FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

STM32MP153 Custom DTS: TZC Permission Failure

Go to solution
Louis1
Associate II

‎2024-08-19 04:13 PM

I'm getting the following log when trying to boot to a custom DTS. I've already attempted the suggestion mentioned in this st forum post (https://community.st.com/t5/stm32-mpus-products/op-tee-error-tzc-permission-failure-on-new-v5-0-0-sdk/td-p/584339) with no luck.


I/TC: Primary CPU switching to normal world boot
D/TC:0 tee_entry_exchange_capabilities:101 Asynchronous notifications are disabled
D/TC:0 tee_entry_exchange_capabilities:110 Dynamic shared memory is enabled
D/TC:0 0 core_mmu_xlat_table_alloc:526 xlat tables used 4 / 10
F/TC:? 0 entry_open_session:362 entry_open_session
F/TC:? 0 entry_open_session:373 uuid: 1880204936 56798 16467
F/TC:? 0 tee_ta_open_session:675 uuid: 1880204936 56798 16467
D/TC:? 0 tee_ta_init_pseudo_ta_session:296 Lookup pseudo TA 7011a688-ddde-4053-a5a9-7b3c4ddf13b8
D/TC:? 0 tee_ta_init_pseudo_ta_session:309 Open device.pta
D/TC:? 0 tee_ta_init_pseudo_ta_session:326 device.pta : 7011a688-ddde-4053-a5a9-7b3c4ddf13b8
F/TC:? 0 plat_prng_add_jitter_entropy:73 0x24BD
D/TC:? 0 tee_ta_close_session:451 csess 0xde06ab10 id 1
D/TC:? 0 tee_ta_close_session:470 Destroy session
D/TC:? 0 tee_ta_init_session_with_context:549 Re-open TA 94cf71ad-80e6-40b5-a7c6-3dc501eb2803
F/TC:? 0 plat_prng_add_jitter_entropy:73 0xAA
F/TC:? 0 bsec_pta_invoke_command:280 bsec.pta command 0 ptypes 0x61
F/TC:? 0 bsec_read_mem:88 Read shadow 1 val: 0x8024
F/TC:? 0 bsec_read_mem:150 Buffer orig 0xdbc01e58, size 4
D/TC:? 0 tee_ta_close_session:451 csess 0xde06a900 id 1
D/TC:? 0 tee_ta_close_session:470 Destroy session
F/TC:? 0 entry_open_session:362 entry_open_session
D/TC:? 0 tee_ta_init_session_with_context:549 Re-open TA 94cf71ad-80e6-40b5-a7c6-3dc501eb2803
F/TC:? 0 bsec_pta_invoke_command:280 bsec.pta command 0 ptypes 0x61
F/TC:? 0 bsec_read_mem:88 Read shadow 16 val: 0x131565ee
F/TC:? 0 bsec_read_mem:150 Buffer orig 0xdbc01e60, size 4
D/TC:? 0 tee_ta_close_session:451 csess 0xde06a900 id 1
D/TC:? 0 tee_ta_close_session:470 Destroy session
D/TC:? 0 tee_ta_init_session_with_context:549 Re-open TA 94cf71ad-80e6-40b5-a7c6-3dc501eb2803
F/TC:? 0 plat_prng_add_jitter_entropy:73 0x97
F/TC:? 0 bsec_pta_invoke_command:280 bsec.pta command 0 ptypes 0x61
F/TC:? 0 bsec_read_mem:150 Buffer orig 0xdbc01eb0, size 4
D/TC:? 0 tee_ta_close_session:451 csess 0xde06a900 id 1
D/TC:? 0 tee_ta_close_session:470 Destroy session
E/TC:0 tzc_it_handler:79 TZC permission failure
E/TC:0 dump_fail_filter:420 Permission violation on filter 0
E/TC:0 dump_fail_filter:425 Violation @0xdfaf9000, non-secure privileged write, AXI ID 480
M/TC: CPU : 0
M/TC: usr_sp : 0xffffffff
M/TC: usr_lr : 0x00000000
M/TC: irq_spsr : 0xff0fffff
M/TC: irq_sp : 0x00000000
M/TC: irq_lr : 0xffffffff
M/TC: fiq_spsr : 0x00000000
M/TC: fiq_sp : 0xffffffff
M/TC: fiq_lr : 0x00000000
M/TC: svc_spsr : 0xff0fffff
M/TC: svc_sp : 0xddae3620
M/TC: svc_lr : 0xdfafa2ec
M/TC: abt_spsr : 0x00000000
M/TC: abt_sp : 0xffffffff
M/TC: abt_lr : 0x00000000
M/TC: und_spsr : 0xff0fffff
M/TC: und_sp : 0x00000000
M/TC: und_lr : 0xffffffff
M/TC: pmcr : 0x41072000
E/TC:0 Panic
M/TC: CPU : 0
M/TC: usr_sp : 0xffffffff
M/TC: usr_lr : 0x00000000
M/TC: irq_spsr : 0xff0fffff
M/TC: irq_sp : 0x00000000
M/TC: irq_lr : 0xffffffff
M/TC: fiq_spsr : 0x00000000
M/TC: fiq_sp : 0xffffffff
M/TC: fiq_lr : 0x00000000
M/TC: svc_spsr : 0xff0fffff
M/TC: svc_sp : 0xddae3620
M/TC: svc_lr : 0xdfafa2ec
M/TC: abt_spsr : 0x00000000
M/TC: abt_sp : 0xffffffff
M/TC: abt_lr : 0x00000000
M/TC: und_spsr : 0xff0fffff
M/TC: und_sp : 0x00000000
M/TC: und_lr : 0xffffffff
M/TC: pmcr : 0x41072000

