Boot Failure on STM32MP157C: Secure Mode Issues (smc execution failure)

VivekB · ‎2025-03-05

Hi,

I am working with an STM32MP157CAA Rev.Z on a custom STM32CubeMX board running OpenSTLinux 6.6 (Yocto Scarthgap MPU v24.11.06). I have successfully integrated and bootstrapped various boot components.

I first got the TF-A and OPTEE to boot the system and now it is also able to bring up the uboot. However, while trying to boot up the uboot gets into an "secure mode execution errors". I am not sure where it is coming from? We have hash-and-boot-options_hash-and-boot-options.bin flashed into the OTP area. Is that something could potentially lead to this type of issue?

BL2 (TF-A) Loading

BL2 (TF-A) executes as expected and starts platform initialization.
The board is in trusted mode, and secure boot appears to be enabled.
Below are the logs confirming BL2 is executing:

NOTICE:  CPU: STM32MP157CAA Rev.Z
NOTICE:  Model: STMicroelectronics custom STM32CubeMX board - openstlinux-6.6-yocto-scarthgap-mpu-v24.11.06
NOTICE:  BL2: v2.10-stm32mp1-r1.0(release)
NOTICE:  BL2: Built : 14:58:08, Mar  4 2025
NOTICE:  TRUSTED_BOARD_BOOT support enabled

Image Loading Sequence

BL2 successfully attempts to load various images, including:
- TF-A (tf-a-stm32mp157c-ccb-mx_Signed.stm32)
- OP-TEE (tos-fw.bin, tos-fw-extra1.bin)
- SCP firmware (scp-fw.bin)
- NT firmware (nt-fw.bin)

ERROR:   BL2: Preparing to load image id 1 (tf-a-stm32mp157c-ccb-mx_Signed.stm32)
ERROR:   BL2: Loading image id 1 (tf-a-stm32mp157c-ccb-mx_Signed.stm32)
ERROR:   BL2: Calling load_auth_image() for image id 1 with base 0x2ffff000
ERROR:   ROTPK is not deployed on platform. Skipping ROTPK verification.

"ROTPK is not deployed", looks like Root of Trust Public Key (ROTPK) verification is being skipped. I am not sure whether this is expected behaviour in my setup or what is causing this.

OP-TEE Boot & Peripheral Initialization

OP-TEE initialises successfully and maps secure memory regions.
Secure components like TZC400, STPMIC, and STM32MP1 clocks are initialized.
However, multiple SMC call failures appear:

stm32_smc: Failed to exec svc=82001003 op=1 in secure mode (err = -1)

U-Boot Execution

U-Boot executes successfully but reports errors related to secure mode calls:

stm32_smc: Failed to exec svc=82001003 op=1 in secure mode (err = -1)

EFI system partition detection fails, which is unexpected:

No EFI system partition
Failed to persist EFI variables

At this point, the system does not proceed further due to the OP-TEE watchdog panic.

E/TC:0   Panic 'Watchdog' at core/drivers/stm32_iwdg.c:228 <stm32_iwdg_it_handler>

I have also attached the full boot_log.txt in the attachment for reference.

The below is the details of my platform:

Hardware & Software Details

CPU: STM32MP157CAA Rev.Z
Board: STMicroelectronics custom STM32CubeMX board
Software Version: OpenSTLinux 6.6 Yocto Scarthgap MPU (v24.11.06)
TF-A Version: v2.10-stm32mp1-r1.0 (Release)
U-Boot Version: 2023.10-stm32mp-r1
OP-TEE Version: REL_0.8.7-8-g79647115eb
Boot Mode: Trusted Mode with Secure Boot Enabled

I need some help to understand what are the areas I need to investigate to resolve this issue.

Many Thanks

Best Regards,

Vivek

VivekB · ‎2025-03-05

Hi,

One more information regarding this, I just figured out I have the following in my OPTEE conf file:

CFG_STM32MP15=y
CFG_STM32MP_PROFILE=system_services
CFG_STM32MP1_OPTEE_IN_SYSRAM=n

CFG_STM32MP_PROFILE=system_services

Does this OP-TEE is not running from SYSRAM but rather from DDR?

Also, figured this:

~/tf-a-local/arm-trusted-firmware$ grep -rn "82001003"
plat/st/stm32mp1/include/stm32mp1_smc.h:30:#define STM32_SMC_BSEC 0x82001003

Looks like the SMC call failing in U-Boot is related to BSEC (Boot Secure Engine Controller).

~/tf-a-local/arm-trusted-firmware$ grep -rn "STM32_SMC_BSEC" plat/st/stm32mp1/
plat/st/stm32mp1/include/stm32mp1_smc.h:21: * STM32_SMC_BSEC call API
plat/st/stm32mp1/include/stm32mp1_smc.h:25: * Argument a1: (input) Service ID (STM32_SMC_BSEC_xxx)
plat/st/stm32mp1/services/stm32mp1_svc_setup.c:35:	case STM32_SMC_BSEC:

I can see the stm32mp1_svc_setup.c file inside the tf-a repository (code base). But I can''t see it is being compiled.

