Skip to main content
R
Radha Kadam
Associate
June 11, 2026
Question

STM32MP257F-EV1 - Ethernet Port Not Working + CM33 Firmware Signing Key Issue - OpenSTLinux v26.02.18

  • June 11, 2026
  • 5 replies
  • 26 views

Dear ST Support Team,

Thank you for your continued support. We are working with the STM32MP257F-EV1 evaluation board and have two issues we need help resolving.

Hardware: STM32MP257F-EV1 Evaluation Board (MB1936D)
Software Package: OpenSTLinux v26.02.18 (stm32mp2-openstlinux-6.6-yocto-scarthgap-mpu-v26.02.18)
Host OS: Ubuntu 26.04
STM32CubeIDE: v2.1.1
STM32CubeProgrammer: v2.22.0
Flash Layout Used: FlashLayout_sdcard_stm32mp257f-ev1-ca35tdcid-ostl-m33-examples-optee.tsv

---
ISSUE 1: ETHERNET PORT (end0 / ETH1) NOT WORKING
---

The Ethernet interface end0 shows NO-CARRIER even when a cable is physically connected.

Observations:
- ip link show end0 → state DOWN, NO-CARRIER
- cat /sys/class/net/end0/carrier → 0
- ethtool end0 | grep 'Link detected' → Link detected: no
- udhcpc -i end0 → broadcasts DHCP but gets no response
- The Ethernet driver loads correctly: stm32-dwmac 482d0000.eth2 end0
- We have tried ETH1 and ETH2 ports on the board
- We have tried different cables and different router ports
- The board MAC address shows: 10:e7:7a:e3:ee:33

Questions:
1. Is end0 mapped to ETH1 or ETH2 on the STM32MP257F-EV1 board?
2. Is there any additional configuration required to enable Ethernet on v26.02.18?
3. Is there a known issue with Ethernet on this board revision (MB1936D)?

---
ISSUE 2: CM33 FIRMWARE SIGNING KEY MISMATCH
---

We have successfully flashed OpenSTLinux v26.02.18 with the full optee layout and confirmed:
- remoteproc0 fw_format = TEE
- The pre-built example firmware (USBPD_DRP_UCSI_CM33_NonSecure_sign.bin) loads and runs correctly
- STM32CubeIDE debugger successfully attaches to the running CM33

However, when we sign our own CM33 firmware using sign_rproc_fw.py, OP-TEE rejects it:

   tee_remoteproc: TA_RPROC_FW_CMD_LOAD_FW invoke failed TEE err: ffff0006
   remoteproc remoteproc0: Boot failed: -5

Error 0xffff0006 = TEE_ERROR_SECURITY (signature verification failure)

Signing command used:
   python3 sign_rproc_fw.py --in CM33_LED_CM33_NonSecure.elf --out CM33_LED_sign.bin --key default.pem

Keys tried (all have identical MD5: c5254a254e63da936a640d0a0093bcf0):
- STM32CubeMP2-1.3.0/Utilities/optee_os/keys/default.pem
- sdk/sysroots/cortexa35-ostl-linux/usr/include/optee/export-user_ta_arm64/keys/default.pem
- sdk/sysroots/cortexa35-ostl-linux/usr/include/optee/export-user_ta_arm64/keys/default_ta.pem
- sdk_x86_installed/.../keys/default.pem

We also tried flashing with the opteemin layout hoping it uses the development key, but found that the opteemin image does NOT include the remoteproc OP-TEE TA (80a4c275-0a47-4905-8285-1486a9771a08.ta), so remoteproc stays in deferred probe state.

Questions:
1. What is the correct signing key (.pem file) to use with sign_rproc_fw.py for CM33 firmware on OpenSTLinux v26.02.18 with the full optee layout?
2. Where can we obtain the private key that matches the OP-TEE remoteproc TA built into the v26.02.18 flash image?
3. Is there a recommended development workflow for signing and loading custom CM33 NonSecure firmware with v26.02.18?
4. Does the opteemin layout support custom CM33 firmware loading? If yes, what is the correct procedure?

---

We are currently able to connect to the board via USB network (192.168.7.1) and USB serial console. The STM32CubeIDE debugger successfully connects to CM33 when the example firmware is running.

Please let us know if you need any additional logs or information.

Thank you for your support.

Best regards,
Radha Gaikwad

5 replies

Olivier GALLIEN
Olivier GALLIEN
ST Technical Moderator
June 11, 2026

Hi ​@Radha Kadam 

Thanks for your post.

It would be more convenient to create one post per issue. 

We will keep this ticket to address the ETH issue, can you please create another one for the M33 Signing one ? 

