2024-07-26 07:30 AM - edited 2024-07-30 12:40 AM
Hello,
I enabled STSAFE in the TFM app on a B-U585I-IOT02A board following the instructions shown in UM2851, by adding the PSA_USE_SE_ST compile switch in the TFM_Appli secure and non-secure projects, and I enabled the USE_PAIRING switch.
When I run the TFM app, I get an error on the console saying: "Secure Element driver initialization failure", and the portion of application shown below loops infinitely without starting.
[INF] Flash operation: Op=0x0, Area=0x0, Address=0x0
[INF] Starting bootloader OEMiROT
[INF] Checking BL2 NV area
[INF] Checking BL2 NV area header
[INF] Checking BL2 NV Counter consistency
[INF] Consistent BL2 NV Counter 0 = 0x1000000
[INF] Consistent BL2 NV Counter 1 = 0x1000000
[INF] Consistent BL2 NV Counter 2 = 0x1000000
[INF] Consistent BL2 NV Counter 3 = 0x1000000
[INF] Swap type: none
[INF] Swap type: none
[INF] Swap type: none
[INF] Swap type: none
[INF] Starting validation of primary slot(s)
[INF] verify counter 0 1000000 1000000
[INF] counter 0 : ok
[INF] hash ref OK
[INF] verify counter 1 1000000 1000000
[INF] counter 1 : ok
[INF] hash ref OK
[INF] verify counter 2 1000000 1000000
[INF] counter 2 : ok
[INF] hash ref OK
[INF] verify counter 3 1000000 1000000
[INF] counter 3 : ok
[INF] hash ref OK
[INF] Bootloader chainload address offset: 0x28000
[INF] Jumping to the first image slot
[INF] BL2 HUK 5f5f5f5f5f4b5548..5f45554c5f5f5f5f set to BL2 SHARED DATA
[INF] BL2 SEED 94f68511a9be8acb..bd9204224a9c8cf3 set to BL2 SHARED DATA
[INF] Code c006000 c01880c
[INF] hash TFM_SBSFU_Boot fc2abb1 .. e2773a47
[Sec Thread] Secure image initializing!
TF-M isolation level is: 0x00000002
Booting TFM v1.3.0
Secure Element driver initialization failure
I'm using the default values for the USE_PAIRING switch:
#define USE_COMPUTED_HOST_KEYS 1U
#define USE_SELF_PROVISIONING 0U
When I disable the USE_PAIRING switch to use only the PSA_USE_SE_ST switch enabled, the Secure Element driver gets initialized but the portion of application presented below loops indefinitely.
[INF] Flash operation: Op=0x0, Area=0x0, Address=0x0
[INF] Starting bootloader OEMiROT
[INF] Checking BL2 NV area
[INF] Checking BL2 NV area header
[INF] Checking BL2 NV Counter consistency
[INF] Consistent BL2 NV Counter 0 = 0x1000000
[INF] Consistent BL2 NV Counter 1 = 0x1000000
[INF] Consistent BL2 NV Counter 2 = 0x1000000
[INF] Consistent BL2 NV Counter 3 = 0x1000000
[INF] Swap type: none
[INF] Swap type: none
[INF] Swap type: none
[INF] Swap type: none
[INF] Starting validation of primary slot(s)
[INF] verify counter 0 1000000 1000000
[INF] counter 0 : ok
[INF] hash ref OK
[INF] verify counter 1 1000000 1000000
[INF] counter 1 : ok
[INF] hash ref OK
[INF] verify counter 2 1000000 1000000
[INF] counter 2 : ok
[INF] hash ref OK
[INF] verify counter 3 1000000 1000000
[INF] counter 3 : ok
[INF] hash ref OK
[INF] Bootloader chainload address offset: 0x28000
[INF] Jumping to the first image slot
[INF] BL2 HUK 5f5f5f5f5f4b5548..5f45554c5f5f5f5f set to BL2 SHARED DATA
[INF] BL2 SEED 8e8d9a6f9c362103..d5ecb0c1683c88d6 set to BL2 SHARED DATA
[INF] Code c006000 c01880c
[INF] hash TFM_SBSFU_Boot fc2abb1 .. e2773a47
[Sec Thread] Secure image initializing!
TF-M isolation level is: 0x00000002
Booting TFM v1.3.0
Secure Element driver initialized
Any help is welcome.
Thanks.
Solved! Go to Solution.
2024-07-30 06:55 AM
I don't know what is going wrong with the STM32Cube Firmware versions 1.5 and 1.6, but I finally got it working with STSAFE by downgrading back to the firmware version 1.4.
I think this should be addressed in the upcoming firmware version upgrade. @Diane POMABIA
2024-07-30 06:55 AM
I don't know what is going wrong with the STM32Cube Firmware versions 1.5 and 1.6, but I finally got it working with STSAFE by downgrading back to the firmware version 1.4.
I think this should be addressed in the upcoming firmware version upgrade. @Diane POMABIA
2024-08-01 03:27 AM
Hello @SedCore ,
Can you send the project with version 1.5 which is not working to test if it is a possible regression?
thanks in advance.
Regards
2024-08-02 02:10 AM
Hi @STea , I just used the project in the official STM32CubeU5 package v1.5, downloaded from here.
The project is inside this path: en.stm32cubeu5-v1-5-0/Projects/B-U585I-IOT02A/Applications/TFM
I don't know if it is a regression, but from the release notes of version 1.5, I just read that the following was added:
Synchronize secure_fw/partitions/crypto/crypto_spe.h with mbed-crypto/tests/include/spe/crypto_spe.h (mbed-tls-v2.28.5_20240108)
Regards.