2024-08-06 02:23 PM - edited 2024-08-06 02:43 PM
Dear all,
I'm trying to run a TA application on STM32MP157C-DK2 board. Im using the STM32MPU Developer Package to build the TF-A and the OP-TEE.
I've built the TF-A using the command below:
make -f $PWD/../Makefile.sdk TF_A_DEVICETREE=stm32mp157c-dk2 TF_A_CONFIG=optee-sdcard STM32MP1_OPTEE_IN_SYSRAM=1 ELF_DEBUG_ENABLE='1' all
After that, I copied the file generated file STM32MP1-Ecosystem-v5.1.0/Developer-Package/stm32mp1-openstlinux-6.1-yocto-mickledore-mpu-v24.06.26/sources/arm-ostl-linux-gnueabi/tf-a-stm32mp-v2.8.15-stm32mp-r2-r0/deploy/tf-a-stm32mp157c-dk2-optee-sdcard.stm32 to STM32MP1-Ecosystem-v5.1.0/Starter-Package/stm32mp1-openstlinux-6.1-yocto-mickledore-mpu-v24.06.26/images/stm32mp1/arm-trusted-firmware/
Is this right?
Then, I built the OP-TEE
make -f $PWD/../Makefile.sdk CFG_EMBED_DTB_SOURCE_FILE=stm32mp157c-dk2 CFG_STM32MP_PROFILE=secure_and_system_services all
And copied the files from STM32MP1-Ecosystem-v5.1.0/Developer-Package/stm32mp1-openstlinux-6.1-yocto-mickledore-mpu-v24.06.26/sources/arm-ostl-linux-gnueabi/FIP_artifacts/fip/ to STM32MP1-Ecosystem-v5.1.0/Starter-Package/stm32mp1-openstlinux-6.1-yocto-mickledore-mpu-v24.06.26/images/stm32mp*/fip/
So, when I try to flash the board I receive the following output:
NOTICE: CPU: STM32MP157CAC Rev.B
NOTICE: Model: STMicroelectronics STM32MP157C-DK2 Discovery Board
NOTICE: Board: MB1272 Var2.0 Rev.C-01
INFO: PMIC version = 0x10
INFO: Reset reason (0x15):
INFO: Power-on Reset (rst_por)
INFO: FCONF: Reading TB_FW firmware configuration file from: 0x2ffe2000
INFO: FCONF: Reading firmware configuration information for: stm32mp_io
INFO: FCONF: Reading firmware configuration information for: stm32mp_fuse
INFO: Using USB
INFO: Instance 2
INFO: Boot used partition fsbl1
NOTICE: BL2: v2.8-stm32mp1-r2.0(debug):lts-v2.8.15-dirty(567af710)
NOTICE: BL2: Built : 00:51:33, Jan 26 2024
INFO: BL2: Doing platform setup
INFO: RAM: DDR3-DDR3L 16bits 533000kHz
INFO: Memory size = 0x20000000 (512 MB)
INFO: DFU USB START...
INFO: phase ID :3, Manifestation 3 at c71a7e52
INFO: Send detach request
INFO: Receive DFU Detach
INFO: DFU USB STOP...
INFO: BL2: Loading image id 1
INFO: Loading image id=1 at address 0x2ffff000
INFO: Image id=1 loaded: 0x2ffff000 - 0x2ffff1ea
INFO: FCONF: Reading FW_CONFIG firmware configuration file from: 0x2ffff000
INFO: FCONF: Reading firmware configuration information for: dyn_cfg
INFO: FCONF: Reading firmware configuration information for: stm32mp1_firewall
INFO: BL2: Loading image id 4
INFO: Loading image id=4 at address 0xde000000
INFO: Image id=4 loaded: 0xde000000 - 0xde00002c
INFO: OPTEE ep=0xde000000
INFO: OPTEE header info:
INFO: magic=0x4554504f
INFO: version=0x2
INFO: arch=0x0
INFO: flags=0x0
INFO: nb_images=0x2
WARNING: The load address in optee header 0x2ffc0000 - 0x2ffd3bd0 is not in reserved area: 0xde000000 - 0xe0000000.
ERROR: OPTEE header parse error.
PANIC at PC : 0x2ffec987
Exception mode=0x00000016 at: 0x2ffec987
Thank you!
Solved! Go to Solution.