However, the same is compiled as part of optee-os code base:

find . -name "stm32mp1_svc_setup.o" 2>/dev/null 
./output/build/optee-os-custom/out/core/arch/arm/plat-stm32mp1/nsec-service/stm32mp1_svc_setup.o

The following error seems to be coming from the file u-boot/arch/arm/match-stm32/include/match/stm32mp1_smc.h:

Board: stm32mp1 in trusted mode (st,stm32mp157c-ccb-mx)
VBDBG:stm32_smc: Failed to exec svc=82001003 op=1 in secure mode (err = -1)

#ifdef CONFIG_ARM_SMCCC
static inline u32 stm32_smc(unsigned long svc, unsigned long op,
			    unsigned long data1, unsigned long data2,
			    u32 *result)
{
	struct arm_smccc_res res;
	arm_smccc_smc(svc, op, data1, data2, 0, 0, 0, 0, &res);
	if (res.a0) {
		pr_err("VBDBG:%s: Failed to exec svc=%lx op=%lx in secure mode (err = %ld)\n",
		       __func__, svc, op, res.a0);
		return -EINVAL;
	}
	if (result)
		*result = (u32)res.a1;
	return 0;
}
#else

But I am not sure where arm_smcc_res is landing. The plat_svc_smc_handler is in tf-a code in the file plat/st/stm32mp1/services/stm32mp1_svc_setup.c but that file is not even being compiled at the moment:

~/tf-a-local/arm-trusted-firmware$ grep -rn "smc" plat/st/stm32mp1/
plat/st/stm32mp1/stm32mp1_critic_power_wrapper.S:13:#include <smccc_helpers.h>
plat/st/stm32mp1/services/stm32mp1_svc_setup.c:17:#include <stm32mp1_smc.h>
plat/st/stm32mp1/services/stm32mp1_svc_setup.c:25:void plat_svc_smc_handler(uint32_t smc_fid, u_register_t x1,
plat/st/stm32mp1/services/stm32mp1_svc_setup.c:31:	switch (smc_fid) {
plat/st/stm32mp1/services/stm32mp1_svc_setup.c:43:		scmi_smt_fastcall_smc_entry(0);
plat/st/stm32mp1/services/stm32mp1_svc_setup.c:46:		scmi_smt_fastcall_smc_entry(1);
plat/st/stm32mp1/services/stm32mp1_svc_setup.c:50:		WARN("Unimplemented STM32MP1 Service Call: 0x%x\n", smc_fid);
plat/st/stm32mp1/services/bsec_svc.c:14:#include <stm32mp1_smc.h>
vivekb@vivekb-ThinkBook-16-G6-IRL:~/tf-a-local/arm-trusted-firmware$ grep -rn "plat_svc_smc_handler" plat/st/stm32mp1/
plat/st/stm32mp1/services/stm32mp1_svc_setup.c:25:void plat_svc_smc_handler(uint32_t smc_fid, u_register_t x1,

I am slightly confused whether this file should be compiled a s apart of tf-a or optee-os or both? Does it at all matter? Apologies for the speculative question.

Did some further digging:

grep "CFG_STM32MP_PROFILE" output/build/optee-os-custom/out/conf.mk 
CFG_STM32MP_PROFILE=system_services

With this configuration would it support secure services like BSEC? I am not sure.

Thanks,

Vivek

VivekB · ‎2025-03-05

Update:

I have now modified the optee makefile as below:

git diff core/arch/arm/plat-stm32mp1/conf.mk
diff --git a/core/arch/arm/plat-stm32mp1/conf.mk b/core/arch/arm/plat-stm32mp1/conf.mk
index 3b3753986..be29fc892 100644
--- a/core/arch/arm/plat-stm32mp1/conf.mk
+++ b/core/arch/arm/plat-stm32mp1/conf.mk
@@ -124,11 +124,15 @@ ifeq ($(CFG_STM32MP13),y)
 CFG_STM32MP_PROFILE ?= secure_and_system_services
 endif #CFG_STM32MP13
 
+
 ifeq ($(CFG_STM32MP15),y)
 # STM32MP15: default select system_services, OP-TEE executes in DDR
 # (i.e. CFG_STM32MP1_OPTEE_IN_SYSRAM=n).
 # Alternate secure_and_system_services executes in SRAM
 # (i.e. CFG_STM32MP1_OPTEE_IN_SYSRAM=y).
+CFG_STM32MP1_OPTEE_IN_SYSRAM = y
+CFG_STM32MP_PROFILE = secure_and_system_services
+
 ifeq ($(CFG_STM32MP1_OPTEE_IN_SYSRAM),y)
 $(call force,CFG_STM32MP_PROFILE,secure_and_system_services)
 endif
@@ -140,6 +144,11 @@ $(call force,CFG_STM32MP1_OPTEE_IN_SYSRAM,n,Required by system_services profile)
 endif
 endif #CFG_STM32MP15
 
+$(info CFG_STM32MP15=$(CFG_STM32MP15))
+$(info CFG_STM32MP_PROFILE=$(CFG_STM32MP_PROFILE))
+$(info CFG_STM32MP1_OPTEE_IN_SYSRAM=$(CFG_STM32MP1_OPTEE_IN_SYSRAM))
+
+
 ifeq ($(filter $(CFG_STM32MP_PROFILE),system_services secure_and_system_services),)
 $(error CFG_STM32MP_PROFILE shall be one of system_services or secure_and_system_services)
 endif

And when I compile optee now I can see the below settings:

