cancel
Showing results for 
Search instead for 
Did you mean: 

Close the device, fuse under op-tee?

milkylainen
Associate III

I'm having trouble closing a device as per the recommended method.

STM32MP> fuse read 0 0                                                         

Reading bank 0:                                                                

Word 0x00000000: 00000017                                                      

STM32MP> fuse prog 0 0x0 0x40                                                  

Programming bank 0 word 0x00000000 to 0x00000040...                            

Warning: Programming fuses is an irreversible operation!                       

        This may brick your system.                                           

        Use this command only if you are sure of what you are doing!          

Really perform this fuse programming? <y/N>                                    

y                                                                              

stm32_smc: Failed to exec svc=82001003 op=2 in secure mode (err = -2)          

ERROR

This is TF-A 2.4-r1. Previously I was using sp_min and now I'm using op-tee, 3.12-r1.

Can't remember having issues with closing under sp_min?

8 REPLIES 8
Olivier GALLIEN
ST Employee

Hi @milkylainen​ ,

Where did you read it's the recommanded method?

Now it's recommended to use the command "stm32key close".

cf https://wiki.st.com/stm32mpu/wiki/How_to_use_U-Boot_stm32key_command#Closing_the_device

Hope it help

Olivier

Olivier GALLIEN
In order to give better visibility on the answered topics, please click on 'Accept as Solution' on the reply which solved your issue or answered your question.
milkylainen
Associate III

I thought it was obvious that this was an early ecosystem 3.x version,

esp. since I stated TF-A 2.4-r1 and optee 3.12-r1. Apparently not. My bad.

So. Ecosystem 3.0. You don't have stm32key close in < 3.1.

https://wiki.st.com/stm32mpu-ecosystem-v3/wiki/How_to_update_OTP_with_U-Boot

https://wiki.st.com/stm32mpu-ecosystem-v3/wiki/STM32MP15_ROM_code_secure_boot#Closing_the_device

Not that any of this answers why I can't write the bit or what the error means.

I can't remember closing the device, or touching the close bit.

Can you close the device to a unclosed state?

Ie. Lock the bit to an unclosed state?

milkylainen
Associate III

So. Tried 3.1 with stm32key close.

Didn't do any difference. Same error.

Olivier GALLIEN
ST Employee

Hi @milkylainen​ ,

Sorry, I anwered too fast. My bad.

I guess I found the problem

By default op-tee disable the access to fuse.

You have to enable it by compiling with CFG_STM32_BSEC_WRITE=1

see :

How to configure OP-TEE - stm32mpu-ecosystem-v3

Hope it help

Olivier

Olivier GALLIEN
In order to give better visibility on the answered topics, please click on 'Accept as Solution' on the reply which solved your issue or answered your question.
milkylainen
Associate III

Oh.

That would explain a lot.

But I can't find any documentation about it.

Seems pretty critical...

If your intention was that OTP programming is disabled,

that would mean two different op-tee variants.

One for factory and one for runtime?

Olivier GALLIEN
ST Employee

Hi @milkylainen​ ,

Our intention to not enable it by default is to prevent unwanted operation by a non-advertised user.

I agree that a specific warning need to be added in Wiki to better communicate on it.

Else, I don't see any restriction or security issue to keep the factory version which allow key provisioning and closure of the device inside the final product .. since all is then lock by HW.

Do you see one ?

Olivier

Olivier GALLIEN
In order to give better visibility on the answered topics, please click on 'Accept as Solution' on the reply which solved your issue or answered your question.
milkylainen
Associate III

Hi @Community member​,

No I don't really see an issue. It's just surprising.

I came from sp_min without such restrictions.

I didn't look at the code because I was pretty sure I was doing something wrong.

And available documentation did not imply any restrictions in writing.

Now that I have them, they imply that I _must_ use a factory production image to write OTPs.

But it isn't a big problem really.

Lack of documentation was, however. :)

We can close this now.

Thanks!

Olivier GALLIEN
ST Employee

Hi @milkylainen​ ,

Thanks for feedback and sorry for the inconvenience for you of this ST's choice.

I will escalate your comment and for sure we will enhance the communication on this.

Olivier

Olivier GALLIEN
In order to give better visibility on the answered topics, please click on 'Accept as Solution' on the reply which solved your issue or answered your question.