2024-08-08 06:53 AM
I summarized the steps to change the profile to secure_and_system_services and enable the execution in SYSRAM for STM32MP157C-DK2 board:
Environment Setup
1. Set up the environment as described in the https://wiki.st.com/stm32mpu/wiki/STM32MPU_Developer_Package.
Updating OP-TEE
1. Follow the OP-TEE setup instructions provided in the https://github.com/STMicroelectronics/meta-st-stm32mp/blob/mickledore/recipes-security/optee/optee-os/README.HOW_TO.txt.
2. Initialize the SDK.
3. Navigate to the directory <path-to-folder>/STM32MP1-Ecosystem-v5.1.0/Developer-Package/stm32mp1-openstlinux-6.1-yocto-mickledore-mpu-v24.06.26/sources/arm-ostl-linux-gnueabi/optee-os-stm32mp-3.19.0-stm32mp-r2-r0/optee-os-stm32mp-3.19.0-stm32mp-r2
4. Export the FIP_DEPLOYDIR_ROOT variable:
export FIP_DEPLOYDIR_ROOT=$PWD/../../FIP_artifacts
5. Compile OP-TEE with the following command. Skipping this step may result in a compilation error in the next step.
make -f $PWD/../Makefile.sdk all
6. Enable the secure_and_system_services profile and execution in SYSRAM:
make -f $PWD/../Makefile.sdk CFG_EMBED_DTB_SOURCE_FILE=stm32mp157c-dk2 CFG_STM32MP_PROFILE=secure_and_system_services CFG_STM32MP1_OPTEE_IN_SYSRAM=y all
7. Check the generated files. These will be used to update the FIP:
- ../deploy/tee-header_v2-stm32mp157c-dk2.bin
- ../deploy/tee-pager_v2-stm32mp157c-dk2.bin
- ../deploy/tee-pageable_v2-stm32mp157c-dk2.bin
Updating TF-A
1. Follow the TF-A setup instructions provided in the https://github.com/STMicroelectronics/meta-st-stm32mp/blob/mickledore/recipes-bsp/trusted-firmware-a/tf-a-stm32mp/README.HOW_TO.txt.
2. Navigate to the directory <path-to-folder>/STM32MP1-Ecosystem-v5.1.0/Developer-Package/stm32mp1-openstlinux-6.1-yocto-mickledore-mpu-v24.06.26/sources/arm-ostl-linux-gnueabi/tf-a-stm32mp-v2.8.15-stm32mp-r2-r0/tf-a-stm32mp-v2.8.15-stm32mp-r2
3. Export the `FIP_DEPLOYDIR_ROOT` variable:
export FIP_DEPLOYDIR_ROOT=$PWD/../../FIP_artifacts
4. Compile TF-A, enabling execution in SYSRAM:
make -f $PWD/../Makefile.sdk TF_A_DEVICETREE=stm32mp157c-dk2 TF_A_CONFIG=optee-sdcard ELF_DEBUG_ENABLE='1' STM32MP1_OPTEE_IN_SYSRAM=1 all
5. Check the generated file:
- ../deploy/tf-a-stm32mp157c-dk2-optee-sdcard.stm32
6. Copy the generated file to the appropriate directory:
cp -rvf ../deploy/tf-a-stm32mp157c-dk2-optee-sdcard.stm32 <path-to-folder>/STM32MP1-Ecosystem-v5.1.0/Starter-Package/stm32mp1-openstlinux-6.1-yocto-mickledore-mpu-v24.06.26/images/stm32mp1/arm-trusted-firmware/
Updating the FIP
After compiling TF-A, the fip-stm32mp157c-dk2-optee-sdcard.bin file is 1,466,490 bytes. It is necessary to update the Secure OS (OP-TEE), OP-TEE pager, and OP-TEE pageable. This can be done using the fiptool. Refer to the https://wiki.st.com/stm32mpu/wiki/How_to_configure_TF-A_FIP.