CFG_STM32MP15=y
CFG_STM32MP_PROFILE=secure_and_system_services
CFG_STM32MP1_OPTEE_IN_SYSRAM=y

So the optee is now in secure_and_system_services mode for sure. However when I now try booting the board it fails as below:

NOTICE:  CPU: STM32MP157CAA Rev.Z
NOTICE:  Model: STMicroelectronics custom STM32CubeMX board - openstlinux-6.6-yocto-scarthgap-mpu-v24.11.06
NOTICE:  Bootrom authentication failed
NOTICE:  BL2: v2.10-stm32mp1-r1.0(release):REL_0.8.7-8-g79647115eb-dirty(79647115)
NOTICE:  BL2: Built : 14:08:49, Mar  5 2025
NOTICE:  TRUSTED_BOARD_BOOT support enabled
ERROR:   BL2: Doing platform setup
ERROR:   BL2: Preparing to load image id 1 (tf-a-stm32mp157c-ccb-mx_Signed.stm32)
ERROR:   BL2: Loading image id 1 (tf-a-stm32mp157c-ccb-mx_Signed.stm32)
ERROR:   BL2: Calling load_auth_image() for image id 1 (tf-a-stm32mp157c-ccb-mx_Signed.stm32) with base 0x2ffff000
ERROR:   VBDBG: [common/bl_common.c:load_image:81] Entering function, image_id=17
ERROR:   VBDBG: [common/bl_common.c:load_image:89] Image Info: image_base=0x2ffff000, image_max_size=0x1000
ERROR:   VBDBG: [common/bl_common.c:load_image:108] Loading image id=17 at address 0x2ffff000
ERROR:   VBDBG: [common/bl_common.c:load_image:138] Image id=17 loaded: 0x2ffff000 - 0x2ffff23f (Size: 0x23f)
NOTICE:  ROTPK is not deployed on platform. Skipping ROTPK verification.
ERROR:   VBDBG: [common/bl_common.c:load_image:81] Entering function, image_id=1
ERROR:   VBDBG: [common/bl_common.c:load_image:89] Image Info: image_base=0x2ffff000, image_max_size=0x1000
ERROR:   VBDBG: [common/bl_common.c:load_image:108] Loading image id=1 at address 0x2ffff000
ERROR:   VBDBG: [common/bl_common.c:load_image:138] Image id=1 loaded: 0x2ffff000 - 0x2ffff1ea (Size: 0x1ea)
ERROR:   BL2: Preparing to load image id 4 (tos-fw.bin)
ERROR:   BL2: Loading image id 4 (tos-fw.bin)
ERROR:   BL2: Calling load_auth_image() for image id 4 (tos-fw.bin) with base 0xde000000
ERROR:   VBDBG: [common/bl_common.c:load_image:81] Entering function, image_id=7
ERROR:   VBDBG: [common/bl_common.c:load_image:89] Image Info: image_base=0xde000000, image_max_size=0x2000000
ERROR:   VBDBG: [common/bl_common.c:load_image:108] Loading image id=7 at address 0xde000000
ERROR:   VBDBG: [common/bl_common.c:load_image:138] Image id=7 loaded: 0xde000000 - 0xde000284 (Size: 0x284)
NOTICE:  ROTPK is not deployed on platform. Skipping ROTPK verification.
ERROR:   VBDBG: [common/bl_common.c:load_image:81] Entering function, image_id=10
ERROR:   VBDBG: [common/bl_common.c:load_image:89] Image Info: image_base=0xde000000, image_max_size=0x2000000
ERROR:   VBDBG: [common/bl_common.c:load_image:108] Loading image id=10 at address 0xde000000
ERROR:   VBDBG: [common/bl_common.c:load_image:138] Image id=10 loaded: 0xde000000 - 0xde00022a (Size: 0x22a)
ERROR:   VBDBG: [common/bl_common.c:load_image:81] Entering function, image_id=14
ERROR:   VBDBG: [common/bl_common.c:load_image:89] Image Info: image_base=0xde000000, image_max_size=0x2000000
ERROR:   VBDBG: [common/bl_common.c:load_image:108] Loading image id=14 at address 0xde000000
ERROR:   VBDBG: [common/bl_common.c:load_image:138] Image id=14 loaded: 0xde000000 - 0xde0002e2 (Size: 0x2e2)
ERROR:   VBDBG: [common/bl_common.c:load_image:81] Entering function, image_id=4
ERROR:   VBDBG: [common/bl_common.c:load_image:89] Image Info: image_base=0xde000000, image_max_size=0x2000000
ERROR:   VBDBG: [common/bl_common.c:load_image:108] Loading image id=4 at address 0xde000000
ERROR:   VBDBG: [common/bl_common.c:load_image:138] Image id=4 loaded: 0xde000000 - 0xde00002c (Size: 0x2c)
ERROR:   BL2: OP-TEE Load Address: 0xde000000
ERROR:   BL2: OP-TEE Image Size: 0x2c
ERROR:   OPTEE header parse error.
PANIC at PC : 0x2ffeeb9b

VivekB · ‎2025-03-05

I did a comparison of the previous and current (modified/upgraded) file sizes:

