FAQs
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Boot Failure on STM32MP157C: Secure Mode Issues (smc execution failure)

VivekB
Associate III

‎2025-03-05 1:24 AM

Hi, 

I am working with an STM32MP157CAA Rev.Z on a custom STM32CubeMX board running OpenSTLinux 6.6 (Yocto Scarthgap MPU v24.11.06). I have successfully integrated and bootstrapped various boot components.

I first got the TF-A and OPTEE to boot the system and now it is also able to bring up the uboot. However, while trying to boot up the uboot gets into an "secure mode execution errors". I am not sure where it is coming from? We have hash-and-boot-options_hash-and-boot-options.bin flashed into the OTP area. Is that something could potentially lead to this type of issue? 

BL2 (TF-A) Loading

  • BL2 (TF-A) executes as expected and starts platform initialization.

  • The board is in trusted mode, and secure boot appears to be enabled.

  • Below are the logs confirming BL2 is executing:

 

NOTICE:  CPU: STM32MP157CAA Rev.Z
NOTICE:  Model: STMicroelectronics custom STM32CubeMX board - openstlinux-6.6-yocto-scarthgap-mpu-v24.11.06
NOTICE:  BL2: v2.10-stm32mp1-r1.0(release)
NOTICE:  BL2: Built : 14:58:08, Mar  4 2025
NOTICE:  TRUSTED_BOARD_BOOT support enabled

 

Image Loading Sequence

  • BL2 successfully attempts to load various images, including:

    • TF-A (tf-a-stm32mp157c-ccb-mx_Signed.stm32)
    • OP-TEE (tos-fw.bin, tos-fw-extra1.bin)
    • SCP firmware (scp-fw.bin)
    • NT firmware (nt-fw.bin)

 

ERROR:   BL2: Preparing to load image id 1 (tf-a-stm32mp157c-ccb-mx_Signed.stm32)
ERROR:   BL2: Loading image id 1 (tf-a-stm32mp157c-ccb-mx_Signed.stm32)
ERROR:   BL2: Calling load_auth_image() for image id 1 with base 0x2ffff000
ERROR:   ROTPK is not deployed on platform. Skipping ROTPK verification.

 

"ROTPK is not deployed", looks like Root of Trust Public Key (ROTPK) verification is being skipped. I am not sure whether this is expected behaviour in my setup or what is causing this.

OP-TEE Boot & Peripheral Initialization

  • OP-TEE initialises successfully and maps secure memory regions.

  • Secure components like TZC400, STPMIC, and STM32MP1 clocks are initialized.

  • However, multiple SMC call failures appear:

 

stm32_smc: Failed to exec svc=82001003 op=1 in secure mode (err = -1)

 

U-Boot Execution

  • U-Boot executes successfully but reports errors related to secure mode calls:

 

stm32_smc: Failed to exec svc=82001003 op=1 in secure mode (err = -1)

 

EFI system partition detection fails, which is unexpected:

 

No EFI system partition
Failed to persist EFI variables

 

At this point, the system does not proceed further due to the OP-TEE watchdog panic.

 

E/TC:0   Panic 'Watchdog' at core/drivers/stm32_iwdg.c:228 <stm32_iwdg_it_handler>

 

I have also attached the full boot_log.txt in the attachment for reference. 

The below is the details of my platform: 

Hardware & Software Details

  • CPU: STM32MP157CAA Rev.Z
  • Board: STMicroelectronics custom STM32CubeMX board
  • Software Version: OpenSTLinux 6.6 Yocto Scarthgap MPU (v24.11.06)
  • TF-A Version: v2.10-stm32mp1-r1.0 (Release)
  • U-Boot Version: 2023.10-stm32mp-r1
  • OP-TEE Version: REL_0.8.7-8-g79647115eb
  • Boot Mode: Trusted Mode with Secure Boot Enabled

I need some help to understand what are the areas I need to investigate to resolve this issue. 

Many Thanks

Best Regards, 

Vivek

Labels:
boot_log.txt
Preview file
39 KB
0 Kudos
24 REPLIES 24
Tom-IowaSoft
Associate II
In response to VivekB

‎2025-03-19 1:22 PM

I was able to eliminate the "Card did not respond to voltage select! : -110" by removing some device tree changes to sdmmc2 make by the customer.  Then usbotg was configured incorrectly, but now it finally downloads. This is u-boot for DFU at this point.  Next I will need to get their u-boot and kernel working with op-tee.

