6.12 Antitamper (TAMP)/backup registers (BKP)
The antitamper is a system level protection, used to detect physical tampering attempts on the system.
An external tamper event is detected by a level transition on dedicated device pins. Internal tamper sensors
can check voltage, temperature, or clock. This event can be used to wake up the core in order to take appropriate
actions (such as memory erase or alarm).
This TAMP peripheral includes backup registers with contents preserved by V
BAT
, along with the real-time clock
(RTC). These registers can be reset if a tamper attempt is detected.
On some STM32 devices, this peripheral is known as backup registers (BKP). On recent devices, it has evolved
with additional features, such as monotonic counter, or secure section for TrustZone® secure area.
When to use the antitamper
It must be used for system intrusion detection (in consumer products sealed enclosures for example).
The monotonic counter is a countermeasure against tampering with the RTC.
Note: The external tamper detection is available on all STM32 devices. More information about tamper functionality
usage is available, for example, in AN4759.
6.13 Clock security system (CSS)
The CSS is designed to detect a failure of an external clock source (a crystal for example). A loss of clock
source is intentional or not. In any case, the device must take appropriate actions to recover. The CSS triggers an
interrupt to the core in such event.
If the external clock source drives the main system clock, the CSS switches the system to an internal clock
source.
When to use the CSS
The CSS must be used when an external clock is used.
Note: The CSS is available on all STM32 devices.
6.14
Power monitoring (PVD)
Some attacks target the MCU power supply to cause errors that lead to a failure of security countermeasures.
A loss of power supply sometimes denotes an attempt to freeze the device state in order to access the internal
memory content.
The STM32 devices embed a programmable voltage detector (PVD) that can detect a drop of power. The
PVD allows the configuration of a minimum voltage threshold, below which an interrupt is generated, so that
appropriate actions are implemented.
When to use the PVD
The PVD must be used as soon as a sensitive application runs, and is likely to leave some confidential data in the
working memory (SRAM). A memory cleaning can be launched in case of power down detection.
Note: The PVD is available on all STM32 devices.
6.15
Memory integrity hardware check
The error code correction (ECC) and parity checks are safety bits associated to the memory content:
• The ECC is associated to the memory words, used to recover from a single-bit error, or to detect up to two
erroneous bits on each flash memory or SRAM word (32- to 256-bit word depending on the memory type).
Refer to the AN5342 for more details.
• A simple parity check allows the detection of a single error bit on the SRAM words where ECC is not
implemented.
When to use ECC and parity check
ECC and parity checks are mostly used for safety reasons. The ECC can also be used to prevent some invasive
hardware attacks.
Note: This integrity protection is available on all devices except STM32F1 and STM32L1. STM32H7 devices are
champion in ECC protection.
AN5156
Antitamper (TAMP)/backup registers (BKP)
AN5156 - Rev 8
page 39/56
To Next Page
Loading...
Need help?
General