Previous trusted boot file sizes

vivekb@vivekb-ThinkBook-16-G6-IRL:~/workspace/source/JLRA-2007/SSB-buildroot/output/images/extracted_fip$ ls -la 
total 2736
drwxrwxr-x 2 vivekb vivekb    4096 Mar  5 14:38 .
drwxr-xr-x 4 vivekb vivekb    4096 Mar  5 14:37 ..
-rw-rw-r-- 1 vivekb vivekb     574 Mar  5 14:38 501D8DD2-8BCE-49A5-84EB-559A9F2EAEAF.bin
-rw-r--r-- 1 vivekb vivekb 1378678 Mar  5 14:38 fip.bin
-rw-rw-r-- 1 vivekb vivekb     506 Mar  5 14:38 fw-config.bin
-rw-rw-r-- 1 vivekb vivekb   84200 Mar  5 14:38 hw-config.bin
-rw-rw-r-- 1 vivekb vivekb  820768 Mar  5 14:38 nt-fw.bin
-rw-rw-r-- 1 vivekb vivekb     597 Mar  5 14:38 nt-fw-cert.bin
-rw-rw-r-- 1 vivekb vivekb     558 Mar  5 14:38 nt-fw-key-cert.bin
-rw-rw-r-- 1 vivekb vivekb      44 Mar  5 14:38 tos-fw.bin
-rw-rw-r-- 1 vivekb vivekb     737 Mar  5 14:38 tos-fw-cert.bin
-rw-rw-r-- 1 vivekb vivekb  108512 Mar  5 14:38 tos-fw-extra1.bin
-rw-rw-r-- 1 vivekb vivekb  360448 Mar  5 14:38 tos-fw-extra2.bin
-rw-rw-r-- 1 vivekb vivekb     554 Mar  5 14:38 tos-fw-key-cert.bin
-rw-rw-r-- 1 vivekb vivekb     644 Mar  5 14:38 trusted-key-cert.bin

Current fip files sizes

~/workspace/source/27-01-2025/SSB-buildroot/output/images/extracted_fip$ ls -la 
total 3640
drwxrwxr-x 2 vivekb vivekb    4096 Mar  5 14:42 .
drwxr-xr-x 5 vivekb vivekb    4096 Mar  5 14:42 ..
-rw-rw-r-- 1 vivekb vivekb     575 Mar  5 14:42 501D8DD2-8BCE-49A5-84EB-559A9F2EAEAF.bin
-rw-r--r-- 1 vivekb vivekb 1842256 Mar  5 14:42 fip.bin
-rw-rw-r-- 1 vivekb vivekb     490 Mar  5 14:42 fw-config.bin
-rw-rw-r-- 1 vivekb vivekb   84448 Mar  5 14:42 hw-config.bin
-rw-rw-r-- 1 vivekb vivekb 1172480 Mar  5 14:42 nt-fw.bin
-rw-rw-r-- 1 vivekb vivekb     597 Mar  5 14:42 nt-fw-cert.bin
-rw-rw-r-- 1 vivekb vivekb     558 Mar  5 14:42 nt-fw-key-cert.bin
-rw-rw-r-- 1 vivekb vivekb      44 Mar  5 14:42 tos-fw.bin
-rw-rw-r-- 1 vivekb vivekb     738 Mar  5 14:42 tos-fw-cert.bin
-rw-rw-r-- 1 vivekb vivekb   97264 Mar  5 14:42 tos-fw-extra1.bin
-rw-rw-r-- 1 vivekb vivekb  483328 Mar  5 14:42 tos-fw-extra2.bin
-rw-rw-r-- 1 vivekb vivekb     554 Mar  5 14:42 tos-fw-key-cert.bin
-rw-rw-r-- 1 vivekb vivekb     644 Mar  5 14:42 trusted-key-cert.bin

I am not seeing much of a difference.

GatienC · ‎2025-03-07

Hello Vivek,

First of all, you can learn more about the two different OP-TEE profiles at: STM32MPU_OP-TEE_profiles

Whether OP-TEE should run in internal RAM or not is dependent on your choice of running OP-TEE in memory that can be secured. The question is: do I want to have enhanced security hardening on my platform? It is done by enabling CFG_STM32MP1_OPTEE_IN_SYSRAM.

More information at: OP-TEE_in_SYSRAM_and_SRAMx

Please note that TF-A should be compiled accordingly so that it knows where to load OP-TEE (DDR vs SYSRAM). Given that OP-TEE will be constrained by the memory size, be aware that it will affect performances as OP-TEE pager will be embedded. You can assign more contiguous RAM memory (SRAMs) to give more space to OP-TEE (explained in the Wiki).

Now, regarding the following trace:

ROTPK is not deployed on platform. Skipping ROTPK verification.

I guess you want to perform trusted boot on your platform?

NOTICE:  TRUSTED_BOARD_BOOT support enabled

This probably indicates that your chip is not in a closed state, then TF-A doesn't verify the signatures of your firmware when booting. (plat_get_rotpk_info() in plat/st/common/stm32mp_trusted_boot.c in TF-A).

Is TF-A compiled with

STM32MP1_OPTEE_IN_SYSRAM?

Hope this helps,

Gatien

VivekB · ‎2025-03-07

Hi @GatienC ,

Thank you very much for the detailed response. I will go through all these and try to find out more and I will come back if I have any questions.

