2020-05-05 11:26 PM
Hi,
I would like to perform the secureboot on AV96 board. I have built the image with yocto openstlinux.I want to confirm the secure-boot scenario if Board Boots-up.
I'm sharing some logs,please comment me whether i need to seperately perfrom steps to make AV96 board boots securely.
NOTICE: Model: Arrow Electronics STM32MP157A Avenger96 board
INFO: Reset reason (0x10):
INFO: Reset due to a failure of VDD_CORE
INFO: Using SDMMC
INFO: Instance 1
INFO: Boot used partition fsbl1
NOTICE: BL2: v2.0-r1.5(debug):
NOTICE: BL2: Built : 13:13:37, Oct 2 2018
INFO: BL2: Doing platform setup
INFO: PMIC version = 0x10
INFO: RAM: DDR3-1066/888 bin G 2x4Gb 533MHz v1.45
INFO: Memory size = 0x40000000 (1024 MB)
INFO: BL2 runs SP_MIN setup
INFO: BL2: Loading image id 4
INFO: Loading image id=4 at address 0x2fff0000
INFO: Image id=4 loaded: 0x2fff0000 - 0x30000000
INFO: BL2: Loading image id 5
INFO: Loading image id=5 at address 0xc0100000
INFO: STM32 Image size : 807362
WARNING: Skip signature check (header option)
INFO: Image id=5 loaded: 0xc0100000 - 0xc01c51c2
INFO: read version 0 current version 0
NOTICE: BL2: Booting BL32
INFO: Entry point address = 0x2fff0000
INFO: SPSR = 0x1d3
INFO: PMIC version = 0x10
NOTICE: SP_MIN: v2.0-r1.5(debug):
NOTICE: SP_MIN: Built : 13:13:37, Oct 2 2018
INFO: ARM GICv2 driver initialized
INFO: stm32mp HSI (18): Secure only
INFO: stm32mp HSE (20): Secure only
INFO: stm32mp PLL2 (27): Secure only
INFO: stm32mp PLL2_R (30): Secure only
INFO: SP_MIN: Initializing runtime services
Thanks
kaushendra
Solved! Go to Solution.
2020-05-06 08:05 AM
Hi @Kaushendra
It's a hardware board limitation. Only way would be to change the assembled STM32MP15 chip ID ...
I recommend you to contact Arrow to see if they plan to sell secure flavor of the AV96.
BR,
Olivier
2020-05-06 05:47 AM
Hi,
it seems that the BL2 does not verify the signature of your image with the id 5 (I assume that is your u-boot). This is due to a wrong bit in the .stm32 header (see here: https://wiki.st.com/stm32mpu/wiki/STM32MP15_secure_boot#STM32_Header, the bit is the Option Flag).
2020-05-06 06:40 AM
Thanks for the point you made,I'll try to follow as per you suggestion.
2020-05-06 06:58 AM
Hi @Kaushendra
STM32MP157Axx does not support secure boot.
You need secure sample reference STM32MP157Cxx.
Olivier
2020-05-06 07:28 AM
Hi @Community member
Could you please help me with reference links or guide which helps me to enable secure boot over Avenger96 Board.
2020-05-06 08:05 AM
Hi @Kaushendra
It's a hardware board limitation. Only way would be to change the assembled STM32MP15 chip ID ...
I recommend you to contact Arrow to see if they plan to sell secure flavor of the AV96.
BR,
Olivier
2020-05-06 10:26 PM
Hi @Community member
Thanks for your valuable inputs over the issue.
Regards,
kaushendra sah
2020-07-28 11:03 PM
Hi @Community member
As suggested we have swapped the processor to STM32MP157Cxx
following this link to enable secure boot on avneger96 https://wiki.st.com/stm32mpu/wiki/STM32MP15_secure_boot#Authentication_processing
Point No .1 : facing while generating keys (https://wiki.st.com/stm32mpu/wiki/KeyGen_tool)
./STM32MP_KeyGen_CLI -ecc prime256v1 -abs /home/kaushendra/AVENGER -pwd SEED
-------------------------------------------------------------------
STM32MP Key Generator v1.0.0
-------------------------------------------------------------------
Prime256v1 curve is selected.
AES_256_cbc algorithm is selected for private key encryption
Generating Prime256v1 keys...
Error: creating Key File fails
Error occured while creating PEM file!
Error: An error occured while generating key files
Point No.2 : Need to understand steps to implement Secure boot support in u-boot with TPM on avenger96's yocto environment
help over this points will be appreciated for quick start of me.
Thanks in advance,
kaushendra sah
2020-07-29 12:51 AM
Hi @Kaushendra
First quick answer.
Point No .1 : I guess it's a know issue of version up to V2.4. Now fix in new STM32CubeProgrammer V2.5
Point No.2 : Secure Boot can not be manage with U-Boot but only TF-A.
This article might help to reach all available document :
https://community.st.com/s/article/FAQ-STM32MP1-Security-overview
Olivier
2020-07-29 01:50 AM
Hi @Community member
Point No.1: I'm able to see only upto version 2.4 for download.
Point No.2: I need to add TPM support in u-boot to can i get any reference links regarding that.
Reg,
kaushendra sah