2022-10-17 03:54 AM
I'm having trouble closing a device as per the recommended method.
STM32MP> fuse read 0 0
Reading bank 0:
Word 0x00000000: 00000017
STM32MP> fuse prog 0 0x0 0x40
Programming bank 0 word 0x00000000 to 0x00000040...
Warning: Programming fuses is an irreversible operation!
This may brick your system.
Use this command only if you are sure of what you are doing!
Really perform this fuse programming? <y/N>
y
stm32_smc: Failed to exec svc=82001003 op=2 in secure mode (err = -2)
ERROR
This is TF-A 2.4-r1. Previously I was using sp_min and now I'm using op-tee, 3.12-r1.
Can't remember having issues with closing under sp_min?
2022-10-17 09:17 AM
Hi @milkylainen ,
Where did you read it's the recommanded method?
Now it's recommended to use the command "stm32key close".
cf https://wiki.st.com/stm32mpu/wiki/How_to_use_U-Boot_stm32key_command#Closing_the_device
Hope it help
Olivier
2022-10-17 11:50 PM
I thought it was obvious that this was an early ecosystem 3.x version,
esp. since I stated TF-A 2.4-r1 and optee 3.12-r1. Apparently not. My bad.
So. Ecosystem 3.0. You don't have stm32key close in < 3.1.
https://wiki.st.com/stm32mpu-ecosystem-v3/wiki/How_to_update_OTP_with_U-Boot
https://wiki.st.com/stm32mpu-ecosystem-v3/wiki/STM32MP15_ROM_code_secure_boot#Closing_the_device
Not that any of this answers why I can't write the bit or what the error means.
I can't remember closing the device, or touching the close bit.
Can you close the device to a unclosed state?
Ie. Lock the bit to an unclosed state?
2022-10-19 07:25 AM
So. Tried 3.1 with stm32key close.
Didn't do any difference. Same error.
2022-10-19 11:52 PM
Hi @milkylainen ,
Sorry, I anwered too fast. My bad.
I guess I found the problem
By default op-tee disable the access to fuse.
You have to enable it by compiling with CFG_STM32_BSEC_WRITE=1
see :
How to configure OP-TEE - stm32mpu-ecosystem-v3
Hope it help
Olivier
2022-10-23 11:55 PM
Oh.
That would explain a lot.
But I can't find any documentation about it.
Seems pretty critical...
If your intention was that OTP programming is disabled,
that would mean two different op-tee variants.
One for factory and one for runtime?
2022-10-24 08:38 AM
Hi @milkylainen ,
Our intention to not enable it by default is to prevent unwanted operation by a non-advertised user.
I agree that a specific warning need to be added in Wiki to better communicate on it.
Else, I don't see any restriction or security issue to keep the factory version which allow key provisioning and closure of the device inside the final product .. since all is then lock by HW.
Do you see one ?
Olivier
2022-10-25 12:04 AM
Hi @Community member,
No I don't really see an issue. It's just surprising.
I came from sp_min without such restrictions.
I didn't look at the code because I was pretty sure I was doing something wrong.
And available documentation did not imply any restrictions in writing.
Now that I have them, they imply that I _must_ use a factory production image to write OTPs.
But it isn't a big problem really.
Lack of documentation was, however. :)
We can close this now.
Thanks!
2022-10-25 12:20 AM
Hi @milkylainen ,
Thanks for feedback and sorry for the inconvenience for you of this ST's choice.
I will escalate your comment and for sure we will enhance the communication on this.
Olivier