Many thanks

Best Regards,

Vivek

VivekB · ‎2025-03-11

Hi @GatienC I tried few things following your response. So first thing yes we are running trusted boot and that why my question was whether OP-TEE ST Profile should be system_services or secure_and_system_services? I am still not 100% sure but from what I can gather from your response and whatever I have looked around so far it should be secure_and_system_services? I am still trying it figure out if it is a "should be" or "must be" - and as I said I am still not 100% sure.

Now if it is secure_and_system_services then I must have that in the OP-TEE conf file. So I tried forcing that in the core/arch/arm/plat-stm32mp1/conf.mk file as below:

git diff core/arch/arm/plat-stm32mp1/conf.mk
diff --git a/core/arch/arm/plat-stm32mp1/conf.mk b/core/arch/arm/plat-stm32mp1/conf.mk
index 3cc62a1fa..5c10d4ef0 100644
--- a/core/arch/arm/plat-stm32mp1/conf.mk
+++ b/core/arch/arm/plat-stm32mp1/conf.mk
@@ -130,7 +130,7 @@ ifeq ($(CFG_STM32MP15),y)
 # (i.e. CFG_STM32MP1_OPTEE_IN_SYSRAM=n).
 # Alternate secure_and_system_services executes in SRAM
 # (i.e. CFG_STM32MP1_OPTEE_IN_SYSRAM=y).
+CFG_STM32MP_PROFILE = secure_and_system_services
 
 ifeq ($(CFG_STM32MP1_OPTEE_IN_SYSRAM),y)

Basically I have added this line in the conf:

CFG_STM32MP_PROFILE = secure_and_system_services

But default it seems to be taking system_services. Once I do that OPTEE seems to be getting into "header parse error":

NOTICE:  CPU: STM32MP157CAA Rev.Z
NOTICE:  Model: STMicroelectronics custom STM32CubeMX board - openstlinux-6.6-yocto-scarthgap-mpu-v24.11.06
NOTICE:  Bootrom authentication failed
NOTICE:  BL2: v2.10-stm32mp1-r1.0(release):REL_0.8.7-8-g79647115eb-dirty(79647115)
NOTICE:  BL2: Built : 10:41:18, Mar 11 2025
NOTICE:  TRUSTED_BOARD_BOOT support enabled
ERROR:   BL2: Doing platform setup
ERROR:   BL2: Preparing to load image id 1 (tf-a-stm32mp157c-ccb-mx_Signed.stm32)
ERROR:   BL2: Loading image id 1 (tf-a-stm32mp157c-ccb-mx_Signed.stm32)
ERROR:   BL2: Calling load_auth_image() for image id 1 (tf-a-stm32mp157c-ccb-mx_Signed.stm32) with base 0x2ffff000
ERROR:   VBDBG: [common/bl_common.c:load_image:138] Image id=17 loaded: 0x2ffff000 - 0x2ffff23e (Size: 0x23e)
ERROR:   VBDBG:plat_get_rotpk_info:164:ROTPK_NOT_DEPLOYED
NOTICE:  ROTPK is not deployed on platform. Skipping ROTPK verification.
ERROR:   VBDBG: [common/bl_common.c:load_image:138] Image id=1 loaded: 0x2ffff000 - 0x2ffff1ea (Size: 0x1ea)
ERROR:   BL2: Preparing to load image id 4 (tos-fw.bin)
ERROR:   BL2: Loading image id 4 (tos-fw.bin)
ERROR:   BL2: Calling load_auth_image() for image id 4 (tos-fw.bin) with base 0xde000000
ERROR:   VBDBG: [common/bl_common.c:load_image:138] Image id=7 loaded: 0xde000000 - 0xde000284 (Size: 0x284)
ERROR:   VBDBG:plat_get_rotpk_info:164:ROTPK_NOT_DEPLOYED
NOTICE:  ROTPK is not deployed on platform. Skipping ROTPK verification.
ERROR:   VBDBG: [common/bl_common.c:load_image:138] Image id=10 loaded: 0xde000000 - 0xde00022a (Size: 0x22a)
ERROR:   VBDBG: [common/bl_common.c:load_image:138] Image id=14 loaded: 0xde000000 - 0xde0002e1 (Size: 0x2e1)
ERROR:   VBDBG: [common/bl_common.c:load_image:138] Image id=4 loaded: 0xde000000 - 0xde00002c (Size: 0x2c)
ERROR:   BL2: OP-TEE Load Address: 0xde000000
ERROR:   BL2: OP-TEE Image Size: 0x2c
ERROR:   OPTEE header parse error.
PANIC at PC : 0x2ffeeb43

Please note the flag OPTEE_IN_SYSRAM in both OP-TEE and TF-A are not set:

CFG_STM32MP1_OPTEE_IN_SYSRAM in core/arch/arm/plat-stm32mp1/conf.mk file and STM32MP1_OPTEE_IN_SYSRAM in plat/st/stm32mp1/platform.mk are NOT set.

