2024-08-06 02:23 PM - edited 2024-08-06 02:43 PM
Dear all,
I'm trying to run a TA application on STM32MP157C-DK2 board. Im using the STM32MPU Developer Package to build the TF-A and the OP-TEE.
I've built the TF-A using the command below:
make -f $PWD/../Makefile.sdk TF_A_DEVICETREE=stm32mp157c-dk2 TF_A_CONFIG=optee-sdcard STM32MP1_OPTEE_IN_SYSRAM=1 ELF_DEBUG_ENABLE='1' all
After that, I copied the file generated file STM32MP1-Ecosystem-v5.1.0/Developer-Package/stm32mp1-openstlinux-6.1-yocto-mickledore-mpu-v24.06.26/sources/arm-ostl-linux-gnueabi/tf-a-stm32mp-v2.8.15-stm32mp-r2-r0/deploy/tf-a-stm32mp157c-dk2-optee-sdcard.stm32 to STM32MP1-Ecosystem-v5.1.0/Starter-Package/stm32mp1-openstlinux-6.1-yocto-mickledore-mpu-v24.06.26/images/stm32mp1/arm-trusted-firmware/
Is this right?
Then, I built the OP-TEE
make -f $PWD/../Makefile.sdk CFG_EMBED_DTB_SOURCE_FILE=stm32mp157c-dk2 CFG_STM32MP_PROFILE=secure_and_system_services all
And copied the files from STM32MP1-Ecosystem-v5.1.0/Developer-Package/stm32mp1-openstlinux-6.1-yocto-mickledore-mpu-v24.06.26/sources/arm-ostl-linux-gnueabi/FIP_artifacts/fip/ to STM32MP1-Ecosystem-v5.1.0/Starter-Package/stm32mp1-openstlinux-6.1-yocto-mickledore-mpu-v24.06.26/images/stm32mp*/fip/
So, when I try to flash the board I receive the following output:
NOTICE: CPU: STM32MP157CAC Rev.B
NOTICE: Model: STMicroelectronics STM32MP157C-DK2 Discovery Board
NOTICE: Board: MB1272 Var2.0 Rev.C-01
INFO: PMIC version = 0x10
INFO: Reset reason (0x15):
INFO: Power-on Reset (rst_por)
INFO: FCONF: Reading TB_FW firmware configuration file from: 0x2ffe2000
INFO: FCONF: Reading firmware configuration information for: stm32mp_io
INFO: FCONF: Reading firmware configuration information for: stm32mp_fuse
INFO: Using USB
INFO: Instance 2
INFO: Boot used partition fsbl1
NOTICE: BL2: v2.8-stm32mp1-r2.0(debug):lts-v2.8.15-dirty(567af710)
NOTICE: BL2: Built : 00:51:33, Jan 26 2024
INFO: BL2: Doing platform setup
INFO: RAM: DDR3-DDR3L 16bits 533000kHz
INFO: Memory size = 0x20000000 (512 MB)
INFO: DFU USB START...
INFO: phase ID :3, Manifestation 3 at c71a7e52
INFO: Send detach request
INFO: Receive DFU Detach
INFO: DFU USB STOP...
INFO: BL2: Loading image id 1
INFO: Loading image id=1 at address 0x2ffff000
INFO: Image id=1 loaded: 0x2ffff000 - 0x2ffff1ea
INFO: FCONF: Reading FW_CONFIG firmware configuration file from: 0x2ffff000
INFO: FCONF: Reading firmware configuration information for: dyn_cfg
INFO: FCONF: Reading firmware configuration information for: stm32mp1_firewall
INFO: BL2: Loading image id 4
INFO: Loading image id=4 at address 0xde000000
INFO: Image id=4 loaded: 0xde000000 - 0xde00002c
INFO: OPTEE ep=0xde000000
INFO: OPTEE header info:
INFO: magic=0x4554504f
INFO: version=0x2
INFO: arch=0x0
INFO: flags=0x0
INFO: nb_images=0x2
WARNING: The load address in optee header 0x2ffc0000 - 0x2ffd3bd0 is not in reserved area: 0xde000000 - 0xe0000000.
