Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- STMicroelectronics Community
- STM32 MPUs
- STM32 MPUs Embedded software and solutions
- STM32MP157C DFU unstable with Secure Boot enabled ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
STM32MP157C DFU unstable with Secure Boot enabled (SCMI active)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2026-01-28 11:48 PM - edited 2026-01-29 8:05 AM
Hello,
I am facing an issue with DFU mode on an STM32MP157C when Secure Boot is enabled (OTP locked) and SCMI is active via OP-TEE, and I would like to confirm whether this is an expected behavior or a known limitation.
I am using STM32CubeProgrammer to load FSBL and the FIP image into RAM, then entering U-Boot DFU mode in order to flash the eMMC. This workflow is used for recovery and reprogramming purposes.
I am using the same software stack (ATF 2.12, OP-TEE 4.3.0, U-Boot 2025.01, device tree with SCMI configuration) on the two boards (based on stm32mp157c-dk2).
The only difference between them is the Secure Boot state: one board is not locked, the other one has Secure Boot enabled.
On the non-locked board, DFU works reliably with STM32CubeProgrammer. I can enter DFU mode, send the FlashLayout, and perform multiple DFU transactions without any issue. OP-TEE does print errors related to SCMI TA loading, but DFU continues normally.
On the locked board, DFU becomes unstable. Typically, the initial DFU upload works, but when sending the FlashLayout, DFU fails with a “Wrong sequence number” error. This behavior is reproducible and only happens when Secure Boot is enabled.
Boot over usb0!
D/TC:? 0 tee_ta_init_pseudo_ta_session:303 Lookup pseudo TA 1a8342cc-81a5-4512-99fe-9e2b3e37d626
D/TC:? 0 ldelf_load_ldelf:110 ldelf load address 0x105000
D/LD: ldelf:142 Loading TS 1a8342cc-81a5-4512-99fe-9e2b3e37d626
D/TC:? 0 ldelf_syscall_open_bin:163 Lookup user TA ELF 1a8342cc-81a5-4512-99fe-9e2b3e37d626 (early TA)
D/TC:? 0 ldelf_syscall_open_bin:167 res=0xffff0008
D/TC:? 0 ldelf_syscall_open_bin:163 Lookup user TA ELF 1a8342cc-81a5-4512-99fe-9e2b3e37d626 (Secure Storage TA)
D/TC:? 0 ldelf_syscall_open_bin:167 res=0xffff0009
E/LD: init_elf:493 sys_open_ta_bin(1a8342cc-81a5-4512-99fe-9e2b3e37d626)
E/TC:? 0 ldelf_init_with_ldelf:152 ldelf failed with res: 0xffff0009
D/TC:? 0 tee_ta_open_session:696 init session failed 0xffff0009
dfu_alt_init: dfu_alt_num=4
DFU alt info setting: dfu_fill_entity: @FlashLayout/0x00/1*256Ke ram c2000000 40000 interface: ram dev: <NULL>
dfu_fill_entity: @virtual/0xf1/1*512Be interface: virt dev: 241
dfu_fill_entity: @OTP/0xf2/1*776Be interface: virt dev: 242
dfu_fill_entity: @PMIC/0xf4/1*8Be interface: virt dev: 244
done
D/TC:? 0 tee_ta_init_session_with_context:557 Re-open trusted service 94cf71ad-80e6-40b5-a7c6-3dc501eb2803
D/TC:? 0 tee_ta_close_session:460 csess 0x2ffe7e00 id 2
D/TC:? 0 tee_ta_close_session:479 Destroy session
D/TC:? 0 tee_ta_init_session_with_context:557 Re-open trusted service 94cf71ad-80e6-40b5-a7c6-3dc501eb2803
D/TC:? 0 tee_ta_close_session:460 csess 0x2ffe7e00 id 2
D/TC:? 0 tee_ta_close_session:479 Destroy session