Next, I forced this flag in TF-A as below:

git diff plat/st/stm32mp1/platform.mk
diff --git a/plat/st/stm32mp1/platform.mk b/plat/st/stm32mp1/platform.mk
index d6cc67274..1909411e0 100644
--- a/plat/st/stm32mp1/platform.mk
+++ b/plat/st/stm32mp1/platform.mk
@@ -73,7 +73,7 @@ STM32_HEADER_VERSION_MAJOR:=  1
 STM32_HEADER_VERSION_MINOR:=   0
 STM32MP_CRYPTO_ROM_LIB :=      1
 
-STM32MP1_OPTEE_IN_SYSRAM ?=    0
+STM32MP1_OPTEE_IN_SYSRAM ?=    1
 
 # Decryption support
 ifneq ($(DECRYPTION_SUPPORT),none)

and in OP-TEE:

ifeq ($(CFG_STM32MP15),y)
129 # STM32MP15: default select system_services, OP-TEE executes in DDR
130 # (i.e. CFG_STM32MP1_OPTEE_IN_SYSRAM=n).
131 # Alternate secure_and_system_services executes in SRAM
132 # (i.e. CFG_STM32MP1_OPTEE_IN_SYSRAM=y).
133 CFG_STM32MP1_OPTEE_IN_SYSRAM = y
134 CFG_STM32MP_PROFILE = secure_and_system_services

Now when I flash the image I can see the "header parse error" goes away and it is running in secure_and_system_services profile but there is an init call failure in OP-TEE:

I/TC: OP-TEE ST profile: secure_and_system_services
E/TC:0 0 call_initcalls:43 Initcall __text_start + 0x0002e278 failed
I/TC: VBDBG: [core/kernel/dt_driver.c:535] Entering function probe_driver_node
I/TC: VBDBG: [core/kernel/dt_driver.c:541] Node name: cpu@0, Driver name: stm32-cpu
I/TC: VBDBG: [core/kernel/dt_driver.c:550] Probing driver: stm32-cpu on node: cpu@0
I/TC: VBDBG: [core/drivers/stm32_cpu_opp.c:872] Entering stm32_cpu_init()
I/TC: VBDBG: [core/drivers/stm32_cpu_opp.c:875] Getting 'operating-points-v2' property from DT
I/TC: VBDBG: [core/drivers/stm32_cpu_opp.c:884] Retrieved phandle: 0x2
I/TC: VBDBG: [core/drivers/stm32_cpu_opp.c:887] Resolving node offset using phandle
I/TC: VBDBG: [core/drivers/stm32_cpu_opp.c:889] Resolved opp_node: 700
I/TC: VBDBG: [core/drivers/stm32_cpu_opp.c:892] Calling stm32_cpu_opp_init()
I/TC: VBDBG: [core/drivers/stm32_cpu_opp.c:796] Entering stm32_cpu_opp_init()
I/TC: VBDBG: [core/drivers/stm32_cpu_opp.c:799] Getting CPU clock from DT
I/TC: VBDBG: [core/drivers/stm32_cpu_opp.c:807] Getting CPU regulator from DT
I/TC: VBDBG: [core/drivers/stm32_cpu_opp.c:815] Reading CPU voltage from regulator

But the booting log keep moving at the end it fails as below:

I/TC: VBDBG: Primary CPU switching to normal world boot


U-Boot 2023.10-stm32mp-r1 (Mar 11 2025 - 11:07:29 +0000)

VBDBG:stm32_smc: Failed to exec svc=82001003 op=1 in secure mode (err = -1)
VBDBG:stm32_smc: Failed to exec svc=82001003 op=1 in secure mode (err = -1)
CPU: STM32MP157C?? Rev.Z
Model: STMicroelectronics custom STM32CubeMX board - openstlinux-6.6-yocto-scarthgap-mpu-v24.11.06
Board: stm32mp1 in trusted mode (st,stm32mp157c-ccb-mx)
VBDBG:stm32_smc: Failed to exec svc=82001003 op=1 in secure mode (err = -1)
Board: MBc050 Var0.6 Rev.@-12
DRAM:  no /fwu-mdata node ?
512 MiB
Clocks:
- MPU : 650 MHz
- MCU : 200 MHz
- AXI : 266.500 MHz
- PER : 24 MHz
- DDR : 533 MHz
Core:  100 devices, 36 uclasses, devicetree: board
Warning: Device tree includes old 'u-boot,dm-' tags: please fix by 2023.07!
WDT:   Started watchdog@5a002000 with servicing every 1000ms (32s timeout)
NAND:  0 MiB
MMC:   STM32 SD/MMC: 0, STM32 SD/MMC: 1
Loading Environment from nowhere... OK
In:    serial
Out:   serial
Err:   serial
VBDBG:stm32_smc: Failed to exec svc=82001003 op=1 in secure mode (err = -1)
VBDBG:stm32_smc: Failed to exec svc=82001003 op=1 in secure mode (err = -1)
VBDBG:stm32_smc: Failed to exec svc=82001003 op=1 in secure mode (err = -1)
VBDBG:stm32_smc: Failed to exec svc=82001003 op=1 in secure mode (err = -1)
VBDBG:stm32_smc: Failed to exec svc=82001003 op=1 in secure mode (err = -1)
VBDBG:stm32_smc: Failed to exec svc=82001003 op=1 in secure mode (err = -1)
VBDBG:stm32_smc: Failed to exec svc=82001003 op=1 in secure mode (err = -1)
VBDBG:stm32_smc: Failed to exec svc=82001003 op=1 in secure mode (err = -1)
Net:   eth0: ethernet@5800a000
No EFI system partition
No EFI system partition
Failed to persist EFI variables
Missing RNG device for EFI_RNG_PROTOCOL
stm32_display display-controller@5a001000: stm32_ltdc_probe(display-controller@5a001000): 'port' subnode not found
Hit any key to stop autoboot:  0 
Boot over usb0!
stm32_display display-controller@5a001000: stm32_ltdc_probe(display-controller@5a001000): 'port' subnode not found
stm32_display display-controller@5a001000: stm32_ltdc_probe(display-controller@5a001000): 'port' subnode not found
VBDBG:stm32_smc: Failed to exec svc=82001003 op=4 in secure mode (err = -1)
DFU alt info setting: done
VBDBG:stm32_smc: Failed to exec svc=82001003 op=1 in secure mode (err = -1)
VBDBG:stm32_smc: Failed to exec svc=82001003 op=1 in secure mode (err = -1)

So at the moment I am trying to figure out why OP-TEE is failing at the below point?