Thanks 

Olivier 

Olivier GALLIEN In order to give better visibility on the answered topics, please click on 'Accept as Solution' on the reply which solved your issue or answered your question.
R
Radha KadamAuthor
Associate
June 11, 2026

CM33 FIRMWARE SIGNING KEY MISMATCH
---

We have successfully flashed OpenSTLinux v26.02.18 with the full optee layout and confirmed:
- remoteproc0 fw_format = TEE
- The pre-built example firmware (USBPD_DRP_UCSI_CM33_NonSecure_sign.bin) loads and runs correctly
- STM32CubeIDE debugger successfully attaches to the running CM33

However, when we sign our own CM33 firmware using sign_rproc_fw.py, OP-TEE rejects it:

   tee_remoteproc: TA_RPROC_FW_CMD_LOAD_FW invoke failed TEE err: ffff0006
   remoteproc remoteproc0: Boot failed: -5

Error 0xffff0006 = TEE_ERROR_SECURITY (signature verification failure)

Signing command used:
   python3 sign_rproc_fw.py --in CM33_LED_CM33_NonSecure.elf --out CM33_LED_sign.bin --key default.pem

Keys tried (all have identical MD5: c5254a254e63da936a640d0a0093bcf0):
- STM32CubeMP2-1.3.0/Utilities/optee_os/keys/default.pem
- sdk/sysroots/cortexa35-ostl-linux/usr/include/optee/export-user_ta_arm64/keys/default.pem
- sdk/sysroots/cortexa35-ostl-linux/usr/include/optee/export-user_ta_arm64/keys/default_ta.pem
- sdk_x86_installed/.../keys/default.pem

We also tried flashing with the opteemin layout hoping it uses the development key, but found that the opteemin image does NOT include the remoteproc OP-TEE TA (80a4c275-0a47-4905-8285-1486a9771a08.ta), so remoteproc stays in deferred probe state.

Questions:
1. What is the correct signing key (.pem file) to use with sign_rproc_fw.py for CM33 firmware on OpenSTLinux v26.02.18 with the full optee layout?
2. Where can we obtain the private key that matches the OP-TEE remoteproc TA built into the v26.02.18 flash image?
3. Is there a recommended development workflow for signing and loading custom CM33 NonSecure firmware with v26.02.18?
4. Does the opteemin layout support custom CM33 firmware loading? If yes, what is the correct procedure?

Erwan SZYMANSKI
Erwan SZYMANSKI
ST Technical Moderator
June 11, 2026

Hello ​@Radha Kadam ,
As mentioned by ​@Olivier GALLIEN, I will keep this ticket for the Ethernet topic.

1. Is end0 mapped to ETH1 or ETH2 on the STM32MP257F-EV1 board?
With the software provided by ST, end0 corresponds to ETH2, and end1 corresponds to ETH1.

2. Is there any additional configuration required to enable Ethernet on v26.02.18?
No.. By default, the software prepared and delivered by ST configures ETH1 (end1) in by-pass mode (so not use the internal switch and is configured as a standalone port, like ETH2). If you take a Starter Image for your eval board, you will see that plugging an Ethernet link to ETH1 will make it work the same way as ETH2. Remember that on STM32MP257F-EV1 board, ETH1 is the Ethernet port placed in the middle (2nd out of 3).

3. Is there a known issue with Ethernet on this board revision (MB1936D)?
No, there is no known issue for ETH1 (RGMII) on this board.

Kind regards,
Erwan.

In order to give better visibility on the answered topics, please click on 'Accept as Solution' on the reply which solved your issue or answered your question.
R
Radha KadamAuthor
Associate
June 12, 2026

I am still facing issues interfacing ETH1 between my laptop and the ST board. The ETH1 port on the board does not detect the Ethernet cable even when it is properly connected between the laptop and the board.

Erwan SZYMANSKI
Erwan SZYMANSKI
ST Technical Moderator
June 12, 2026

Hello ​@Radha Kadam ,
Can you please precise if you work with a Starter SD Image provided by ST for this board ? Do you see end1 interface when you make a “ifconfig” command ?

Can you provide some logs about your tests / command ? If you are in direct link with a Laptop, did you put a static IP address on end1 interface, and the laptop in the same IP address range ?

Do not hesitate to share more logs here for me to analyze it. In theory, if you are with the default software provided by ST (still need to confirm this), if you connect the ETH1 port to a router that has a DHCP server, you should see an IP assigned to end1 automatically.

Kind regards,
Erwan.

In order to give better visibility on the answered topics, please click on 'Accept as Solution' on the reply which solved your issue or answered your question.
R
Radha KadamAuthor
Associate
June 12, 2026

Thank you for your response. Please find our answers below.

---
Q1: Are you working with a Starter SD Image provided by ST?
---

Yes. We are using the official ST OpenSTLinux image:
   stm32mp2-openstlinux-6.6-yocto-scarthgap-mpu-v26.02.18

Flash layout used:
   FlashLayout_sdcard_stm32mp257f-ev1-ca35tdcid-ostl-m33-examples-optee.tsv

Flashed using STM32CubeProgrammer v2.22.0.

