cancel
Showing results for 
Search instead for 
Did you mean: 

STSAFE option do no start in TFM app on B-U585I-IOT02A board

SedCore
Associate III

Hello,

I enabled STSAFE in the TFM app on a B-U585I-IOT02A board following the instructions shown in UM2851, by adding the PSA_USE_SE_ST compile switch in the TFM_Appli secure and non-secure projects, and I enabled the USE_PAIRING switch.

When I run the TFM app, I get an error on the console saying: "Secure Element driver initialization failure", and the portion of application shown below loops infinitely without starting.

 

[INF] Flash operation: Op=0x0, Area=0x0, Address=0x0
[INF] Starting bootloader OEMiROT
[INF] Checking BL2 NV area
[INF] Checking BL2 NV area header
[INF] Checking BL2 NV Counter consistency
[INF] Consistent BL2 NV Counter 0  = 0x1000000
[INF] Consistent BL2 NV Counter 1  = 0x1000000
[INF] Consistent BL2 NV Counter 2  = 0x1000000
[INF] Consistent BL2 NV Counter 3  = 0x1000000
[INF] Swap type: none
[INF] Swap type: none
[INF] Swap type: none
[INF] Swap type: none
[INF] Starting validation of primary slot(s)
[INF] verify counter  0 1000000 1000000
[INF] counter  0 : ok
[INF] hash ref OK
[INF] verify counter  1 1000000 1000000
[INF] counter  1 : ok
[INF] hash ref OK
[INF] verify counter  2 1000000 1000000
[INF] counter  2 : ok
[INF] hash ref OK
[INF] verify counter  3 1000000 1000000
[INF] counter  3 : ok
[INF] hash ref OK
[INF] Bootloader chainload address offset: 0x28000
[INF] Jumping to the first image slot
[INF] BL2 HUK 5f5f5f5f5f4b5548..5f45554c5f5f5f5f set to BL2 SHARED DATA
[INF] BL2 SEED 94f68511a9be8acb..bd9204224a9c8cf3 set to BL2 SHARED DATA
[INF] Code c006000 c01880c
[INF] hash TFM_SBSFU_Boot  fc2abb1 .. e2773a47
[Sec Thread] Secure image initializing!
TF-M isolation level is: 0x00000002
Booting TFM v1.3.0
Secure Element driver initialization failure

 

I'm using the default values for the USE_PAIRING switch:

#define USE_COMPUTED_HOST_KEYS 1U

#define USE_SELF_PROVISIONING 0U

 

When I disable the USE_PAIRING switch to use only the PSA_USE_SE_ST switch enabled, the Secure Element driver gets initialized but the portion of application presented below loops indefinitely.

 

[INF] Flash operation: Op=0x0, Area=0x0, Address=0x0
[INF] Starting bootloader OEMiROT
[INF] Checking BL2 NV area
[INF] Checking BL2 NV area header
[INF] Checking BL2 NV Counter consistency
[INF] Consistent BL2 NV Counter 0  = 0x1000000
[INF] Consistent BL2 NV Counter 1  = 0x1000000
[INF] Consistent BL2 NV Counter 2  = 0x1000000
[INF] Consistent BL2 NV Counter 3  = 0x1000000
[INF] Swap type: none
[INF] Swap type: none
[INF] Swap type: none
[INF] Swap type: none
[INF] Starting validation of primary slot(s)
[INF] verify counter  0 1000000 1000000
[INF] counter  0 : ok
[INF] hash ref OK
[INF] verify counter  1 1000000 1000000
[INF] counter  1 : ok
[INF] hash ref OK
[INF] verify counter  2 1000000 1000000
[INF] counter  2 : ok
[INF] hash ref OK
[INF] verify counter  3 1000000 1000000
[INF] counter  3 : ok
[INF] hash ref OK
[INF] Bootloader chainload address offset: 0x28000
[INF] Jumping to the first image slot
[INF] BL2 HUK 5f5f5f5f5f4b5548..5f45554c5f5f5f5f set to BL2 SHARED DATA
[INF] BL2 SEED 8e8d9a6f9c362103..d5ecb0c1683c88d6 set to BL2 SHARED DATA
[INF] Code c006000 c01880c
[INF] hash TFM_SBSFU_Boot  fc2abb1 .. e2773a47
[Sec Thread] Secure image initializing!
TF-M isolation level is: 0x00000002
Booting TFM v1.3.0
Secure Element driver initialized

 

 

Any help is welcome.

Thanks.

@STea @Jocelyn RICARD 

1 ACCEPTED SOLUTION

Accepted Solutions
SedCore
Associate III

I don't know what is going wrong with the STM32Cube Firmware versions 1.5 and 1.6, but I finally got it working with STSAFE by downgrading back to the firmware version 1.4.

I think this should be addressed in the upcoming firmware version upgrade. @Diane POMABIA 

View solution in original post

3 REPLIES 3
SedCore
Associate III

I don't know what is going wrong with the STM32Cube Firmware versions 1.5 and 1.6, but I finally got it working with STSAFE by downgrading back to the firmware version 1.4.

I think this should be addressed in the upcoming firmware version upgrade. @Diane POMABIA 

Hello @SedCore ,

Can you send the project with version 1.5 which is not working to test if it is a possible regression?
thanks in advance. 
Regards

In order to give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

Hi @STea , I just used the project in the official STM32CubeU5 package v1.5, downloaded from here.

The project is inside this path: en.stm32cubeu5-v1-5-0/Projects/B-U585I-IOT02A/Applications/TFM

I don't know if it is a regression, but from the release notes of version 1.5, I just read that the following was added:

Synchronize secure_fw/partitions/crypto/crypto_spe.h with mbed-crypto/tests/include/spe/crypto_spe.h (mbed-tls-v2.28.5_20240108)

Regards.