E/TC:0 0 call_initcalls:43 Initcall __text_start + 0x0002e278 failed
I/TC: VBDBG: [core/kernel/dt_driver.c:535] Entering function probe_driver_node

Also, it looks like to run it in secure_and_system_service profile setting the flag CFG_STM32MP1_OPTEE_IN_SYSRAM has to be set both in OP-TEE as well as in TF-A. But the question is whether running in trusted boot I must have this profile? or it is just good to have?

Also, any insight how to debug the below error would be really helpful:

DFU alt info setting: done
VBDBG:stm32_smc: Failed to exec svc=82001003 op=1 in secure mode (err = -1)
VBDBG:stm32_smc: Failed to exec svc=82001003 op=1 in secure mode (err = -1)

I truly appreciate your support on this.

Many thanks again,

Best Regards,

Vivek

GatienC · ‎2025-03-11

Hello Vivek,

About OP-TEE running in system_services or secure_and_system_services: if you want isolate operations such as cryptographic operations, random number generation at runtime, etc... then it make sense to compile OP-TEE with secure_and_system_services profile.

Supporting trusted boot and having secure runtime services is two different things that are not linked. You can very well have OP-TEE only embedding system_services if your only goal is to authenticate your firmware.

Now, regarding your smc errors, the SVC ID: 0x82001003 corresponds to the BSEC. It probably means that U-Boot is trying to access some fuse (OTP bits) through an SMC (Secure Monitor Call) and fails to achieve it. Maybe understanding what leads to this SMC call will help you identify what fails (USB? Serial? ...).

But anyways it's really strange that this feature is called, looking at the code in U-Boot in arch/arm/mach-stm32mp/cmd_stm32prog/stm32prog.c, this legacy feature shouldn't be called when OP-TEE is in the bootchain. Instead, we expect to call the OP-TEE BSEC PTA. Is CONFIG_OPTEE set in U-Boot?

Note:

When debugging OP-TEE related errors, I highly suggest enabling at least debug log level by specifying CFG_TEE_CORE_LOG_LEVEL=3 when compiling OP-TEE. This, for instance, will help you identify what caused

E/TC:0 0 call_initcalls:43 Initcall __text_start + 0x0002e278 failed

For more information on OP-TEE, you can always take a look at the official documentation: OP-TEE doc or the stm32mpu wiki.

I hope this helps, it's always nice to see you take time to detail your questions.

Gatien

VivekB · ‎2025-03-11

Hi @GatienC that is really helpful and yes I would not like to over complicate it with features (profile secure_and_system_services in this case) which I don't need. So I will rather run in the system_services profile to keep things simple. I will try to increase the log level and debug it again. I will look this further and come back. I can't appreciate more your time to time help and support in this. I am truly thankful.

Many thanks

Best Regards,

Vivek

VivekB · ‎2025-03-14

Hi @GatienC

Good morning. I did raise the log level of OPTEE and now getting lot more debug traces. While I am going through the debug traces I stumbled upon some of the bits which I wanted to pass through you. Here are the few bits:

D/TC:0 0 stm32_bsec_find_otp_in_nvmem_layout:678 VBDBG:stm32_bsec_find_otp_in_nvmem_layout:678
D/TC:0 0 stm32_bsec_otp_setting:640 VBDBG:stm32_bsec_otp_setting:640
D/TC:0 0 stm32_bsec_otp_setting:656 nvmem[6] = hw2_otp at BSEC word 18 bits [0 32]
D/TC:0 0 stm32_bsec_otp_setting:660 VBDBG:stm32_bsec_otp_setting:660

Looks like it is time to time reading bits fro the OTP.

I/TC: VBDBG: [core/drivers/stm32_cpu_opp.c:817] CPU voltage: 20352 mV
I/TC: VBDBG: [core/drivers/stm32_cpu_opp.c:820] Computing PLL1 settings
D/TC:0 0 stm32_bsec_find_otp_in_nvmem_layout:678 VBDBG:stm32_bsec_find_otp_in_nvmem_layout:678
D/TC:0 0 stm32_bsec_otp_setting:640 VBDBG:stm32_bsec_otp_setting:640
D/TC:0 0 stm32_bsec_otp_setting:652 VBDBG:stm32_bsec_otp_setting:652
D/TC:0 0 stm32_bsec_otp_setting:656 nvmem[1] = part_number_otp at BSEC word 1 bits [0 8]
D/TC:0 0 stm32_bsec_otp_setting:660 VBDBG:stm32_bsec_otp_setting:660
D/TC:0 0 get_opp_freqvolt_from_dt_subnode:1453 Invalid opp-supported-hw 0x2
D/TC:0 0 get_opp_freqvolt_from_dt_subnode:1453 Invalid opp-supported-hw 0x2
I/TC: VBDBG: [core/drivers/stm32_cpu_opp.c:828] Getting OPP subnode from DT
D/TC:0 0 stm32_cpu_opp_is_supported:649 Not supported opp-supported-hw 0x2
D/TC:0 0 stm32_cpu_opp_is_supported:649 Not supported opp-supported-hw 0x2
D/TC:0 0 stm32_cpu_opp_is_supported:649 Not supported opp-supported-hw 0x2
D/TC:0 0 stm32_cpu_opp_get_dt_subnode:723 Found OPP 0 (650000kHz/1200000uV) from DT
D/TC:0 0 stm32_cpu_opp_is_supported:649 Not supported opp-supported-hw 0x2
F/TC:0 0 regulator_set_voltage:192 vddcore 1200000uV