ERROR: OPTEE header parse error.
PANIC at PC : 0x2ffec987
Exception mode=0x00000016 at: 0x2ffec987
Thank you!
Solved! Go to Solution.
2024-08-08 06:53 AM
I summarized the steps to change the profile to secure_and_system_services and enable the execution in SYSRAM for STM32MP157C-DK2 board:
Environment Setup
1. Set up the environment as described in the https://wiki.st.com/stm32mpu/wiki/STM32MPU_Developer_Package.
Updating OP-TEE
1. Follow the OP-TEE setup instructions provided in the https://github.com/STMicroelectronics/meta-st-stm32mp/blob/mickledore/recipes-security/optee/optee-os/README.HOW_TO.txt.
2. Initialize the SDK.
3. Navigate to the directory <path-to-folder>/STM32MP1-Ecosystem-v5.1.0/Developer-Package/stm32mp1-openstlinux-6.1-yocto-mickledore-mpu-v24.06.26/sources/arm-ostl-linux-gnueabi/optee-os-stm32mp-3.19.0-stm32mp-r2-r0/optee-os-stm32mp-3.19.0-stm32mp-r2
4. Export the FIP_DEPLOYDIR_ROOT variable:
export FIP_DEPLOYDIR_ROOT=$PWD/../../FIP_artifacts
5. Compile OP-TEE with the following command. Skipping this step may result in a compilation error in the next step.
make -f $PWD/../Makefile.sdk all
6. Enable the secure_and_system_services profile and execution in SYSRAM:
make -f $PWD/../Makefile.sdk CFG_EMBED_DTB_SOURCE_FILE=stm32mp157c-dk2 CFG_STM32MP_PROFILE=secure_and_system_services CFG_STM32MP1_OPTEE_IN_SYSRAM=y all
7. Check the generated files. These will be used to update the FIP:
- ../deploy/tee-header_v2-stm32mp157c-dk2.bin
- ../deploy/tee-pager_v2-stm32mp157c-dk2.bin
- ../deploy/tee-pageable_v2-stm32mp157c-dk2.bin
Updating TF-A
1. Follow the TF-A setup instructions provided in the https://github.com/STMicroelectronics/meta-st-stm32mp/blob/mickledore/recipes-bsp/trusted-firmware-a/tf-a-stm32mp/README.HOW_TO.txt.
2. Navigate to the directory <path-to-folder>/STM32MP1-Ecosystem-v5.1.0/Developer-Package/stm32mp1-openstlinux-6.1-yocto-mickledore-mpu-v24.06.26/sources/arm-ostl-linux-gnueabi/tf-a-stm32mp-v2.8.15-stm32mp-r2-r0/tf-a-stm32mp-v2.8.15-stm32mp-r2
3. Export the `FIP_DEPLOYDIR_ROOT` variable:
export FIP_DEPLOYDIR_ROOT=$PWD/../../FIP_artifacts
4. Compile TF-A, enabling execution in SYSRAM:
make -f $PWD/../Makefile.sdk TF_A_DEVICETREE=stm32mp157c-dk2 TF_A_CONFIG=optee-sdcard ELF_DEBUG_ENABLE='1' STM32MP1_OPTEE_IN_SYSRAM=1 all
5. Check the generated file:
- ../deploy/tf-a-stm32mp157c-dk2-optee-sdcard.stm32
6. Copy the generated file to the appropriate directory:
cp -rvf ../deploy/tf-a-stm32mp157c-dk2-optee-sdcard.stm32 <path-to-folder>/STM32MP1-Ecosystem-v5.1.0/Starter-Package/stm32mp1-openstlinux-6.1-yocto-mickledore-mpu-v24.06.26/images/stm32mp1/arm-trusted-firmware/
Updating the FIP
After compiling TF-A, the fip-stm32mp157c-dk2-optee-sdcard.bin file is 1,466,490 bytes. It is necessary to update the Secure OS (OP-TEE), OP-TEE pager, and OP-TEE pageable. This can be done using the fiptool. Refer to the https://wiki.st.com/stm32mpu/wiki/How_to_configure_TF-A_FIP.