I am using the same version that you are using, eco system v6.0

 

0 Kudos
VivekB
Associate III
In response to Tom-IowaSoft

‎2025-03-19 1:40 PM - edited ‎2025-03-19 1:41 PM

Excellent news, I have just added this part in my project dts: 

819 &sdmmc2 {
 820     status = "okay";
 821 
 822     /* USER CODE BEGIN sdmmc2 */
 823     cap-sd-highspeed;
 824     cap-mmc-highspeed;
 825     max-frequency = <0x7270e00>;
 826     bus-width = <4>;
 827     vmmc-supply = <&v3v3>;
 828     vqmmc-supply = <&vdd>;
 829     mmc-ddr-3_3v;
 830     /* USER CODE END sdmmc2 */
 831 };

In my case sdmmc2 node was missing in the project dts and is status = disabled in the uboot dts. I am compiling and will test how it goes. Thanks for confirming the releases.

0 Kudos
VivekB
Associate III
In response to VivekB

‎2025-03-19 2:51 PM

In my case even after adding the sdmmc2 node in the uboot dts file (project specific dts file - attached), I am still getting the same error:

VBDBG:mmc_start_init: 2916 - Entering mmc_start_init()
VBDBG:mmc_start_init: 2920 - Host capabilities set: 0x1000000f
VBDBG:mmc_start_init: 2942 - Calling mmc_deferred_probe()
VBDBG:mmc_start_init: 2948 - mmc_getcd() returned 1, no_card=0
VBDBG:mmc_start_init: 2967 - Calling mmc_get_op_cond()
VBDBG:mmc_start_init: 2969 - mmc_get_op_cond() returned -110
VBDBG:mmc_start_init: 2976 - Exiting mmc_start_init(), err=-110
VBDBG: mmc_init: 3050 - mmc_start_init() after rescan returned -110
VBDBG: mmc_init: 3075 - MMC STM32 SD/MMC initialization failed after retries: -110

Not sure where it is going wrong. 

stm32mp157c-ccb-mx.dts
0 Kudos
GatienC
ST Employee

‎2025-03-21 3:39 AM

Hello @VivekB ,

Looking at your device tree, I'm not sure what you're trying to do.

SDMMC1 is your boot storage and seems to be an Emmc, right?  (deduced from mmc-ddr-3_3v; and bus-width = <8>; )

If you don't use SDMMC2, then please disable the node, there's no property to make it functional in your device tree. And it seems that you use Wifi on sdmmc3.

Which instance of sdmmc is causing this trace? Are all SDMMC instances secure configuration  that you use compatible with U-Boot (Non-secure, non isolated for cortex M4)?

Cheers,

Gatien

 
 
0 Kudos
VivekB
Associate III
In response to GatienC

‎2025-03-25 8:55 AM

Hi @GatienC apologies couldn't reply earlier. I was doing a bit of experiemnts with the sdmmc nodes I have. It would be deemed as my lack of understanding about the terminologies used in the uboot for the sdmmc. So trying to enable sdmmc2 was a failed attempt at that. Basically at the moment I facing the issue, while trying to download the code it fails with the following error: 

VivekB_0-1742917839551.png

When I look into the log it shows the below: 

mmc_init: -110, time 24
Error: mmc device 1 not found

If I drop at the uboot prompt, and do a mmc rescan it finds the mmc1. So I tried implementing a rescan mechanims in the uboot code. If I do that it detects the mmc1 and the above error goes away but then it cannot fetch the erase block size for some reason and it fails again. Thta's why I was trying to check if SDMMC2 node has to be enabled in my project speciifc dts file and if that helps. But that didn't help. Sorry bit vague in my description but I am not entirely sure why it fails to detect mmc1. I have also tried changing the HW and it doesn't look like a HW issue. I think there maybe something wrong in my dts file and hence the error. Many thanks, Vivek

uboot_log_25_03_2025.txt
Preview file
12 KB
0 Kudos
Top