D/TC:? 0 tee_ta_init_session_with_context:557 Re-open trusted service a8cfe406-d4f5-4a2e-9f8d-a25dc754c099
D/TC:? 0 tee_ta_close_session:460 csess 0x2ffe7e00 id 2
D/TC:? 0 tee_ta_close_session:479 Destroy session
D/TC:? 0 tee_ta_init_session_with_context:557 Re-open trusted service a8cfe406-d4f5-4a2e-9f8d-a25dc754c099
D/TC:? 0 tee_ta_close_session:460 csess 0x2ffe7e00 id 2
D/TC:? 0 tee_ta_close_session:479 Destroy session
D/TC:? 0 tee_ta_init_session_with_context:557 Re-open trusted service a8cfe406-d4f5-4a2e-9f8d-a25dc754c099
D/TC:? 0 tee_ta_close_session:460 csess 0x2ffe7e00 id 2
D/TC:? 0 tee_ta_close_session:479 Destroy session
D/TC:? 0 tee_ta_init_session_with_context:557 Re-open trusted service a8cfe406-d4f5-4a2e-9f8d-a25dc754c099
D/TC:? 0 tee_ta_close_session:460 csess 0x2ffe7e00 id 2
D/TC:? 0 tee_ta_close_session:479 Destroy session
D/TC:? 0 tee_ta_init_session_with_context:557 Re-open trusted service a8cfe406-d4f5-4a2e-9f8d-a25dc754c099
D/TC:? 0 tee_ta_close_session:460 csess 0x2ffe7e00 id 2
D/TC:? 0 tee_ta_close_session:479 Destroy session
dfu_read: name: @virtual/0xf1/1*512Be buf: 0xdc77c100 size: 0x1000 p_num: 0x0 i_buf: 0x00000000
dfu_transaction_initiate: @virtual/0xf1/1*512Be 512 [B]
#
UPLOAD ... done
Ctrl+C to exit ...
dfu_write: name: @FlashLayout/0x00/1*256Ke buf: 0xdc77c100 size: 0x1c8 p_num: 0x2 offset: 0x0 bufoffset: 0x0
dfu_write: Wrong sequence number! [0] [2]In both cases, OP-TEE reports errors while trying to load the SCMI Trusted Application (UUID 1a8342cc-81a5-4512-99fe-9e2b3e37d626), returning TEE_ERROR_ITEM_NOT_FOUND. The difference seems to be that this SCMI-related error is tolerated on a non-locked board, while on a locked board the stricter Secure Boot behavior appears to interfere with the DFU flow.
My goal is to be able to re-enter DFU mode and reflash the board using CubeProgrammer even when the board is locked, for recovery or update purposes.
Please fin attached, OP-TEE config.h file and the both boot logs
Best regards,
Fabien
Labels:
- Labels:
-
OP-TEE
-
STM32MP15 lines
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2026-02-02 11:55 PM
Hello,
I would like to add some additional observations that may help to understand the issue.
I also performed similar tests using U-Boot UMS (USB Mass Storage) mode.
On the non-locked board, UMS works as expected and the eMMC is correctly exposed to the host PC.
On the locked board, UMS does not work properly: the host PC does not detect the eMMC at all.
I initially suspected the EZTPZ firewall configuration issue on SDMMC2, especially since the behavior differs only when the board is locked.
However, according to the STM32MP157 reference manual (RM0436) and after reviewing the TF-A and OP-TEE code, SDMMC peripherals are not assigned to the Secure World and should remain accessible from the Non-Secure World by default. This is different from STM32MP13 devices, where SDMMC instances can explicitly be assigned to either the Secure or Non-Secure world.
Has anyone encountered a similar behavior on locked STM32MP157 devices?Is there a specific Secure Boot or OP-TEE configuration required to keep DFU/UMS fully functional when the board is locked?
