FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

OPTEE 4.0.0-stm32mp-r1 compilation and and CFG_DRAM_SIZE issue

Go to solution
VivekB
Associate III

‎2025-02-12 04:02 AM

Hi, 

As I communicated previously I am currently working on upgrading our EV charging solution from OpenSTLinux Ecosystem v4 (Linux kernel 5.15) to Ecosystem v6 (Linux kernel 6.6).

The following are my targeted components abd versions to upgrade:

 

Linux Kernel: 6.6-stm32mp-r1 (v6.6.48)
Trusted Firmware-A (TF-A): v2.10-stm32mp-r1
U-Boot: v2023.10-stm32mp-r1
OP-TEE: 4.0.0-stm32mp-r1

 

Now, I started compiling the OP-TEE (4.0.0-stm32mp-r1) and I started getting the following error: 

 

Wrong CFG_DRAM_SIZE 1024MBytes, in device-tree: 512MBytes
make[2]: *** [core/arch/arm/plat-stm32mp1/link.mk:17: check_build_variables] Error 1

 

After doing a bit of looking around I found someone had this issue and the following patch fixed it: 

 

core/arch/arm/plat-stm32mp1/conf.mk
 flavor_dts_file-157F_DK2 = stm32mp157f-dk2.dts
 flavor_dts_file-157F_ED1 = stm32mp157f-ed1.dts
 flavor_dts_file-157F_EV1 = stm32mp157f-ev1.dts
+flavor_dts_file-custom = stm32mp157c-ccb-mx.dts

 flavorlist-no_cryp-512M = $(flavor_dts_file-157A_DK1) \
-			  $(flavor_dts_file-157D_DK1)
+			  $(flavor_dts_file-157D_DK1) \
+                          $(flavor_dts_file-custom)

 

stm32mp157c-ccb-mx.dts is my custom dts file and it has the following in it: 

 

    memory@c0000000 {
        device_type = "memory";
        reg = <0xc0000000 0x20000000>;

        /* USER CODE BEGIN memory */
        /* USER CODE END memory */
    };

 

Which means that the current DDR memory is set to 512MB. However, OPTEE seems to be having DDR size 1GB. And if I apply the patch the compilation error goes away. But is that a legitimate thing to do. We use trusted boot and after this patch now I have made the TF-a coming up and transferring the control to OPTEE which is crashing as below: 

 

NOTICE:  Model: STMicroelectronics custom STM32CubeMX board - openstlinux-6.6-yocto-scarthgap-mpu-v24.11.06
NOTICE:  Bootrom authentication failed
ERROR:   VBDBG: regulator_get_by_supply_name:121 - fdt=0x2ffdd000, node=4112, name=vdd
ERROR:   VBDBG: get_supply_phandle() called for node 4112 (pwr@50001000)
ERROR:   VBDBG : get_supply_phandle:98:prop_name=vdd-supply
VBDBG: Searching for vdd-supply in node 4112
ERROR:   VBDBG vdd: supplied by 16
ERROR:   VBDBG: get_supply_phandle:107: supply_phandle = 16
ERROR:   VBDBG: regulator_get_by_supply_name:123, get_supply_phandle() returned 16
NOTICE:  BL2: v2.10-stm32mp1-r1.0(release):REL_0.8.7-7-g6649054822(66490548)
NOTICE:  BL2: Built : 22:33:34, Feb 10 2025
NOTICE:  TRUSTED_BOARD_BOOT support enabled
ERROR:   VBDBG: stm32mp1_ddr_setup:103
ERROR:   VBDBG: stm32mp1_ddr_init:666
ERROR:   VBDBG: stm32mp_board_ddr_power_init:161 - ddr_type=DDR3
ERROR:   VBDBG: dt_pmic_status:47
ERROR:   VBDBG: dt_pmic_status:50
ERROR:   VBDBG inside stm32mp_board_ddr_power_init
ERROR:   VBDBG: regulator_get_by_supply_name:121 - fdt=0x2ffdd000, node=6088, name=vdd
ERROR:   VBDBG: get_supply_phandle() called for node 6088 (ddr@5a003000)
ERROR:   VBDBG : get_supply_phandle:98:prop_name=vdd-supply
VBDBG: Searching for vdd-supply in node 6088
ERROR:   VBDBG vdd: supplied by 21
ERROR:   VBDBG: get_supply_phandle:107: supply_phandle = 21
ERROR:   VBDBG: regulator_get_by_supply_name:123, get_supply_phandle() returned 21
ERROR:   VBDBG: regulator_get_by_supply_name:121 - fdt=0x2ffdd000, node=6088, name=vref
ERROR:   VBDBG: get_supply_phandle() called for node 6088 (ddr@5a003000)
ERROR:   VBDBG : get_supply_phandle:98:prop_name=vref-supply
ERROR:   VBDBG vref: supplied by 22
ERROR:   VBDBG: get_supply_phandle:107: supply_phandle = 22
ERROR:   VBDBG: regulator_get_by_supply_name:123, get_supply_phandle() returned 22
ERROR:   VBDBG: regulator_get_by_supply_name:121 - fdt=0x2ffdd000, node=6088, name=vtt
ERROR:   VBDBG: get_supply_phandle() called for node 6088 (ddr@5a003000)
ERROR:   VBDBG : get_supply_phandle:98:prop_name=vtt-supply
ERROR:   VBDBG vtt: supplied by 23
ERROR:   VBDBG: get_supply_phandle:107: supply_phandle = 23
ERROR:   VBDBG: regulator_get_by_supply_name:123, get_supply_phandle() returned 23
ERROR:   VBDBG: pmic_ddr_power_init:145
NOTICE:  ROTPK is not deployed on platform. Skipping ROTPK verification.
NOTICE:  ROTPK is not deployed on platform. Skipping ROTPK verification.
NOTICE:  BL2: Booting BL32
I/TC: Early console on UART#4
I/TC: 
I/TC: Embedded DTB found
I/TC: OP-TEE version: REL_0.8.7-7-g6649054822 (gcc version 10.3.1 20210621 (GNU Toolchain for the A-profile Architecture 10.3-2021.07 (arm-10.29))) #2 Mon Feb 10 22:34:31 UTC 2025 arm
I/TC: WARNING: This OP-TEE configuration might be insecure!
I/TC: WARNING: Please check https://optee.readthedocs.io/en/latest/architecture/porting_guidelines.html
I/TC: Primary CPU initializing
I/TC: RCC is non-secure
I/TC: WARNING: All debug accesses are allowed
E/TC:0 0 Panic at core/arch/arm/plat-stm32mp1/shared_resources.c:333 <register_periph_iomem>
E/TC:0 0 TEE load address @ 0xde000000
E/TC:0 0 Call stack:
E/TC:0 0  0xde003bb9
E/TC:0 0  0xde01a1f5
E/TC:0 0  0xde005703
E/TC:0 0  0xde00c5f3
E/TC:0 0  0xde018e93
E/TC:0 0  0xde018f6d
E/TC:0 0  0xde0197dd
E/TC:0 0  0xde01aeb1
E/TC:0 0  0xde02210f
E/TC:0 0  0xde00399f
E/TC:0 0  0xde0001a0