And then this bit:

D/TC:0 0 stm32_bsec_find_otp_in_nvmem_layout:678 VBDBG:stm32_bsec_find_otp_in_nvmem_layout:678
D/TC:0 0 stm32_bsec_otp_setting:640 VBDBG:stm32_bsec_otp_setting:640
D/TC:0 0 stm32_bsec_otp_setting:646 VBDBG:stm32_bsec_otp_setting:646
D/TC:0 0 stm32_bsec_otp_setting:652 VBDBG:stm32_bsec_otp_setting:652
D/TC:0 0 stm32_bsec_otp_setting:656 nvmem[0] = cfg0_otp at BSEC word 0 bits [0 8]
D/TC:0 0 stm32_bsec_otp_setting:660 VBDBG:stm32_bsec_otp_setting:660
I/TC: VBDBG: [core/arch/arm/plat-stm32mp1/shared_resources.c:624] BSEC state: 1
I/TC: VBDBG: [core/arch/arm/plat-stm32mp1/shared_resources.c:631] Starting resource security check loop
I/TC: VBDBG: [core/arch/arm/plat-stm32mp1/shared_resources.c:637] Checking shared resource: IWDG1 (8)
E/TC:0 0 check_rcc_secure_configuration:655 VBDBG: [core/arch/arm/plat-stm32mp1/shared_resources.c:656] Error RCC TZEN=0 MCKPROT=1 and IWDG1 (8) secure
I/TC: VBDBG: [core/arch/arm/plat-stm32mp1/shared_resources.c:637] Checking shared resource: RNG1 (12)
E/TC:0 0 check_rcc_secure_configuration:655 VBDBG: [core/arch/arm/plat-stm32mp1/shared_resources.c:656] Error RCC TZEN=0 MCKPROT=1 and RNG1 (12) secure
I/TC: VBDBG: [core/arch/arm/plat-stm32mp1/shared_resources.c:660] Finished resource security check loop
E/TC:0 0 check_rcc_secure_configuration:664 VBDBG: [core/arch/arm/plat-stm32mp1/shared_resources.c:664] WARNING: CFG_INSECURE allows insecure RCC configuration
I/TC: VBDBG: [core/arch/arm/plat-stm32mp1/shared_resources.c:672] Disabling RCC MCKPROT
I/TC: VBDBG: [core/arch/arm/plat-stm32mp1/shared_resources.c:676] Exiting function: check_rcc_secure_configuration
D/TC:0 0 call_initcalls:40 level 6 init_low_power()
D/TC:0 0 gic_it_set_cpu_mask:410 cpu_mask: writing 0xff00 to 0xd84218b0
D/TC:0 0 gic_it_set_cpu_mask:412 cpu_mask: 0x300
D/TC:0 0 gic_it_set_prio:426 prio: writing 0x1 to 0xd84214b1
D/TC:0 0 call_initcalls:40 level 6 stm32mp1_init_lp_states()
D/TC:0 0 stm32mp1_init_lp_states:230 Power configuration: shutdown to 6, suspend to 2

And then it goes into a series of tests before finally failing at this:

DFU alt info setting: done
D/TC:0   sm_platform_handler:95 VBDBG:sm_platform_handler:95: OPTEE_SMC_OWNER_SIP
VBDBG:stm32_smc: Failed to exec svc=82001003 op=1 in secure mode (err = -1)
D/TC:0   sm_platform_handler:95 VBDBG:sm_platform_handler:95: OPTEE_SMC_OWNER_SIP
VBDBG:stm32_smc: Failed to exec svc=82001003 op=1 in secure mode (err = -1)
D/TC:0   sm_platform_handler:95 VBDBG:sm_platform_handler:95: OPTEE_SMC_OWNER_SIP
D/TC:0   sip_service:36 VBDBG:sip_service:36: calling pwr_scv_handler
D/TC:0   pwr_scv_handler:56 PWR service: write 0x40000100 at offset 0xc
F/TC:0   pwr_scv_handler:72 wrt off c=40000100 => 40000100
D/TC:0   sip_service:39 VBDBG:sip_service:39: Backtrace:
E/TC:0   TEE load address @ 0xde000000
E/TC:0   Call stack:
E/TC:0    0xde003511
E/TC:0    0xde03147f
E/TC:0    0xde0315c1
E/TC:0    0xde007095
E/TC:0    0xde006f28

Any insight into this will be useful. I am continuing the investigation in the meantime.

Many thanks

Best Regards,

Vivek