cancel
Showing results for 
Search instead for 
Did you mean: 

STM32MP157F OTP fuse override command not working as expected

jdebaud
Associate II

I'm trying to testing secure boot on a STM32MP157F-EV1. To do so, I planned to use the fuse override command to test secure boot without having to actually burn the OTP 24-31 with the public key hash.

But it appears that fuse override command is not working properly: after overriding cache to store publicKeyhash.bin, the read is exempt of the key. (note: the publicKeyHash_values is a placeholder)

STM32MP> fuse override 0 0x00000018 publicKeyhash_values
Overriding bank 0 word 0x00000018 with publicKeyhash_values[0]
Overriding bank 0 word 0x00000019 with publicKeyhash_values[1]
Overriding bank 0 word 0x0000001a with publicKeyhash_values[2]
Overriding bank 0 word 0x0000001b with publicKeyhash_values[3]
Overriding bank 0 word 0x0000001c with publicKeyhash_values[4]
Overriding bank 0 word 0x0000001d with publicKeyhash_values[5]
Overriding bank 0 word 0x0000001e with publicKeyhash_values[6]
Overriding bank 0 word 0x0000001f with publicKeyhash_values[7]

STM32MP> fuse read 0 0x00000018 8
Reading bank 0:
Word 0x00000018: 00000000 00000000 00000000 00000000
Word 0x0000001c: 00000000 00000000 00000000 00000000

I've tested it against stm32key, because I thought the OTP was locked, but it has the same results: apparently its not locked.

STM32MP> fuse sense 0 24 8
Sensing bank 0:
Word 0x00000018: 00000000 00000000 00000000 00000000
Word 0x0000001c: 00000000 00000000 00000000 00000000

STM32MP> fuse sense 0 0x10000018 8 
Sensing bank 0:
Word 0x10000018: 10000000 10000000 10000000 10000000
Word 0x1000001c: 10000000 10000000 10000000 10000000

STM32MP> stm32key read    
PKH OTP 24: 00000000 lock : 10000000
PKH OTP 25: 00000000 lock : 10000000
PKH OTP 26: 00000000 lock : 10000000
PKH OTP 27: 00000000 lock : 10000000
PKH OTP 28: 00000000 lock : 10000000
PKH OTP 29: 00000000 lock : 10000000
PKH OTP 30: 00000000 lock : 10000000
PKH OTP 31: 00000000 lock : 10000000
PKH is not locked!
PKH is free!

 I think the issue is somewhere else but I cannot figure it out for the moment.

1 ACCEPTED SOLUTION

Accepted Solutions
OlivierK
ST Employee

Hi jdebaud

You cannot apply this method for OTP24-31 since the shadow reg is write sticky lock. You must fuse prog the PKH to make the programmation of those OTP effective. (ie:Reference Manual OTP section).

This step is usually done at manufacturing at production time. If you want to test the secure boot and also push the test further by secure closing the chip, best is to mount a chip socket on your development board.

Regards,

View solution in original post

4 REPLIES 4
jdebaud
Associate II

I've tested more the OTP access, and I figured out that the STM32CubeProgrammer (GUI or CLI) cannot read OTP.

I've used https://wiki.st.com/stm32mpu/wiki/STM32CubeProgrammer#Connection which was suggested in an other wiki post Can't read OTP bits on STM32MP157C-DK2 using STM32CubeProgrammer 

Here's the command and its results with the CLI.

jdebaud@Ubuntu-22:~/stm32/STM32MPU-Tools/STM32CubeProgrammer-2.14.0/bin$ ./STM32_Programmer_CLI -c port=usb1 -otp displ

      -------------------------------------------------------------------
                        STM32CubeProgrammer v2.14.0                  
      -------------------------------------------------------------------


USB speed   : High Speed (480MBit/s)
Manuf. ID   : STMicroelectronics
Product ID  : USB download gadget@Device ID /0x500, @Revision ID /0x2001, @Name /STM32MP157FAA Rev.Z,
SN          : 003400433331511333303339
DFU protocol: 1.1
Board       : --
Device ID   : 0x0500
Device name : STM32MP157FAA Rev.Z
Device type : MPU
Revision ID : --  
Device CPU  : Cortex-A7

UPLOADING OTP STRUCTURE ...
  Partition     : 0xF2
  Size          : 1024 Bytes

Uploading OTP data:
Error: Read OTP Partition failed


Error: Uploading the OTP structure failed
Error: Initializing the OTP structure failed

The GUI has the 2 last errors that pop-up.

 

I'm posting this here because I supposed the issues are related.

Thanks for the help

OlivierK
ST Employee

Hi jdebaud

You cannot apply this method for OTP24-31 since the shadow reg is write sticky lock. You must fuse prog the PKH to make the programmation of those OTP effective. (ie:Reference Manual OTP section).

This step is usually done at manufacturing at production time. If you want to test the secure boot and also push the test further by secure closing the chip, best is to mount a chip socket on your development board.

Regards,

jdebaud
Associate II

Hello OlivierK,

Thank you for your help.

Do you know where we can buy a chip socket for a stmp32mp157f ?

Regards

Hello Jdebaud,

 

For our internal board, we use Ironwood electronics CS1627194MF chip socket for our MP157F in BGA 18x18mm. 

Regards