 

I am currently uncertain whether I should proceed with debugging the OP-TEE crash under the assumption that the applied patch is legitimate or if I should focus on updating the DDR size to 1GB across all relevant DTS files (TF-A, OP-TEE, U-Boot, and Linux).

Given that the physical DDR size has not changed, I am reluctant to modify the DTS configuration(s) to 1GB. Could you provide guidance on the best course of action?

Additionally, when I update the DTS configurations to set the DDR size to 1GB, I encounter the following OP-TEE error:

 

ERROR:   OPTEE header parse error.
PANIC at PC : 0x2ffee8c7

 

A bit of guidance on this would be greatly helpful before I proceed with another debugging cycle.

Many thanks 

Best Regards,

Vivek

 

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
Go to solution
GatienC
ST Employee

‎2025-02-18 07:06 AM

Hello Vivek,

The CFG_DRAM_SIZE flag has to be aligned with the memory node that you pointed in the device tree. This is a compile-time sanity check :)

As I mentionned in a previous thread, the IWDG2 cannot be secured on stm32mp15x, the securable IWDG is the IWDG1. For whatever reason, if you want to use IWDG2 in OP-TEE, make sure that there is no

secure-status = "okay" in the IWDG2 node.
This piece of code is old and will very soon be removed.
 
Hope this helps,
Gatien

 

View solution in original post

4 REPLIES 4
Go to solution
VivekB
Associate III

‎2025-02-12 05:33 AM

Some additional information about the fip.bin file: 

fiptool info output/images/fip.bin 
Secure Payload BL32 (Trusted OS): offset=0x218, size=0x1C, cmdline="--tos-fw"
Secure Payload BL32 Extra1 (Trusted OS Extra1): offset=0x234, size=0x3FB20, cmdline="--tos-fw-extra1"
Non-Trusted Firmware BL33: offset=0x3FD54, size=0xC8668, cmdline="--nt-fw"
FW_CONFIG: offset=0x1083BC, size=0x1EA, cmdline="--fw-config"
HW_CONFIG: offset=0x1085A6, size=0x13380, cmdline="--hw-config"
Trusted key certificate: offset=0x11B926, size=0x285, cmdline="--trusted-key-cert"
Trusted OS Firmware key certificate: offset=0x11BBAB, size=0x22A, cmdline="--tos-fw-key-cert"
Non-Trusted Firmware key certificate: offset=0x11BDD5, size=0x22D, cmdline="--nt-fw-key-cert"
Trusted OS Firmware content certificate: offset=0x11C002, size=0x2E2, cmdline="--tos-fw-cert"
Non-Trusted Firmware content certificate: offset=0x11C2E4, size=0x254, cmdline="--nt-fw-cert"
501D8DD2-8BCE-49A5-84EB-559A9F2EAEAF: offset=0x11C538, size=0x23F, cmdline="--blob"

