2023-09-21 06:28 AM
I'm trying to testing secure boot on a STM32MP157F-EV1. To do so, I planned to use the fuse override command to test secure boot without having to actually burn the OTP 24-31 with the public key hash.
But it appears that fuse override command is not working properly: after overriding cache to store publicKeyhash.bin, the read is exempt of the key. (note: the publicKeyHash_values is a placeholder)
STM32MP> fuse override 0 0x00000018 publicKeyhash_values
Overriding bank 0 word 0x00000018 with publicKeyhash_values[0]
Overriding bank 0 word 0x00000019 with publicKeyhash_values[1]
Overriding bank 0 word 0x0000001a with publicKeyhash_values[2]
Overriding bank 0 word 0x0000001b with publicKeyhash_values[3]
Overriding bank 0 word 0x0000001c with publicKeyhash_values[4]
Overriding bank 0 word 0x0000001d with publicKeyhash_values[5]
Overriding bank 0 word 0x0000001e with publicKeyhash_values[6]
Overriding bank 0 word 0x0000001f with publicKeyhash_values[7]
STM32MP> fuse read 0 0x00000018 8
Reading bank 0:
Word 0x00000018: 00000000 00000000 00000000 00000000
Word 0x0000001c: 00000000 00000000 00000000 00000000
I've tested it against stm32key, because I thought the OTP was locked, but it has the same results: apparently its not locked.
STM32MP> fuse sense 0 24 8
Sensing bank 0:
Word 0x00000018: 00000000 00000000 00000000 00000000
Word 0x0000001c: 00000000 00000000 00000000 00000000
STM32MP> fuse sense 0 0x10000018 8
Sensing bank 0:
Word 0x10000018: 10000000 10000000 10000000 10000000
Word 0x1000001c: 10000000 10000000 10000000 10000000
STM32MP> stm32key read
PKH OTP 24: 00000000 lock : 10000000
PKH OTP 25: 00000000 lock : 10000000
PKH OTP 26: 00000000 lock : 10000000
PKH OTP 27: 00000000 lock : 10000000
PKH OTP 28: 00000000 lock : 10000000
PKH OTP 29: 00000000 lock : 10000000
PKH OTP 30: 00000000 lock : 10000000
PKH OTP 31: 00000000 lock : 10000000
PKH is not locked!
PKH is free!
I think the issue is somewhere else but I cannot figure it out for the moment.
Solved! Go to Solution.
2023-10-02 03:30 AM
Hi jdebaud
You cannot apply this method for OTP24-31 since the shadow reg is write sticky lock. You must fuse prog the PKH to make the programmation of those OTP effective. (ie:Reference Manual OTP section).
This step is usually done at manufacturing at production time. If you want to test the secure boot and also push the test further by secure closing the chip, best is to mount a chip socket on your development board.
Regards,
2023-09-27 02:15 AM
I've tested more the OTP access, and I figured out that the STM32CubeProgrammer (GUI or CLI) cannot read OTP.
I've used https://wiki.st.com/stm32mpu/wiki/STM32CubeProgrammer#Connection which was suggested in an other wiki post Can't read OTP bits on STM32MP157C-DK2 using STM32CubeProgrammer
Here's the command and its results with the CLI.
jdebaud@Ubuntu-22:~/stm32/STM32MPU-Tools/STM32CubeProgrammer-2.14.0/bin$ ./STM32_Programmer_CLI -c port=usb1 -otp displ
-------------------------------------------------------------------
STM32CubeProgrammer v2.14.0
-------------------------------------------------------------------
USB speed : High Speed (480MBit/s)
Manuf. ID : STMicroelectronics
Product ID : USB download gadget@Device ID /0x500, @Revision ID /0x2001, @Name /STM32MP157FAA Rev.Z,
SN : 003400433331511333303339
DFU protocol: 1.1
Board : --
Device ID : 0x0500
Device name : STM32MP157FAA Rev.Z
Device type : MPU
Revision ID : --
Device CPU : Cortex-A7
UPLOADING OTP STRUCTURE ...
Partition : 0xF2
Size : 1024 Bytes
Uploading OTP data:
Error: Read OTP Partition failed
Error: Uploading the OTP structure failed
Error: Initializing the OTP structure failed
The GUI has the 2 last errors that pop-up.
I'm posting this here because I supposed the issues are related.
Thanks for the help
2023-10-02 03:30 AM
Hi jdebaud
You cannot apply this method for OTP24-31 since the shadow reg is write sticky lock. You must fuse prog the PKH to make the programmation of those OTP effective. (ie:Reference Manual OTP section).
This step is usually done at manufacturing at production time. If you want to test the secure boot and also push the test further by secure closing the chip, best is to mount a chip socket on your development board.
Regards,
2023-10-04 06:12 AM
Hello OlivierK,
Thank you for your help.
Do you know where we can buy a chip socket for a stmp32mp157f ?
Regards
2023-10-11 06:14 AM
Hello Jdebaud,
For our internal board, we use Ironwood electronics CS1627194MF chip socket for our MP157F in BGA 18x18mm.
Regards