I've attached my optee-os DTS.

Labels:
stm32mp153c-custom-mx.dts
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
Go to solution
GatienC
ST Employee

‎2024-08-23 08:52 AM

Hello Louis1,

I see in the attached device tree file that there is no reserved-memory representing the memory range used by OP-TEE. This means that nothing prevents U-Boot to access the memory range where OP-TEE resides, that is obviously configured as secure memory as OP-TEE is the trusted OS of the OSTL. That's why you get a permission violation.

Since your board seems to have 512MB of DDR, i suggest you try:

 

 

	reserved-memory {
		optee@de000000 {
			reg = <0xde000000 0x2000000>;
			no-map;
		};
	};

 

But that supposed it's aligned with:

 

 

CFG_TZDRAM_SIZE ?= 0x02000000

 

configuration flag present in: core/arch/arm/plat-stm32mp1/conf.mk in OP-TEE source code.
 
To have a better understanding of OP-TEE memory mapping, you can look at core/arch/arm/include/mm/generic_ram_layout.h file in OP-TEE source code.
 
To learn more about OP-TEE, please refer to the wiki:

View solution in original post

1 REPLY 1
Go to solution
GatienC
ST Employee

‎2024-08-23 08:52 AM

Hello Louis1,

I see in the attached device tree file that there is no reserved-memory representing the memory range used by OP-TEE. This means that nothing prevents U-Boot to access the memory range where OP-TEE resides, that is obviously configured as secure memory as OP-TEE is the trusted OS of the OSTL. That's why you get a permission violation.

Since your board seems to have 512MB of DDR, i suggest you try:

 

 

	reserved-memory {
		optee@de000000 {
			reg = <0xde000000 0x2000000>;
			no-map;
		};
	};

 

But that supposed it's aligned with:

 

 

CFG_TZDRAM_SIZE ?= 0x02000000

 

configuration flag present in: core/arch/arm/plat-stm32mp1/conf.mk in OP-TEE source code.
 
To have a better understanding of OP-TEE memory mapping, you can look at core/arch/arm/include/mm/generic_ram_layout.h file in OP-TEE source code.
 
To learn more about OP-TEE, please refer to the wiki:
Top