ST STM32U5 Series User Manual page 11

Antitamper peripheral
The platform resets with internal and external tamper sources deactivated in the TAMP peripheral.
To meet the platform resistance against physical attackers, the Integrator should configure the TAMP peripheral
with anti‑tamper methods available in the device when using the following functions:
• Nonvolatile derived hardware unique key (DHUK) usage.
• Volatile key storage in backup register (TAMP_BKPxR) or in embedded SRAM2.
• Battery-powered storage in 2-Kbyte backup SRAM. Size depends on the configuration bit.
• Cryptographic functions in hardware engines (SAES, AES, HASH, PKA, OTFDEC).
For TAMP peripheral configuration, refer to its dedicated section in
When a tamper flag raises (tampering detected), the Integrator must implement a security response, for example,
a platform reset. Refer to Section 3.7.3 Tamper detection and response in
4.2.2 Available interfaces and methods of use (AGD_OPE.1.2C and AGD_OPE.1.3C)
To exercise the functions and privileges described in
(AGD_OPE.1.1C), the Integrator interacts with the TOE interfaces described in this section:
• Physical chip interface
• Flash option bytes and flash registers
• JTAG/SWD debug interface
• True random number generation
• Cryptographic functions interface
Physical chip interface
After providing the power supply and clocks and deasserting the reset signal (Refer to RCC and PWR sections of
[RM_U5] or [RM_WBA5]
boot hardcoded address.
Method of use:
• Activate the power supplies and clocks of the platform.
• Reset the device.
Parameters:
• Not applicable
Actions:
• The Cortex
area which is HDP and write‑protected.
Errors:
• The platform firmware does not start properly if the expected vector table of the Integrator firmware is not
located at the boot address in the user flash memory. The Cortex
table points toward a nonsecure area (see Section 2.3.2 in
Flash option bytes
The Integrator in the secure boot must read the flash option bytes to confirm that the platform is set in the certified
configuration defined in
Method of use:
• The Cortex
UM3387 - Rev 1
for details on power-on and reset procedures), the platform firmware starts at a unique
®
-M33 processor first executes in secure mode the code located in an internal flash memory
Section 3.2.3.
®
-M33 processor in secure mode performs read access in the flash registers.
[RM_U5] or [RM_WBA5].
[RM_U5]
Section 4.2.1: User‑accessible functions and privileges
®
-M33 goes to error states if its vector
[RM_U5] or [RM_WBA5]
UM3387
Operational user guidance
or [RM_WBA5].
for details).
page 11/22