1. Navigate to the directory <path-to-folder>/STM32MP1-Ecosystem-v5.1.0/Developer-Package/stm32mp1-openstlinux-6.1-yocto-mickledore-mpu-v24.06.26/sources/arm-ostl-linux-gnueabi/optee-os-stm32mp-3.19.0-stm32mp-r2-r0/optee-os-stm32mp-3.19.0-stm32mp-r2
2. Update the FIP with the generated OP-TEE files:
fiptool update --tos-fw ../deploy/tee-header_v2-stm32mp157c-dk2.bin ../../FIP_artifacts/fip/fip-stm32mp157c-dk2-optee-sdcard.bin && \
fiptool update --tos-fw-extra1 ../deploy/tee-pager_v2-stm32mp157c-dk2.bin ../../FIP_artifacts/fip/fip-stm32mp157c-dk2-optee-sdcard.bin && \
fiptool update --tos-fw-extra2 ../deploy/tee-pageable_v2-stm32mp157c-dk2.bin ../../FIP_artifacts/fip/fip-stm32mp157c-dk2-optee-sdcard.bin
3. After updating, the fip-stm32mp157c-dk2-optee-sdcard.bin file size should be 1,736,274 bytes.
4. Copy the updated FIP to the Starter Package directory:
cp -rvf $FIP_DEPLOYDIR_ROOT/fip/* <path-to-folder>/STM32MP1-Ecosystem-v5.1.0/Starter-Package/stm32mp1-openstlinux-6.1-yocto-mickledore-mpu-v24.06.26/images/stm32mp*/fip/
Populating the SD Card
1. Use the STM32CubeProgrammer to populate the SD Card as described in the https://wiki.st.com/stm32mpu/wiki/Getting_started/STM32MP1_boards/STM32MP157x-DK2/Let's_start/Populate_the_target_and_boot_the_image#Populate_the_SD_card.
2024-08-07 01:18 AM
Hello @Charles Dias ,
You well compiled and deployed TF-A BL2 but I suspect you did not update the BL31 FIP device tree.
It is mentioned in this paragraph, after the TF-A BL2 compilation : https://wiki.st.com/stm32mpu/wiki/TF-A_BL31_overview#Build_process
So please follow this article https://wiki.st.com/stm32mpu/wiki/How_to_configure_TF-A_FIP#STM32MP1_series and update your TF-A built fw-config.dtb device tree into the FIP.
As you ask OP-TEE to run in SYSRAM, it means the FW config has changed. However inside your FIP, it still think that OP-TEE is in DDR due to a non updated fw-config.dtb.
Kind regards,
Erwan.
2024-08-07 06:21 AM
Hello @Erwan SZYMANSKI.
I'll take a look, but could ST provide a tutorial about changing the profile to allow running a TA for one of the developer boards? I read countless pages of documentation and found essential information scattered across different pages. Even after that, I still couldn't manage to change the profile to run a TA.
Thanks for your help.
2024-08-08 12:32 AM
Hello @Charles Dias ,
Thank you for your feedback, can you explain your current status right now and at which step you are blocked ?
Kind regards,
Erwan.
2024-08-08 06:39 AM
Hello @Erwan SZYMANSKI,
The last link shared by you help me a lot! Thank you!
I was stuck on how to create the FIP with the updated TF-A and OP-TEE at the same time. When I ran the commands described at the beginning of this post, the FIP was generated with only the TF-A or OP-TEE update information, not both. Using the fiptool I updated the fip file.
Profile changed to secure_and_system_services.
Test with optee_example_hello_world.
2024-08-08 06:53 AM
I summarized the steps to change the profile to secure_and_system_services and enable the execution in SYSRAM for STM32MP157C-DK2 board:
Environment Setup
1. Set up the environment as described in the https://wiki.st.com/stm32mpu/wiki/STM32MPU_Developer_Package.
Updating OP-TEE
1. Follow the OP-TEE setup instructions provided in the https://github.com/STMicroelectronics/meta-st-stm32mp/blob/mickledore/recipes-security/optee/optee-os/README.HOW_TO.txt.
2. Initialize the SDK.
3. Navigate to the directory <path-to-folder>/STM32MP1-Ecosystem-v5.1.0/Developer-Package/stm32mp1-openstlinux-6.1-yocto-mickledore-mpu-v24.06.26/sources/arm-ostl-linux-gnueabi/optee-os-stm32mp-3.19.0-stm32mp-r2-r0/optee-os-stm32mp-3.19.0-stm32mp-r2
