FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

STM32MP157F-EV1 Signing Tool crash during bitbake build

jdebaud
Associate II

‎2023-10-23 08:06 AM

Hello,

I am trying to enable secure boot on my STM32MP157F-EV1 board. I'm following the https://wiki.st.com/stm32mpu/wiki/How_to_perform_Secure_Boot_from_Distribution_package Tutorial.

The keys are created, the public hash is fused.

I've added the required information in the local.conf file to enable signature. (I also noticed that the compilation stop if the SIGN_KEY_stm32mp13 is not in this file, which I find weird because the conf file is made for a stm32mp15 board.)

SIGN_KEY = "key/stm32mp15/privateKey.pem"
SIGN_KEY_stm32mp15 = "key/stm32mp15/privateKey.pem"
SIGN_KEY_stm32mp13 = "key/stm32mp13/privateKey00.pem"
EXTERNAL_KEY_CONF = "1"
SIGN_KEY_PASS = "<password>"
SIGN_ENABLE = "1"
SIGN_TOOL = "/home/viveris/julien/STM32CubeProgrammer-2.14.0/bin/STM32MP_SigningTool_CLI"

The bitbake st-image-weston goes well until T-FA build. STM32MP Signing Tool v2.14.0 crash with a Segmentation Fault. Here is the console error:

|        -------------------------------------------------------------------
|                        STM32MP Signing Tool v2.14.0
|        -------------------------------------------------------------------
| 
|  Prime256v1 curve is selected.
| Segmentation fault (core dumped)
| WARNING: exit code 139 from a shell command.
ERROR: Task (/home/julien/new/layers/meta-st/meta-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp_2.8.bb:do_compile) failed with exit code '1'

Could it be an issue with keys path ?

I also tried to use the Signing Tool with an already compiled firmware, but same results: the Signing Tool crash when I give the key path.

Any hints ?

 

Thanks for your help,

Regards

Labels:
0 Kudos
12 REPLIES 12
jdebaud
Associate II

‎2023-11-17 07:55 AM

I've just tested out the SigningTool on my Ubuntu 22.04 Virtual machine and it worked correctly. Thus apparently it might be due to the Mint used on the compilation machine I am using with bitbake.

I'm testing the libraries dependencies, if I can find the issue.

0 Kudos
Erwan SZYMANSKI
ST Employee
In response to jdebaud

‎2023-11-17 07:57 AM

Thanks for your additional test on VM, please let me know if you find something more.

Kind regards,
Erwan.

In order to give better visibility on the answered topics, please click on 'Accept as Solution' on the reply which solved your issue or answered your question.
0 Kudos
jdebaud
Associate II
In response to Erwan SZYMANSKI

‎2023-11-28 06:17 AM

Hello, sorry for the delay.

 

I've tested the signing tool on a clean Linux Mint VM. I can confirm that there are issues on both sides:

- Using the CLI without specifying the argument first ends in a SIGSEGV. It is still giving the same issue: a libQt5core crash.

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff73417f4 in QString::append(QString const&) () from /media/sf_VM_Shared/STM32MPU-Tools/bin/../lib/libQt5Core.so.5

- Using the CLI with all the required arguments ends in a signed binary.

 Prime256v1 curve is selected. 
 Header version 1 preparation ... 
 Reading Private Key File... 
 ECDSA signature generated.
 Signature verification:  SUCCESS 
 The Signed image file generated successfully:  .../tf-a-stm32mp157f-ev1-sdcard-SIGNED.stm32

 

I will try to sign the fsbl with bitbake and come back to you later.

Regards

Top