---
Q2: Do you see end1 interface when you make ifconfig?
---

No. We only see end0 (ETH2). The end1 interface (ETH1) never appears.

ifconfig output:
   end0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
         inet 192.168.1.x  netmask 255.255.255.0
         ether 10:e7:7a:e3:ee:33

ip link show output:
   Only end0 appears. No end1.

ls /sys/bus/platform/devices/ | grep 482c
   (returns nothing - ETH1 device never instantiated)

ls /sys/bus/platform/drivers/stm32-dwmac/
   482d0000.eth2   (only ETH2 is present)

---
Q3: Logs and test results
---

Boot log shows ETH1 is blocked by RIFSC:
   stm32-rifsc 42080000.bus: eth1@482c0000: Device driver will not be probed, error: -13
   (error -13 = EACCES, Permission denied)

RIFSC dump shows:
   ETH1 || ID 60 || NSEC || PRIV || CID filtering enabled
   ETH2 || ID 61 || NSEC || PRIV || CID filtering enabled

Device tree analysis:
   ETH1 node: status = okay
   ETH1 access-controllers = phandle 0x18, ID 0x3c (60) - correctly set
   ETH2 node: status = okay
   ETH2 access-controllers = phandle 0x18, ID 0x3d (61) - correctly set

Both ETH1 and ETH2 have identical RIFSC and DTB configuration.
Only ETH2 (end0) works. ETH1 is blocked before the driver loads.

---
Q4: Direct link with laptop - static IP test
---

We have not been able to test direct link with laptop because end1 never appears.
We connected ETH1 port to:
   - Router with DHCP server -> no IP assigned, end1 not visible
   - Direct cable to laptop -> end1 still not visible

The interface end1 does not exist in the system at all.

---
Q5: Router with DHCP - did you connect ETH1 to router?
---

Yes. We connected the ETH1 port (physical port labeled ETH1 on the board) to our
TP-Link router which has a DHCP server. No IP was assigned and end1 never appeared
because the interface is never created by the kernel.

Erwan SZYMANSKI
Erwan SZYMANSKI
ST Technical Moderator
June 12, 2026

Hello ​@Radha Kadam ,
That is really strange, if you take the default Starter Package released with the release version you talk about, flashing this flashlayout flashlayout_st-image-weston/optee/FlashLayout_sdcard_stm32mp257f-ev1-optee.tsv should give you the following output from ifconfig:

root@stm32mp2-e3-ad-dd:~# ifconfig                                                                                                                      
end0      Link encap:Ethernet  HWaddr 10:E7:7A:E3:AD:DD                                                                                                 
          UP BROADCAST MULTICAST  MTU:1500  Metric:1                                                                                                    
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0                                                                                            
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0                                                                                          
          collisions:0 txqueuelen:1000                                                                                                                  
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)                                                                                                        
          Interrupt:85                                                                                                                                  
                                                                                                                                                        
end1      Link encap:Ethernet  HWaddr 10:E7:7A:E3:AD:DE                                                                                                 
          UP BROADCAST MULTICAST  MTU:1500  Metric:1                                                                                                    
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0                                                                                            
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0                                                                                          
          collisions:0 txqueuelen:1000                                                                                                                  
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)                                                                                                        
          Interrupt:79 Base address:0x8000                                                                                                              
                                                                                                                                                        
lo        Link encap:Local Loopback                                                                                                                     
          inet addr:127.0.0.1  Mask:255.0.0.0                                                                                                           
          inet6 addr: ::1/128 Scope:Host                                                                                                                
          UP LOOPBACK RUNNING  MTU:65536  Metric:1                                                                                                      
          RX packets:99 errors:0 dropped:0 overruns:0 frame:0                                                                                           
          TX packets:99 errors:0 dropped:0 overruns:0 carrier:0                                                                                         
          collisions:0 txqueuelen:1000                                                                                                                  
          RX bytes:7625 (7.4 KiB)  TX bytes:7625 (7.4 KiB)                                                                                              
                                                                                                                                                        
usb0      Link encap:Ethernet  HWaddr 86:2F:06:85:A9:81                                                                                                 
          UP BROADCAST MULTICAST  MTU:1500  Metric:1                                                                                                    
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0                                                                                            
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0                                                                                          
          collisions:0 txqueuelen:1000                                                                                                                  
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B) 

Could you please firstly try to flash again your SD card and make sure your Boot Pins are in the right configuration to boot on your fresh new software.

Please, also confirm that you make a try with the Starter Package and not with something you compiled yourself.

If still not working, can you give the output of the following command: dmesg | grep stm32-dwmac

Kind regards,
Erwan.

 

In order to give better visibility on the answered topics, please click on 'Accept as Solution' on the reply which solved your issue or answered your question.
Terms & ConditionsAccessibility statement