Secure boot TF-A error - BL2: Failed to load image id 1 (-80) : STM32MP2

zakariazh · ‎2024-11-08

Hi,

I am trying to boot a signed TF-A image on my STM32m257f compiled with TRUSTED_BOARD_BOOT support (Compiled in f-a-stm32mp.inc recipe from meta-st-stm32mp, mickledore branche).

When the board is powered up, i got this error:

NOTICE:  CPU: STM32MP257FAI Rev.B
NOTICE:  Model: STMicroelectronics STM32MP257F-EV1 Evaluation Board
NOTICE:  Board: MB1936 Var1.0 Rev.C-01
NOTICE:  BL2: v2.8-stm32mp2-r2.0(release):lts-v2.8.15-dirty(567af710)
NOTICE:  BL2: Built : 00:51:33, Jan 26 2024
NOTICE:  TRUSTED_BOARD_BOOT support enabled
ERROR:   BL2: Failed to load image id 1 (-80)

I've already fuse my PKHTH with the stm32key command and my binary is signed with the right key. The board boots normally when I install a TF-A binary without TRUSTED_BOARD_BOOT support.

Do you have any idea please?

Thanks

zakariazh · ‎2024-11-10

After a debug session, the problem is coming when the TF-A tries to check the hash of the fip containing the OPTEE and bootloader.

It was an error when calling cert_create tool with an empty password argument when using a private key without password. If you face this error, make sure to remove this argument if no password if used.

Thank you

View solution in original post

zakariazh · ‎2024-11-10

After a debug session, the problem is coming when the TF-A tries to check the hash of the fip containing the OPTEE and bootloader.

It was an error when calling cert_create tool with an empty password argument when using a private key without password. If you face this error, make sure to remove this argument if no password if used.

Thank you