4. Export the FIP_DEPLOYDIR_ROOT variable:
export FIP_DEPLOYDIR_ROOT=$PWD/../../FIP_artifacts
5. Compile OP-TEE with the following command. Skipping this step may result in a compilation error in the next step.
make -f $PWD/../Makefile.sdk all
6. Enable the secure_and_system_services profile and execution in SYSRAM:
make -f $PWD/../Makefile.sdk CFG_EMBED_DTB_SOURCE_FILE=stm32mp157c-dk2 CFG_STM32MP_PROFILE=secure_and_system_services CFG_STM32MP1_OPTEE_IN_SYSRAM=y all
7. Check the generated files. These will be used to update the FIP:
- ../deploy/tee-header_v2-stm32mp157c-dk2.bin
- ../deploy/tee-pager_v2-stm32mp157c-dk2.bin
- ../deploy/tee-pageable_v2-stm32mp157c-dk2.bin
Updating TF-A
1. Follow the TF-A setup instructions provided in the https://github.com/STMicroelectronics/meta-st-stm32mp/blob/mickledore/recipes-bsp/trusted-firmware-a/tf-a-stm32mp/README.HOW_TO.txt.
2. Navigate to the directory <path-to-folder>/STM32MP1-Ecosystem-v5.1.0/Developer-Package/stm32mp1-openstlinux-6.1-yocto-mickledore-mpu-v24.06.26/sources/arm-ostl-linux-gnueabi/tf-a-stm32mp-v2.8.15-stm32mp-r2-r0/tf-a-stm32mp-v2.8.15-stm32mp-r2
3. Export the `FIP_DEPLOYDIR_ROOT` variable:
export FIP_DEPLOYDIR_ROOT=$PWD/../../FIP_artifacts
4. Compile TF-A, enabling execution in SYSRAM:
make -f $PWD/../Makefile.sdk TF_A_DEVICETREE=stm32mp157c-dk2 TF_A_CONFIG=optee-sdcard ELF_DEBUG_ENABLE='1' STM32MP1_OPTEE_IN_SYSRAM=1 all
5. Check the generated file:
- ../deploy/tf-a-stm32mp157c-dk2-optee-sdcard.stm32
6. Copy the generated file to the appropriate directory:
cp -rvf ../deploy/tf-a-stm32mp157c-dk2-optee-sdcard.stm32 <path-to-folder>/STM32MP1-Ecosystem-v5.1.0/Starter-Package/stm32mp1-openstlinux-6.1-yocto-mickledore-mpu-v24.06.26/images/stm32mp1/arm-trusted-firmware/
Updating the FIP
After compiling TF-A, the fip-stm32mp157c-dk2-optee-sdcard.bin file is 1,466,490 bytes. It is necessary to update the Secure OS (OP-TEE), OP-TEE pager, and OP-TEE pageable. This can be done using the fiptool. Refer to the https://wiki.st.com/stm32mpu/wiki/How_to_configure_TF-A_FIP.
1. Navigate to the directory <path-to-folder>/STM32MP1-Ecosystem-v5.1.0/Developer-Package/stm32mp1-openstlinux-6.1-yocto-mickledore-mpu-v24.06.26/sources/arm-ostl-linux-gnueabi/optee-os-stm32mp-3.19.0-stm32mp-r2-r0/optee-os-stm32mp-3.19.0-stm32mp-r2
2. Update the FIP with the generated OP-TEE files:
fiptool update --tos-fw ../deploy/tee-header_v2-stm32mp157c-dk2.bin ../../FIP_artifacts/fip/fip-stm32mp157c-dk2-optee-sdcard.bin && \
fiptool update --tos-fw-extra1 ../deploy/tee-pager_v2-stm32mp157c-dk2.bin ../../FIP_artifacts/fip/fip-stm32mp157c-dk2-optee-sdcard.bin && \
fiptool update --tos-fw-extra2 ../deploy/tee-pageable_v2-stm32mp157c-dk2.bin ../../FIP_artifacts/fip/fip-stm32mp157c-dk2-optee-sdcard.bin
3. After updating, the fip-stm32mp157c-dk2-optee-sdcard.bin file size should be 1,736,274 bytes.
4. Copy the updated FIP to the Starter Package directory:
cp -rvf $FIP_DEPLOYDIR_ROOT/fip/* <path-to-folder>/STM32MP1-Ecosystem-v5.1.0/Starter-Package/stm32mp1-openstlinux-6.1-yocto-mickledore-mpu-v24.06.26/images/stm32mp*/fip/
Populating the SD Card
1. Use the STM32CubeProgrammer to populate the SD Card as described in the https://wiki.st.com/stm32mpu/wiki/Getting_started/STM32MP1_boards/STM32MP157x-DK2/Let's_start/Populate_the_target_and_boot_the_image#Populate_the_SD_card.