FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

STM32MP257F-EV1 rebooting at hpdma after otp write

Jredpath
Associate II

‎2026-05-01 4:37 AM

Hi,

I have a  OTP provisioning script that wrote OTP 1 with value 0x000000ff, executing a partial close of security state B. The board now passes ROM/FSBL/OP-TEE/U-Boot but resets when the Linux kernel probes the first RIF-protected peripheral (HPDMA3). Disabling HPDMA3 in DT causes the same reset on HPDMA2, indicating closed-state RIF policy is being enforced globally regardless of the device tree configuration applied by OP-TEE

Can the board be returned to a open state using an rma procedure? 

Kind Regards,

Jack Redpath

 

 

Labels:
0 Kudos
4 REPLIES 4
OlivierK
ST Employee

‎2026-05-05 3:14 AM

Hi  

 

Do you have the JTAG 5pins available? if so, you may try opening the BSEC using the procedure described in the RM457 life cycle management. 

Can you tell more about this script that wrote OTP1 to 0xff? where does it come from?

 

Kind Regards

Olivier


In order to give better visibility on the answered topics, please click on 'Accept as Solution' on the reply which solved your issue or answered your question.
0 Kudos
Jredpath
Associate II

‎2026-05-05 4:31 AM

OTP 1 was a red herring, we have an internal script that writes OTPs as part of our provisioning sequence.  I have tested just writing OTP 246 which should set the build id and it runs into the same problem which I thought was strange.  Doesn't seem to be related to anything security or RIF related: 

Jredpath_0-1777980632785.png

I do have the JTAG available, could you point me to the RM457 life cycle management?

Kind Regards,

Jack Redpath

0 Kudos
Jredpath
Associate II

‎2026-05-05 4:35 AM

Also, we are using an Android image which is based on OpenSTDroid Starter package (Android 13, kernel 6.1, ST-v6.x bootloader stack), with customer-specific kernel DT and userspace on top. Secure-world (TF-A / OP-TEE) are unmodified from the OpenSTDroid Release

 

Kind Regards,

Jack Redpath

0 Kudos
OlivierK
ST Employee
In response to Jredpath

‎2026-05-05 4:57 AM

Hi @Jredpath 

I was refering to the product Reference Manual RM0457 

https://www.st.com/resource/en/reference_manual/rm0457-stm32mp25xx-advanced-armbased-3264bit-mpus-stmicroelectronics.pdf

There is a described procedure to open the BSEC p308. By default the BSEC opening password is 0x0 (if not already programmed). 

 

Kind Regards

Olivier

 


In order to give better visibility on the answered topics, please click on 'Accept as Solution' on the reply which solved your issue or answered your question.
0 Kudos
Top