1. Navigate to the directory <path-to-folder>/STM32MP1-Ecosystem-v5.1.0/Developer-Package/stm32mp1-openstlinux-6.1-yocto-mickledore-mpu-v24.06.26/sources/arm-ostl-linux-gnueabi/optee-os-stm32mp-3.19.0-stm32mp-r2-r0/optee-os-stm32mp-3.19.0-stm32mp-r2
2. Update the FIP with the generated OP-TEE files:
fiptool update --tos-fw ../deploy/tee-header_v2-stm32mp157c-dk2.bin ../../FIP_artifacts/fip/fip-stm32mp157c-dk2-optee-sdcard.bin && \
fiptool update --tos-fw-extra1 ../deploy/tee-pager_v2-stm32mp157c-dk2.bin ../../FIP_artifacts/fip/fip-stm32mp157c-dk2-optee-sdcard.bin && \
fiptool update --tos-fw-extra2 ../deploy/tee-pageable_v2-stm32mp157c-dk2.bin ../../FIP_artifacts/fip/fip-stm32mp157c-dk2-optee-sdcard.bin
3. After updating, the fip-stm32mp157c-dk2-optee-sdcard.bin file size should be 1,736,274 bytes.
4. Copy the updated FIP to the Starter Package directory:
cp -rvf $FIP_DEPLOYDIR_ROOT/fip/* <path-to-folder>/STM32MP1-Ecosystem-v5.1.0/Starter-Package/stm32mp1-openstlinux-6.1-yocto-mickledore-mpu-v24.06.26/images/stm32mp*/fip/
Populating the SD Card
1. Use the STM32CubeProgrammer to populate the SD Card as described in the https://wiki.st.com/stm32mpu/wiki/Getting_started/STM32MP1_boards/STM32MP157x-DK2/Let's_start/Populate_the_target_and_boot_the_image#Populate_the_SD_card.
2024-08-07 01:18 AM
Hello @Charles Dias ,
You well compiled and deployed TF-A BL2 but I suspect you did not update the BL31 FIP device tree.
It is mentioned in this paragraph, after the TF-A BL2 compilation : https://wiki.st.com/stm32mpu/wiki/TF-A_BL31_overview#Build_process
So please follow this article https://wiki.st.com/stm32mpu/wiki/How_to_configure_TF-A_FIP#STM32MP1_series and update your TF-A built fw-config.dtb device tree into the FIP.
As you ask OP-TEE to run in SYSRAM, it means the FW config has changed. However inside your FIP, it still think that OP-TEE is in DDR due to a non updated fw-config.dtb.
Kind regards,
Erwan.
2024-08-07 06:21 AM
Hello @Erwan SZYMANSKI.
I'll take a look, but could ST provide a tutorial about changing the profile to allow running a TA for one of the developer boards? I read countless pages of documentation and found essential information scattered across different pages. Even after that, I still couldn't manage to change the profile to run a TA.
Thanks for your help.
2024-08-08 12:32 AM
Hello @Charles Dias ,
Thank you for your feedback, can you explain your current status right now and at which step you are blocked ?
Kind regards,
Erwan.
2024-08-08 06:39 AM
Hello @Erwan SZYMANSKI,
The last link shared by you help me a lot! Thank you!
I was stuck on how to create the FIP with the updated TF-A and OP-TEE at the same time. When I ran the commands described at the beginning of this post, the FIP was generated with only the TF-A or OP-TEE update information, not both. Using the fiptool I updated the fip file.
Profile changed to secure_and_system_services.
Test with optee_example_hello_world.
2024-08-08 06:53 AM
I summarized the steps to change the profile to secure_and_system_services and enable the execution in SYSRAM for STM32MP157C-DK2 board:
Environment Setup
1. Set up the environment as described in the https://wiki.st.com/stm32mpu/wiki/STM32MPU_Developer_Package.
Updating OP-TEE
1. Follow the OP-TEE setup instructions provided in the https://github.com/STMicroelectronics/meta-st-stm32mp/blob/mickledore/recipes-security/optee/optee-os/README.HOW_TO.txt.