And it contains the following files in it: 

fiptool unpack fip.bin 
vivekb@vivekb-ThinkBook-16-G6-IRL:~/workspace/source/27-01-2025/SSB-buildroot/output/images/extracted_fip_files$ ls -la 
total 2320
drwxrwxr-x 2 vivekb vivekb    4096 Feb 12 13:31 .
drwxr-xr-x 4 vivekb vivekb    4096 Feb 12 13:30 ..
-rw-rw-r-- 1 vivekb vivekb     575 Feb 12 13:31 501D8DD2-8BCE-49A5-84EB-559A9F2EAEAF.bin
-rw-r--r-- 1 vivekb vivekb 1165175 Feb 12 13:31 fip.bin
-rw-rw-r-- 1 vivekb vivekb     490 Feb 12 13:31 fw-config.bin
-rw-rw-r-- 1 vivekb vivekb   78720 Feb 12 13:31 hw-config.bin
-rw-rw-r-- 1 vivekb vivekb  820840 Feb 12 13:31 nt-fw.bin
-rw-rw-r-- 1 vivekb vivekb     596 Feb 12 13:31 nt-fw-cert.bin
-rw-rw-r-- 1 vivekb vivekb     557 Feb 12 13:31 nt-fw-key-cert.bin
-rw-rw-r-- 1 vivekb vivekb      28 Feb 12 13:31 tos-fw.bin
-rw-rw-r-- 1 vivekb vivekb     738 Feb 12 13:31 tos-fw-cert.bin
-rw-rw-r-- 1 vivekb vivekb  260896 Feb 12 13:31 tos-fw-extra1.bin
-rw-rw-r-- 1 vivekb vivekb     554 Feb 12 13:31 tos-fw-key-cert.bin
-rw-rw-r-- 1 vivekb vivekb     645 Feb 12 13:31 trusted-key-cert.bin
0 Kudos
Go to solution
VivekB
Associate III
In response to VivekB

‎2025-02-18 02:32 AM

Hiya, 

I have found the reason why the optee code is panicing because the peripheral IWDG2 is being registered as SHRES_SECURE whereas the register_periph_iomem() expects it to be in SHRES_NON_SECUREstate.

There is aa major difference how watchdog used to be probed in optee-os_3.16.0 and now in the current optee-os version 4.0.0-stm32mp

In the file: stm32_iwdg.c 

Function: stm32_iwdg_probe

VivekB_0-1739873148523.png

 

 

I/TC: VBDBG: Primary CPU initializing
I/TC: VBDBG: Calling boot_primary_init_intc()
I/TC: VBDBG: Calling init_vfp_nsec()
I/TC: VBDBG: Calling init_tee_runtime()
I/TC: VBDBG: Entering init_tee_runtime()
I/TC: VBDBG: Initializing TA RAM via core_mmu_init_ta_ram()
I/TC: VBDBG: Initializing RAM console via ram_console_init()
I/TC: VBDBG: Calling preinit functions via call_preinitcalls()
I/TC: VBDBG: Calling initialization functions via call_initcalls()
I/TC: RCC is non-secure
I/TC: WARNING: All debug accesses are allowed
I/TC: VBDBG:core/drivers/stm32_iwdg.c:stm32_iwdg_probe:617: calling stm32_iwdg_register
I/TC: VBDBG:core/drivers/stm32_iwdg.c:stm32_iwdg_register:586: calling stm32mp_register_secure_periph_iomem
I/TC: VBDBG:core/arch/arm/plat-stm32mp1/shared_resources.c:stm32mp_register_secure_periph_iomem:356:
I/TC: VBDBG: Attempting to register peripheral base: 0x5a002000, state: 1
I/TC: VBDBG: Registering non-secure IWDG base: 0x5a002000
I/TC: VBDBG: Unexpected state: 1 for base 0x5a002000
E/TC:0 0 Panic at core/arch/arm/plat-stm32mp1/shared_resources.c:339 <register_periph_iomem>
E/TC:0 0 TEE load address @ 0xde000000
E/TC:0 0 Call stack:
E/TC:0 0  0xde003d99
E/TC:0 0  0xde01a7b1
E/TC:0 0  0xde0059a1
E/TC:0 0  0xde00cb97

 

 

Can someone please have a look and advise please?

Boot log here: file:///home/vivekb/optee_boot_issue_log.txt

Many thanks

Best Regards, 

Vivek

0 Kudos
Go to solution
GatienC
ST Employee

‎2025-02-18 07:06 AM

Hello Vivek,

The CFG_DRAM_SIZE flag has to be aligned with the memory node that you pointed in the device tree. This is a compile-time sanity check :)

As I mentionned in a previous thread, the IWDG2 cannot be secured on stm32mp15x, the securable IWDG is the IWDG1. For whatever reason, if you want to use IWDG2 in OP-TEE, make sure that there is no

secure-status = "okay" in the IWDG2 node.
This piece of code is old and will very soon be removed.
 
Hope this helps,
Gatien

 

Go to solution
VivekB
Associate III
In response to GatienC

‎2025-02-18 07:45 AM

Hi @GatienC thanks a lot for your support. This is really very helpful. I will try this and see how it goes. Many thanks Best Regards, Vivek

0 Kudos
Top