FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Confusing information regarding OTP from U-boot vs TF-A.

Go to solution
milkylainen
Associate III

‎2022-08-04 01:06 AM

I've put TF-A into verbose printing, resulting in prints regarding BSEC access.

But the printouts from TF-A vs U-boot tell different, or atleast confusing information.

What gives?

(TF-A 2.6-r1, U-Boot 2020.10-r2)

> stm32key read

VERBOSE: BSEC: OTP 24 is locked and write will be ignored

OTP HASH 24: 0 lock : 0

VERBOSE: BSEC: OTP 25 is locked and write will be ignored

OTP HASH 25: 0 lock : 0

VERBOSE: BSEC: OTP 26 is locked and write will be ignored

OTP HASH 26: 0 lock : 0

VERBOSE: BSEC: OTP 27 is locked and write will be ignored

OTP HASH 27: 0 lock : 0

VERBOSE: BSEC: OTP 28 is locked and write will be ignored

OTP HASH 28: 0 lock : 0

VERBOSE: BSEC: OTP 29 is locked and write will be ignored

OTP HASH 29: 0 lock : 0

VERBOSE: BSEC: OTP 30 is locked and write will be ignored

OTP HASH 30: 0 lock : 0

VERBOSE: BSEC: OTP 31 is locked and write will be ignored

OTP HASH 31: 0 lock : 0

VERBOSE: BSEC: OTP 0 is locked and will not be refreshed

VERBOSE: BSEC: OTP 0 is locked and write will be ignored

OTP 0: closed status: 0 lock : 0

HASK key is not locked!

HASK key is free!

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
Go to solution
OlivierK
ST Employee

‎2022-09-12 06:19 AM

Hi milkylainen (Community Member)

OTP read needs to go through secure world. Therefore BL32 needs to be loaded first, and OTP will be accessible from BL33 as you've done using stm32key read. I would ignore the verbose printing in TF-A and focus on U-boot.

View solution in original post

0 Kudos
3 REPLIES 3
Go to solution
OlivierK
ST Employee

‎2022-09-09 09:41 AM

Hi milkylainen (Community Member) 

OTP checks can only be done at U-boot stage. So you can ignore the TF-A printouts.

At U-boot prompt.

STM32MP> stm32key read                              

PKHTH OTP 24: 00000000 lock : 10000000                      

PKHTH OTP 25: 00000000 lock : 10000000                      

PKHTH OTP 26: 00000000 lock : 10000000                      

PKHTH OTP 27: 00000000 lock : 10000000                      

PKHTH OTP 28: 00000000 lock : 10000000                      

PKHTH OTP 29: 00000000 lock : 10000000                      

PKHTH OTP 30: 00000000 lock : 10000000                      

PKHTH OTP 31: 00000000 lock : 10000000                      

PKHTH is not locked!                               

PKHTH is free!  

0 Kudos
Go to solution
milkylainen
Associate III
In response to OlivierK

‎2022-09-12 04:50 AM

Hi @OlivierK​ 

Not sure I follow. The printouts happen while I am in U-boot.

If I put tf-a into loglevel 50, I get these printouts from secure world (I assume?) into my U-boot console.

Are you saying that despite the printouts from TF-A, while in BL33, they're inaccurate and I should ignore them?

0 Kudos
Go to solution
OlivierK
ST Employee

‎2022-09-12 06:19 AM

Hi milkylainen (Community Member)

OTP read needs to go through secure world. Therefore BL32 needs to be loaded first, and OTP will be accessible from BL33 as you've done using stm32key read. I would ignore the verbose printing in TF-A and focus on U-boot.

0 Kudos
Top