2. Initialize the SDK.
3. Navigate to the directory <path-to-folder>/STM32MP1-Ecosystem-v5.1.0/Developer-Package/stm32mp1-openstlinux-6.1-yocto-mickledore-mpu-v24.06.26/sources/arm-ostl-linux-gnueabi/optee-os-stm32mp-3.19.0-stm32mp-r2-r0/optee-os-stm32mp-3.19.0-stm32mp-r2
4. Export the FIP_DEPLOYDIR_ROOT variable:
export FIP_DEPLOYDIR_ROOT=$PWD/../../FIP_artifacts
5. Compile OP-TEE with the following command. Skipping this step may result in a compilation error in the next step.
make -f $PWD/../Makefile.sdk all
6. Enable the secure_and_system_services profile and execution in SYSRAM:
make -f $PWD/../Makefile.sdk CFG_EMBED_DTB_SOURCE_FILE=stm32mp157c-dk2 CFG_STM32MP_PROFILE=secure_and_system_services CFG_STM32MP1_OPTEE_IN_SYSRAM=y all
7. Check the generated files. These will be used to update the FIP:
- ../deploy/tee-header_v2-stm32mp157c-dk2.bin
- ../deploy/tee-pager_v2-stm32mp157c-dk2.bin
- ../deploy/tee-pageable_v2-stm32mp157c-dk2.bin
Updating TF-A
1. Follow the TF-A setup instructions provided in the https://github.com/STMicroelectronics/meta-st-stm32mp/blob/mickledore/recipes-bsp/trusted-firmware-a/tf-a-stm32mp/README.HOW_TO.txt.
2. Navigate to the directory <path-to-folder>/STM32MP1-Ecosystem-v5.1.0/Developer-Package/stm32mp1-openstlinux-6.1-yocto-mickledore-mpu-v24.06.26/sources/arm-ostl-linux-gnueabi/tf-a-stm32mp-v2.8.15-stm32mp-r2-r0/tf-a-stm32mp-v2.8.15-stm32mp-r2
3. Export the `FIP_DEPLOYDIR_ROOT` variable:
export FIP_DEPLOYDIR_ROOT=$PWD/../../FIP_artifacts
4. Compile TF-A, enabling execution in SYSRAM:
make -f $PWD/../Makefile.sdk TF_A_DEVICETREE=stm32mp157c-dk2 TF_A_CONFIG=optee-sdcard ELF_DEBUG_ENABLE='1' STM32MP1_OPTEE_IN_SYSRAM=1 all
5. Check the generated file:
- ../deploy/tf-a-stm32mp157c-dk2-optee-sdcard.stm32
6. Copy the generated file to the appropriate directory:
cp -rvf ../deploy/tf-a-stm32mp157c-dk2-optee-sdcard.stm32 <path-to-folder>/STM32MP1-Ecosystem-v5.1.0/Starter-Package/stm32mp1-openstlinux-6.1-yocto-mickledore-mpu-v24.06.26/images/stm32mp1/arm-trusted-firmware/
Updating the FIP
After compiling TF-A, the fip-stm32mp157c-dk2-optee-sdcard.bin file is 1,466,490 bytes. It is necessary to update the Secure OS (OP-TEE), OP-TEE pager, and OP-TEE pageable. This can be done using the fiptool. Refer to the https://wiki.st.com/stm32mpu/wiki/How_to_configure_TF-A_FIP.
1. Navigate to the directory <path-to-folder>/STM32MP1-Ecosystem-v5.1.0/Developer-Package/stm32mp1-openstlinux-6.1-yocto-mickledore-mpu-v24.06.26/sources/arm-ostl-linux-gnueabi/optee-os-stm32mp-3.19.0-stm32mp-r2-r0/optee-os-stm32mp-3.19.0-stm32mp-r2
2. Update the FIP with the generated OP-TEE files:
fiptool update --tos-fw ../deploy/tee-header_v2-stm32mp157c-dk2.bin ../../FIP_artifacts/fip/fip-stm32mp157c-dk2-optee-sdcard.bin && \
fiptool update --tos-fw-extra1 ../deploy/tee-pager_v2-stm32mp157c-dk2.bin ../../FIP_artifacts/fip/fip-stm32mp157c-dk2-optee-sdcard.bin && \
fiptool update --tos-fw-extra2 ../deploy/tee-pageable_v2-stm32mp157c-dk2.bin ../../FIP_artifacts/fip/fip-stm32mp157c-dk2-optee-sdcard.bin
