platform: nordic: Configure the TAMPC for nRF54L series

Configure the TAMPC peripheral in the nRF54L series to fire
an interrupt and result to a TF-M core panic when a Cracen
or a slow/fast domain tampering is detected.

Signed-off-by: Georgios Vasilakis <[email protected]>

Author: Vge0rge

platform/ext/target/nordic_nrf/common/core/CMakeLists.txt

@@ -102,6 +102,7 @@ target_sources(platform_s
         nrfx_glue.c
         native_drivers/mpu_armv8m_drv.c
         native_drivers/spu.c
+        $<$<BOOL:${NRF_TAMPC_ENABLE}>:${CMAKE_CURRENT_SOURCE_DIR}/native_drivers/tampc.c>
         $<$<BOOL:${TFM_EXCEPTION_INFO_DUMP}>:${CMAKE_CURRENT_SOURCE_DIR}/nrf_exception_info.c>
         $<$<OR:$<BOOL:${TFM_S_REG_TEST}>,$<BOOL:${TFM_NS_REG_TEST}>>:${CMAKE_CURRENT_SOURCE_DIR}/plat_test.c>
         $<$<BOOL:${TEST_PSA_API}>:${CMAKE_CURRENT_SOURCE_DIR}/pal_plat_test.c>
@@ -237,6 +238,13 @@ if(NRF_SECURE_APPROTECT)
     )
 endif()
 
+if(NRF_TAMPC_ENABLE)
+    target_compile_definitions(tfm_spm
+    PRIVATE
+        NRF_TAMPC_ENABLE
+    )
+endif()
+
 #========================= Files for building NS side platform ================#
 
 configure_file(config_nordic_nrf_spe.cmake.in

platform/ext/target/nordic_nrf/common/core/config.cmake

@@ -38,6 +38,7 @@ set(BL2                                 ON         CACHE BOOL      "Whether to b
 set(NRF_NS_SECONDARY                    ${BL2}     CACHE BOOL      "Enable non-secure secondary partition")
 set(NRF_APPROTECT                       OFF        CACHE BOOL      "Enable approtect")
 set(NRF_SECURE_APPROTECT                OFF        CACHE BOOL      "Enable secure approtect")
+set(NRF_TAMPC_ENABLE                    ON         CACHE BOOL      "Enable the tamper controller (TAMPC)")
 
 # Platform-specific configurations
 set(CONFIG_TFM_USE_TRUSTZONE            ON)

platform/ext/target/nordic_nrf/common/core/faults.c

@@ -128,3 +128,20 @@ void MPC00_IRQHandler(void)
     MPC_Handler();
 }
 #endif
+
+#ifdef NRF_TAMPC
+__attribute__((naked)) void TAMPC_IRQHandler(void)
+{
+    EXCEPTION_INFO();
+
+#ifdef TFM_EXCEPTION_INFO_DUMP
+    nrf_exception_info_store_context();
+#endif
+
+    tfm_core_panic();
+
+    __ASM volatile(
+        "B         .                       \n"
+    );
+}
+#endif

platform/ext/target/nordic_nrf/common/core/native_drivers/tampc.c

@@ -0,0 +1,81 @@
+/*
+ * Copyright (c) 2025 Nordic Semiconductor ASA.
+ * SPDX-FileCopyrightText: Copyright The TrustedFirmware-M Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+
+
+#ifndef __TAMPC_H__
+#define __TAMPC_H__
+
+#include "target_cfg.h"
+#include <nrfx.h>
+#include <hal/nrf_tampc.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <stdbool.h>
+
+void tampc_enable_interrupts(void)
+{
+	nrf_tampc_int_enable(NRF_TAMPC, NRF_TAMPC_ALL_INTS_MASK);
+}
+
+static void tampc_clear_events(void)
+{
+	nrf_tampc_event_clear(NRF_TAMPC, NRF_TAMPC_EVENT_TAMPER);
+	nrf_tampc_event_clear(NRF_TAMPC, NRF_TAMPC_EVENT_WRITE_ERROR);
+}
+
+static void tampc_clear_statuses(void)
+{
+	/* The datasheet states that they detectors must be reset before the status is cleared. */
+	nrf_tampc_protector_ctrl_value_set(NRF_TAMPC, NRF_TAMPC_PROTECT_CRACEN, false);
+	nrf_tampc_protector_status_clear(NRF_TAMPC, NRF_TAMPC_PROTECT_CRACEN);
+
+	nrf_tampc_protector_ctrl_value_set(NRF_TAMPC, NRF_TAMPC_PROTECT_GLITCH_DOMAIN_FAST, false);
+	nrf_tampc_protector_status_clear(NRF_TAMPC, NRF_TAMPC_PROTECT_GLITCH_DOMAIN_FAST);
+
+	nrf_tampc_protector_ctrl_value_set(NRF_TAMPC, NRF_TAMPC_PROTECT_GLITCH_DOMAIN_SLOW, false);
+	nrf_tampc_protector_status_clear(NRF_TAMPC, NRF_TAMPC_PROTECT_GLITCH_DOMAIN_SLOW);
+}
+
+void tampc_configuration(void)
+{
+
+	tampc_clear_events();
+	tampc_clear_statuses();
+
+	/* Make sure that the CRACEN detector and the glitch detectors are enabled and lock
+	 * their configuration.
+	 */
+	nrf_tampc_protector_ctrl_value_set(NRF_TAMPC, NRF_TAMPC_PROTECT_CRACEN, true);
+	nrf_tampc_protector_ctrl_lock_set(NRF_TAMPC, NRF_TAMPC_PROTECT_CRACEN, true);
+
+	nrf_tampc_protector_ctrl_value_set(NRF_TAMPC, NRF_TAMPC_PROTECT_GLITCH_DOMAIN_FAST, true);
+	nrf_tampc_protector_ctrl_lock_set(NRF_TAMPC, NRF_TAMPC_PROTECT_GLITCH_DOMAIN_FAST, true);
+
+	nrf_tampc_protector_ctrl_value_set(NRF_TAMPC, NRF_TAMPC_PROTECT_GLITCH_DOMAIN_SLOW, true);
+	nrf_tampc_protector_ctrl_lock_set(NRF_TAMPC, NRF_TAMPC_PROTECT_GLITCH_DOMAIN_SLOW, true);
+
+	/* The INTRESETEN reset value is enabled on reset, in order to use the TAMPC interrupt
+	 * and not reset the device immediately the INTRESETEN is set to 0 here.
+	 */
+	nrf_tampc_protector_ctrl_value_set(NRF_TAMPC, NRF_TAMPC_PROTECT_RESETEN_INT, false);
+	nrf_tampc_protector_ctrl_lock_set(NRF_TAMPC, NRF_TAMPC_PROTECT_RESETEN_INT, false);
+
+	/* The active shield is not configured here yet, this will be added later. */
+}
+
+#endif

