or HSE, divided by the RTC-DIV divider in the resetting clock control from 1 to 64. The other clock sources are the low-speed external oscillator or LSE, or the low-speed internal oscillator or LSI. Only LSE or LSI are functional in stop and standby modes. Only LSE is functional in VBAT mode. Several internal features can generate a tamper event. The temperature monitoring, the VBAT voltage monitoring, the LSE monitoring, the HSE monitoring, an RTC calendar overflow, and the monotonic counter overflow. By default, all tamper's detection will erase the backup registers and the backup SRAM. The TAMP registers are write protected to avoid any possible parasitic write accesses. First, the disabled backup domain protection bit must be set in the power controller control register in order to enable TAMP write accesses. The TAMP supports trust zone protection against non-secure write access. The protection can be set for the complete TAMP registers except backup registers by clearing the DEC PROT bit in the TAMP secure mode control register. The TAMP registers protected with DEC PROT can be read with secure and non-secure access. The backup registers have their own protection setting. The backup registers can be split into three protection zones. The size of each zone is configured by software. The protection zone one is protected against non-secure read access and against non-secure write access. This zone starts from backup registers zero and ends with the register defined by the BKPRWD PROT field in the TAMP SMCR register. The protection zone two is protected against non-secure write access but can be read with secure and non-secure access. This zone starts from the register defined by the BKPRWD PROT field and ends with the register defined by the BKPWD PROT field in the TAMP SMCR register. The protection zone three is not protected against non-secure access. This zone starts from the register defined by the BKPWD PROT field in the TAMP SMCR register and ends with the last backup register 31. After a backup domain power on reset, all TAMP registers can be read or written with secure and non-secure access except for the TAMP secure mode control register which can be written with secure access only. The TAMP protection configuration is not affected by a system reset. Accessing a secure protected register with non-secure access is done in silent mode. The read protected registers are read as zero. The write protected bits are not written without notification. As soon as at least one function is configured to be secured, the RTC and TAMP reset and clock control is also secured in the RCC. The TAMP features an ultra low power tamper detection security. The purpose is to protect the device content and functionality against external attacks. This is required for secure applications. In case of intrusion, sensitive data are automatically erased. Three tamper input pins and events are supported and are functional in all low power modes and in VBAT mode. Two output pins used in active tamper mode are functional in all low power modes and in VBAT mode. In the default configuration, the backup registers and the backup SRAM content are erased when a tamper event is detected. Each tamper event can be individually configured to not erase the backup registers and the backup SRAM. In this case, the software can perform some checks to discriminate if it is a true or a false tamper event and then decide to launch the backup registers and the backup SRAM erasure by setting the BK Erase bit in the TAMP CR2 register in case the tamper event is confirmed to be real. Passive tamper can be configured either in edge detection mode or in level detection with filtering mode. In edge detection mode, it is possible to configure the detection on the rising or falling edge. In level detection with filtering mode, the internal IO pull-up is used to detect the anti-tamper switch open state. The IO pull-up is applied only during the pre-charging pulse in order to avoid any consumption if the tamper pin is at a low level. The pre-charging pulse duration is configurable to support different capacitance values and can be one, two, four, or eight RTC clock cycles. The pin level is sampled at the end of the pre-charging pulse. The tamper detection circuit includes an ultra-low-powered digital filter to reduce the risk of false tamper events detection. It consists of detecting a given number of consecutive identical events before issuing an interrupt to wake up the device. This number is configurable and can be two, four, or eight events at a programmable sampling rate ranging from one to 128 Hz. This figure illustrates tamper detection using the internal pull-up. The internal pull-up can be applied for one, two, four, or eight cycles. If the switch is open, the level is pulled up by the resistor. If the switch is closed, the level remains low. The input voltage is sampled at the end of the pre-charge pulse. The tamper detection can be configured in active mode for a higher security level. The passive tamper detection just checks a static level. So if the attack manages to short the tamper input pin to the inactive state, the tamper event will not be detected. The active tamper is able to detect the physical open short attacks. With the active tamper, the MCU outputs a random pattern continuously on the tap-out pin. This output pin must be shorted externally to a tap-in pin. The comparison between the two pins is done continuously. So if there's a short on the tamper pin or if the external wire is broken by a physical intrusion, it will be detected thanks to the fact that after each tap-out value coming from a random number generator, the opposite value is also sent after. So it is not possible to have a long sequence of same zero or one values. The change frequency of the tap-out value is software programmable and impacts the intrusion detection maximum time. The power consumption can be reduced by decreasing the tap-out frequency and consequently increasing the detection time. A PCB mesh is used for active tamper detection. The tamper events can be individually configured to be passive only the input is needed or active and output must be associated to an input for comparison. In active tamper mode, the tamper output pin to be compared with each tamper input pin is selected by software and the same output can be used for several inputs. A digital filter can be enabled to reduce the risk of false tamper events detection. In this case, the tamper is detected only when two comparisons are false in four consecutive comparison samples. Several monitors are integrated in the device to detect perturbation and environmental attacks. These monitors are connected to the internal tamper detection blocks which can be individually enabled or disabled and which erase the backup registers and backup SRAM content in case of internal tamper event. A 32-bit monotonic counter is implemented in the temp referral. This register is read only and is incremented by one when a write access is done to this register. This register cannot roll over and is frozen when reaching the maximum value. The 2 power 32 last write into this counter can generate a tamper event. The monotonic counter overflow is connected to the internal tamper detection block 8. Environmental perturbation attacks can be detected thanks to V-BAT voltage monitoring and temperature monitoring both available in all low power modes and in V-BAT mode. For each monitor, the low level and the high level thresholds are programmable. V-BAT voltage monitor is connected to the internal tamper detection block 1 and the temperature monitor is connected to the internal tamper detection block 2. An RTC clock attack can be detected thanks to the LSE clock security system in the reset and clock control which detects when the LSE stops toggling. The CSS on LSE is available in all low power modes but not in V-BAT mode. CSS on LSE is connected to the internal tamper detection block 3. If the HSE is used as a system clock, a tamper can be generated in case the HSE stops toggling thanks to the HSE clock security system in the reset and clock control. CSS on HSE is connected to the internal tamper detection block 4. Software attacks to corrupt the RTC counters can be detected thanks to the RTC calendar overflow generated when the RTC calendar reaches its maximum value on the 31st of December 99 at 235959. The calendar is then frozen and cannot overflow. The RTC calendar overflow is connected to the internal tamper detection block 5. Each tamper detection event, external and internal, can generate and interrupt. The TAMP peripheral is active in all low power modes and in V-BAT mode. In stop and standby modes, the level detection with filtering and active tamper modes remain active only when the clock source is LSE or LSI. Note that only the LSE clock is functional in V-BAT mode. If the tamper source is available in low power mode, the TAMP interrupts cause the device to exit a low power mode. This is a list of peripherals related to the tamper and backup registers peripheral. Please refer to these peripheral trainings for more information if needed. Reset and clock control. Power control. Real-time clock.