3. After updating, the fip-stm32mp157c-dk2-optee-sdcard.bin file size should be 1,736,274 bytes.
4. Copy the updated FIP to the Starter Package directory:
cp -rvf $FIP_DEPLOYDIR_ROOT/fip/* <path-to-folder>/STM32MP1-Ecosystem-v5.1.0/Starter-Package/stm32mp1-openstlinux-6.1-yocto-mickledore-mpu-v24.06.26/images/stm32mp*/fip/
Populating the SD Card
1. Use the STM32CubeProgrammer to populate the SD Card as described in the https://wiki.st.com/stm32mpu/wiki/Getting_started/STM32MP1_boards/STM32MP157x-DK2/Let's_start/Populate_the_target_and_boot_the_image#Populate_the_SD_card.
2024-09-14 11:28 AM
@Erwan SZYMANSKII've spent a very long time trying to get this to work for the stm32mp157f-dk2 with ecosystem version 5.1.0. I was able to get OP-TEE running in SYSRAM for 5.0.0, but it seems something has changed with 5.1.0. I'm using the following script to build OP-TEE and TF-A, create the FIP, update the Starter Package, and program the board:
#!/bin/bash
# Compiles U-BOOT, TF-A BL2, and OP-TEE for mp157f-dk2 with OP-TEE in SYSRAM and updates Starter Package
# NB: This script expects that all sources are extracted with patches already applied and that the cross-compilation environment has been sourced
BASEDIR="${PWD}/stm32mp1-openstlinux-6.1-yocto-mickledore-mpu-v24.06.26/sources/arm-ostl-linux-gnueabi"
FIP_DEPLOYDIR_ROOT="${BASEDIR}/FIP_artifacts"
FWCONF_DIR="${FIP_DEPLOYDIR_ROOT}/arm-trusted-firmware/fwconfig/"
STARTER_PKG_DIR="${PWD}/../Starter-Package/stm32mp1-openstlinux-6.1-yocto-mickledore-mpu-v24.06.26"
echo ""
echo "******************************"
echo "**** STEP 1: BUILD U-BOOT ****"
echo "******************************"
cd "$BASEDIR/u-boot-stm32mp-v2022.10-stm32mp-r2-r0/u-boot-stm32mp-v2022.10-stm32mp-r2"
make stm32mp15_defconfig
make DEVICE_TREE=stm32mp157f-dk2 all
cp u-boot-nodtb.bin $FIP_DEPLOYDIR_ROOT/u-boot/u-boot-nodtb-stm32mp15.bin
cp u-boot.dtb $FIP_DEPLOYDIR_ROOT/u-boot/u-boot-stm32mp157f-dk2.dtb
echo Done
echo ""
echo "******************************"
echo "**** STEP 3: BUILD OP-TEE ****"
echo "******************************"
cd "$BASEDIR/optee-os-stm32mp-3.19.0-stm32mp-r2-r0/optee-os-stm32mp-3.19.0-stm32mp-r2"
make -f $PWD/../Makefile.sdk all
make -f $PWD/../Makefile.sdk CFG_EMBED_DTB_SOURCE_FILE=stm32mp157f-dk2 CFG_STM32MP_PROFILE=secure_and_system_services CFG_STM32MP1_OPTEE_IN_SYSRAM=y CFG_WITH_USER_TA=y FIP_DEPLOYDIR_ROOT=$FIP_DEPLOYDIR_ROOT DEPLOYDIR=$FIP_DEPLOYDIR_ROOT/optee all
echo Done
echo ""
echo "********************************"
echo "**** STEP 2: BUILD TF-A BL2 ****"
echo "********************************"
cd "$BASEDIR/tf-a-stm32mp-v2.8.15-stm32mp-r2-r0/tf-a-stm32mp-v2.8.15-stm32mp-r2"
make -f $PWD/../Makefile.sdk PLAT=stm32mp1 STM32MP_SDMMC=1 STM32MP15=1 DTB_FILE_NAME=stm32mp157f-dk2.dtb TF_A_DEVICETREE=stm32mp157f-dk2 \
