Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- STMicroelectronics Community
- STM32 MPUs
- STM32 MPUs products
- STM32MP157CAC Secure Boot Process on Avenger96 boa...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
STM32MP157CAC Secure Boot Process on Avenger96 board fails
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2020-12-03 02:14 AM
Hi All,
I have performed Secure Boot over Avenger96 Board replaced with STM32MP157CAC earlier,but now I'm facing error provided below.
NOTICE: CPU: STM32MP157CAC Rev.?
NOTICE: Model: Arrow Electronics STM32MP157A Avenger96 board
NOTICE: Boot authentication Failed
INFO: Reset reason (0x15):
INFO: Power-on Reset (rst_por)
INFO: Using SDMMC
INFO: Instance 1
INFO: Boot used partition fsbl1
NOTICE: BL2: v2.0-r1.5(debug):
NOTICE: BL2: Built : 13:13:37, Oct 2 2018
INFO: BL2: Doing platform setup
INFO: PMIC version = 0x10
INFO: RAM: DDR3-1066/888 bin G 2x4Gb 533MHz v1.45
INFO: Memory size = 0x40000000 (1024 MB)
INFO: BL2 runs SP_MIN setup
INFO: BL2: Loading image id 4
INFO: Loading image id=4 at address 0x2fff0000
INFO: Image id=4 loaded: 0x2fff0000 - 0x30000000
INFO: BL2: Loading image id 5
INFO: Loading image id=5 at address 0xc0100000
INFO: STM32 Image size : 833640
INFO: Check signature on Non-Full-Secured platform
ERROR: Authentication Failed
WARNING: Failed to load image id=5 (-22)
ERROR: BL2: Failed to load image (-22)Steps followed :
1 Key generation:
sudo ./STM32MP_KeyGen_CLI -ecc 2 -pubk /home/user/secure_keys/public.pem -prvk /home/user/secure_keys/private.pem -hash /home/user/secure_keys/pubKeyHash.bin -pwd seed2 Extending PublickeyHash
Copied PublickeyHash in SD-card into bootfs
cp /home/ <username> /secure_keys/pubKeyHash.bin /media/<username>/bootfs/3 Key registration
at u-boot used the below commands
STM32MP>ext4load mmc 0:4 0xc0000000 pubKeyHash.bin
STM32MP> stm32key read 0xc0000000
STM32MP> stm32key fuse -y 0xc0000000 (after verifcation we have fused)now power-off the board and and again Plug SD-card to PC for flashing signed image.
4 Image Signing the FSBL and SSBL
FSBL
sudo ./STM32MP_SigningTool_CLI -bin /home/kaushendra/Board_Test/tf-a-stm32mp157a-av96-trusted.stm32 -pubk /home/kaushendra/secure_test/public.pem -prvk /home/kaushendra/secure_test/private.pem -pwd seed -a 2 -o /home/kaushendra/Board_Test/tf-a-stm32mp157a-av96-trusted-signed.stm32SSBL
sudo ./STM32MP_SigningTool_CLI -bin /home/kaushendra/Board_Test/u-boot-stm32mp157a-av96-trusted.stm32 -pubk /home/kaushendra/secure_test/public.pem -prvk /home/kaushendra/secure_test/private.pem -pwd seed -a 2 -o /home/kaushendra/Board_Test/u-boot-stm32mp157a-av96-trusted-signed.stm325 Image Programming
flash the SD-card plugged into PC
FSBL:
sudo dd if=tf-a-stm32mp157a-av96-trusted-signed.stm32 of=/dev/sdb1 bs=1M conv=fdatasync status=progress && sync
sudo dd if=tf-a-stm32mp157a-av96-trusted-signed.stm32 of=/dev/sdb2 bs=1M conv=fdatasync status=progress && sync
SSBL:
sudo dd if=u-boot-stm32mp157a-av96-trusted-signed.stm32 of=/dev/sdb3 bs=1M conv=fdatasync status=progress && syncAfter that when Plug the SD-card into board, i receive the above provided error log.
Please help me debugging the issue,or which step i just went wrong.
Regards,
kaushendra sah
Labels:
- Labels:
-
STM32MP15 Lines
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2020-12-04 06:34 AM
Hi @Community member ,
I have tried to read OTP word :24-31,but it didn't seems to be perfectly programmed with pubKeyHash.bin values.
Below are my steps performed.
1.reading pubKeyHash.bin into mmc address location.
STM32MP> ext4load mmc 0:4 0xc0000000 pubKeyHash.bin
32 bytes read in 0 ms2.reading the Values and confirming it before fuse.
STM32MP> stm32key read 0xc0000000
OTP value 24: a107d303
OTP value 25: c42e280a
OTP value 26: f67ef283
OTP value 27: 3b1ef514
OTP value 28: 62e2039c
OTP value 29: a75c084e
OTP value 30: a9c56463
OTP value 31: a8ee723f3.fuse the OTP
STM32MP> stm32key fuse -y 0xc00000004.reading the OTP fused location word :24-31
STM32MP> fuse read 0 0 32
Reading bank 0:
Word 0x00000000: 00000017 00008000 a0200000 00000000
Word 0x00000004: 00000000 00000000 00000000 00000000
Word 0x00000008: 00000018 00000000 00000000 00000000
Word 0x0000000c: 7d1cf901 0021002e 31395111 38313636
Word 0x00000010: 139585e6 20d31468 7ad72140 06591382
Word 0x00000014: 5e140042 00000000 00000000 404b306f
Word 0x00000018: ffffffff ffffffff ffffffff ffffffff
Word 0x0000001c: ffffffff ffffffff ffffffff ffffffffHowever, above values for word:24-31 should have to changed but they remains as 0xff.
please help me debug this issue it would be appreciated.
Regards,
kaushendra sah
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
2020-12-18 04:46 AM
Hi @Kaushendra ,
Looking to your first sequence, everything looks good. I'm more surprised about the dump you have made in the second part.
0xFFFFFFFF is only expect on CPU 15XA where the secure boot is not possible.
I'm not expecting 0xffffffff value on these fuses as they are ECC 1bit (meaning that you can write them more than ones without blocking them).
Do you still have some other similar board where you can first do a dump before trying to write, just to confirm that they are properly set to 0x0 otherwise, no write is possible, fuses can go from 0 to 1 but once FFFFFFFF is achieve, you can not do any other operation.
BR,
Lionel
