I'm trying to get SecureBoot running on STM32MP157.
After opening and reading about 30 pages of your wiki and basically following [1] I was able to create keys and convinced yocto into generating "*_Signed*" files.
Sadly I then got confused with publicKeyHash00.bin and publicKeysHashHashes.bin and uploaded the latter one into my OTPs (all instructions always point to publicKeyhash.bin - never the correct file name). My bad.
When I now try to upload new signed images onto the emmc, the process outputs:
NOTICE: Bootrom authentication failed
NOTICE: BL2: v2.8-stm32mp1-r1.0(release):lts-v2.8.6-dirty(ff0bd5f9)
NOTICE: BL2: Built : 17:57:15, Apr 21 2023
NOTICE: TRUSTED_BOARD_BOOT support enabled
ERROR: BL2: Failed to load image id 1 (-80)
Authentication in boot ROM fails as expected. That's okay. But from the last line I think loading of the fip image also fails.
Page [2] says "The process ends with error authentication error -80 in case of incorrect provisioning.".
Does this mean the boot process or the validation process? Should the board boot or should it (just like the boot ROM) print a warning and continue?
It's not really clear to me what my problem is here. Will everything be solved when I risk flashing the OTPs on a second board. Or might I have another problem in the generation of the fip image (which I should fix before potentially bricking a second board).
[1] https://wiki.stmicroelectronics.cn/stm32mpu/index.php?title=How_to_perform_Secure_Boot_from_Distribution_package&oldid=91129
[2] https://wiki.st.com/stm32mpu/wiki/How_to_enable_secure_boot_on_STM32_MPU