My sdmmc2 configuration :
&sdmmc2{
pinctrl-names = "default", "opendrain", "sleep";
pinctrl-0 = <&sdmmc2_pins_mx>;
pinctrl-1 = <&sdmmc2_opendrain_pins_mx>;
pinctrl-2 = <&sdmmc2_sleep_pins_mx>;
non-removable;
no-sd;
no-sdio;
st,neg-edge;
bus-width = <8>;
vmmc-supply = <&v3v3>;
vqmmc-supply = <&vdd>;
mmc-ddr-3_3v;
status = "okay";
};
&pinctrl {
sdmmc2_pins_mx: sdmmc2_mx-0 {
pins1 {
pinmux = <STM32_PINMUX('A', 8, AF9)>, /* SDMMC2_D4 */
<STM32_PINMUX('A', 9, AF10)>, /* SDMMC2_D5 */
<STM32_PINMUX('B', 3, AF9)>, /* SDMMC2_D2 */
<STM32_PINMUX('B', 4, AF9)>, /* SDMMC2_D3 */
<STM32_PINMUX('B', 14, AF9)>, /* SDMMC2_D0 */
<STM32_PINMUX('B', 15, AF9)>, /* SDMMC2_D1 */
<STM32_PINMUX('C', 7, AF10)>, /* SDMMC2_D7 */
<STM32_PINMUX('E', 5, AF9)>, /* SDMMC2_D6 */
<STM32_PINMUX('G', 6, AF10)>; /* SDMMC2_CMD */
bias-disable;
drive-push-pull;
slew-rate = <1>;
};
pins2 {
pinmux = <STM32_PINMUX('E', 3, AF9)>; /* SDMMC2_CK */
bias-disable;
drive-push-pull;
slew-rate = <3>;
};
};
sdmmc2_opendrain_pins_mx: sdmmc2_opendrain_mx-0 {
pins1 {
pinmux = <STM32_PINMUX('A', 8, AF9)>, /* SDMMC2_D4 */
<STM32_PINMUX('A', 9, AF10)>, /* SDMMC2_D5 */
<STM32_PINMUX('B', 3, AF9)>, /* SDMMC2_D2 */
<STM32_PINMUX('B', 4, AF9)>, /* SDMMC2_D3 */
<STM32_PINMUX('B', 14, AF9)>, /* SDMMC2_D0 */
<STM32_PINMUX('B', 15, AF9)>, /* SDMMC2_D1 */
<STM32_PINMUX('C', 7, AF10)>, /* SDMMC2_D7 */
<STM32_PINMUX('E', 5, AF9)>; /* SDMMC2_D6 */
bias-disable;
drive-push-pull;
slew-rate = <1>;
};
pins2 {
pinmux = <STM32_PINMUX('E', 3, AF9)>; /* SDMMC2_CK */
bias-disable;
drive-push-pull;
slew-rate = <3>;
};
pins3 {
pinmux = <STM32_PINMUX('G', 6, AF10)>; /* SDMMC2_CMD */
bias-disable;
drive-open-drain;
slew-rate = <1>;
};
};
sdmmc2_sleep_pins_mx: sdmmc2_sleep_mx-0 {
pins {
pinmux = <STM32_PINMUX('A', 8, ANALOG)>, /* SDMMC2_D4 */
<STM32_PINMUX('A', 9, ANALOG)>, /* SDMMC2_D5 */
<STM32_PINMUX('B', 3, ANALOG)>, /* SDMMC2_D2 */
<STM32_PINMUX('B', 4, ANALOG)>, /* SDMMC2_D3 */
<STM32_PINMUX('B', 14, ANALOG)>, /* SDMMC2_D0 */
<STM32_PINMUX('B', 15, ANALOG)>, /* SDMMC2_D1 */
<STM32_PINMUX('C', 7, ANALOG)>, /* SDMMC2_D7 */
<STM32_PINMUX('E', 3, ANALOG)>, /* SDMMC2_CK */
<STM32_PINMUX('E', 5, ANALOG)>, /* SDMMC2_D6 */
<STM32_PINMUX('G', 6, ANALOG)>; /* SDMMC2_CMD */
};
};
};
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2026-04-10 2:31 AM
Hi @FabienL
Sorry to come late in this thread.
Do you have any update ?
Olivier
Olivier GALLIEN
In order to give better visibility on the answered topics, please click on 'Accept as Solution' on the reply which solved your issue or answered your question.
In order to give better visibility on the answered topics, please click on 'Accept as Solution' on the reply which solved your issue or answered your question.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2026-04-10 2:40 AM
Related Content
- Import an OpenSTLinux Project in CubeIDE 2.1.0 in STM32 MPUs Software development tools
- STM32MP157C - iwdg1 reset during programming via USB in STM32 MPUs Products and hardware related
- Flashing device in Closed_device / Secured_Locked state over USB (DFU) in STM32 MPUs Software development tools
- STM32 ADC UBoot Driver failing when trying to enable ADC voltage regulator (ADVREGEN) in STM32 MPUs Embedded software and solutions