STM32MP1_OPTEE_IN_SYSRAM=1 TF_A_CONFIG=optee-sdcard DEPLOYDIR=$FIP_DEPLOYDIR_ROOT/arm-trusted-firmware all
cp -rvf $BASEDIR/tf-a-stm32mp-v2.8.15-stm32mp-r2-r0/build/fwconfig/* $FWCONF_DIR
echo Done
echo ""
echo "***********************************"
echo "**** STEP 4: UPDATE FIP BINARY ****"
echo "***********************************"
cd $FIP_DEPLOYDIR_ROOT/fip
fiptool create --tos-fw ../optee/tee-header_v2-stm32mp157f-dk2.bin \
--tos-fw-extra1 ../optee/tee-pager_v2-stm32mp157f-dk2.bin \
--tos-fw-extra2 ../optee/tee-pageable_v2-stm32mp157f-dk2.bin \
--hw-config ../u-boot/u-boot-stm32mp157f-dk2.dtb \
--fw-config ../arm-trusted-firmware/fwconfig/stm32mp157f-dk2-fw-config-optee-sdcard.dtb \
--nt-fw ../u-boot/u-boot-nodtb-stm32mp15.bin \
fip-stm32mp157f-dk2-optee-sdcard.bin
echo Done
echo ""
echo "****************************************"
echo "**** STEP 5: UPDATE STARTER PACKAGE ****"
echo "****************************************"
rm -rf $STARTER_PKG_DIR/images/stm32mp1/arm-trusted-firmware/*
rm -rf $STARTER_PKG_DIR/images/stm32mp1/fip/*
cd $FIP_DEPLOYDIR_ROOT
cp -rvf arm-trusted-firmware/* $STARTER_PKG_DIR/images/stm32mp1/arm-trusted-firmware/
cp -rvf fip/* $STARTER_PKG_DIR/images/stm32mp1/fip/
cp -vf $BASEDIR/tf-a-stm32mp-v2.8.15-stm32mp-r2-r0/build/optee-sdcard-stm32mp15-stm32mp157f-dk2/*.stm32 $STARTER_PKG_DIR/images/stm32mp1/arm-trusted-firmware
echo Done
However, when programming the board, partition 0x3 fails with the following error message:
NOTICE: BL2: v2.8-stm32mp1-r2.0(debug):lts-v2.8.15-dirty(567af710)
NOTICE: BL2: Built : 00:51:33, Jan 26 2024
INFO: BL2: Doing platform setup
INFO: RAM: DDR3-DDR3L 16bits 533000kHz
INFO: Memory size = 0x20000000 (512 MB)
INFO: DFU USB START...
INFO: phase ID :3, Manifestation 3 at c71a7f22
INFO: Send detach request
INFO: Receive DFU Detach
INFO: DFU USB STOP...
INFO: BL2: Loading image id 1
INFO: Loading image id=1 at address 0x2ffff000
INFO: Image id=1 loaded: 0x2ffff000 - 0x2ffff1ea
INFO: FCONF: Reading FW_CONFIG firmware configuration file from: 0x2ffff000
INFO: FCONF: Reading firmware configuration information for: dyn_cfg
INFO: FCONF: Reading firmware configuration information for: stm32mp1_firewall
INFO: BL2: Loading image id 4
INFO: Loading image id=4 at address 0xde000000
INFO: Image id=4 loaded: 0xde000000 - 0xde00002c
INFO: OPTEE ep=0xde000000
INFO: OPTEE header info:
INFO: magic=0x4554504f
INFO: version=0x2
INFO: arch=0x0
INFO: flags=0x0
INFO: nb_images=0x2
WARNING: The load address in optee header 0x2ffc0000 - 0x2ffd3bd0 is not in reserved area: 0xde000000 - 0xe0000000.
ERROR: OPTEE header parse error.
PANIC at PC : 0x2ffec987
Exception mode=0x00000016 at: 0x2ffec987
Any help you can provide would be very appreciated.