platform/ext/target/nordic_nrf/common/core/native_drivers/tampc.h

@@ -0,0 +1,49 @@
+/*
+ * Copyright (c) 2025 Nordic Semiconductor ASA.
+ * SPDX-FileCopyrightText: Copyright The TrustedFirmware-M Contributors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+
+
+#ifndef __TAMPC_H__
+#define __TAMPC_H__
+
+
+#include "target_cfg.h"
+#include <nrfx.h>
+#include <hal/nrf_tampc.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <stdbool.h>
+
+/**
+ * \brief Enable TAMPC interrupts
+ *
+ * Enable interrupts in the INTENSET register of TAMPC.
+ */
+void tampc_enable_interrupts(void);
+
+/**
+ * \brief TAMPC configuration
+ *
+ * Configures the TAMPC peripheral to monitor for Cracen and slow/fast domain hardware
+ * attacks and disables the default reset behavior in order to hanlde the event in the
+ * interrupt handler. It also locks the configuration of the CTRL registers
+ * so that they cannot be altered until reset.
+ * 
+ */
+void tampc_configuration(void);
+
+#endif

platform/ext/target/nordic_nrf/common/core/startup.h

@@ -44,6 +44,7 @@ void SPU30_IRQHandler(void);
 void MPC00_IRQHandler(void);
 
 void CRACEN_IRQHandler(void);
+void TAMPC_IRQHandler(void);
 
 /*
  * The default irq handler is used as a backup in case of

platform/ext/target/nordic_nrf/common/core/startup_nrf54l.c

@@ -89,7 +89,6 @@ DEFAULT_IRQ_HANDLER(SAADC_IRQHandler)
 DEFAULT_IRQ_HANDLER(NFCT_IRQHandler)
 DEFAULT_IRQ_HANDLER(TEMP_IRQHandler)
 DEFAULT_IRQ_HANDLER(GPIOTE20_1_IRQHandler)
-DEFAULT_IRQ_HANDLER(TAMPC_IRQHandler)
 DEFAULT_IRQ_HANDLER(I2S20_IRQHandler)
 DEFAULT_IRQ_HANDLER(QDEC20_IRQHandler)
 DEFAULT_IRQ_HANDLER(QDEC21_IRQHandler)

platform/ext/target/nordic_nrf/common/core/target_cfg_54l.c

@@ -30,6 +30,7 @@
 
 #include <spu.h>
 #include <nrfx.h>
+#include <tampc.h>
 
 #include <hal/nrf_gpio.h>
 #include <hal/nrf_spu.h>
@@ -456,6 +457,10 @@ enum tfm_plat_err_t spu_periph_init_cfg(void)
 	gpiote_channel_configuration();
 	gpio_configuration();
 
+#if defined(NRF_TAMPC_ENABLE)
+	tampc_configuration();
+#endif
+
 	nrf_cache_enable(NRF_ICACHE);
 
 	nrfx_err_t nrfx_err = rramc_configuration();
@@ -488,6 +493,7 @@ enum tfm_plat_err_t nvic_interrupt_target_state_cfg(void)
 
 	NVIC_ClearTargetState(NRFX_IRQ_NUMBER_GET(NRF_CRACEN));
 	NVIC_ClearTargetState(MPC00_IRQn);
+	NVIC_ClearTargetState(NRFX_IRQ_NUMBER_GET(NRF_TAMPC));
 
 #ifdef SECURE_UART1
 	/* IRQ for the selected secure UART has to target S state */
@@ -520,5 +526,11 @@ enum tfm_plat_err_t nvic_interrupt_enable(void)
 	 * therefore omitted here.
 	 */
 
+#if defined(NRF_TAMPC_ENABLE)
+	tampc_enable_interrupts();
+	NVIC_ClearPendingIRQ(NRFX_IRQ_NUMBER_GET(NRF_TAMPC));
+	NVIC_EnableIRQ(NRFX_IRQ_NUMBER_GET(NRF_TAMPC));
+#endif
+
 	return TFM_PLAT_ERR_SUCCESS;
 }