2023-10-23 08:06 AM
Hello,
I am trying to enable secure boot on my STM32MP157F-EV1 board. I'm following the https://wiki.st.com/stm32mpu/wiki/How_to_perform_Secure_Boot_from_Distribution_package Tutorial.
The keys are created, the public hash is fused.
I've added the required information in the local.conf file to enable signature. (I also noticed that the compilation stop if the SIGN_KEY_stm32mp13 is not in this file, which I find weird because the conf file is made for a stm32mp15 board.)
SIGN_KEY = "key/stm32mp15/privateKey.pem"
SIGN_KEY_stm32mp15 = "key/stm32mp15/privateKey.pem"
SIGN_KEY_stm32mp13 = "key/stm32mp13/privateKey00.pem"
EXTERNAL_KEY_CONF = "1"
SIGN_KEY_PASS = "<password>"
SIGN_ENABLE = "1"
SIGN_TOOL = "/home/viveris/julien/STM32CubeProgrammer-2.14.0/bin/STM32MP_SigningTool_CLI"
The bitbake st-image-weston goes well until T-FA build. STM32MP Signing Tool v2.14.0 crash with a Segmentation Fault. Here is the console error:
| -------------------------------------------------------------------
| STM32MP Signing Tool v2.14.0
| -------------------------------------------------------------------
|
| Prime256v1 curve is selected.
| Segmentation fault (core dumped)
| WARNING: exit code 139 from a shell command.
ERROR: Task (/home/julien/new/layers/meta-st/meta-st-stm32mp/recipes-bsp/trusted-firmware-a/tf-a-stm32mp_2.8.bb:do_compile) failed with exit code '1'
Could it be an issue with keys path ?
I also tried to use the Signing Tool with an already compiled firmware, but same results: the Signing Tool crash when I give the key path.
Any hints ?
Thanks for your help,
Regards
2023-11-17 07:55 AM
I've just tested out the SigningTool on my Ubuntu 22.04 Virtual machine and it worked correctly. Thus apparently it might be due to the Mint used on the compilation machine I am using with bitbake.
I'm testing the libraries dependencies, if I can find the issue.
2023-11-17 07:57 AM
Thanks for your additional test on VM, please let me know if you find something more.
Kind regards,
Erwan.
2023-11-28 06:17 AM
Hello, sorry for the delay.
I've tested the signing tool on a clean Linux Mint VM. I can confirm that there are issues on both sides:
- Using the CLI without specifying the argument first ends in a SIGSEGV. It is still giving the same issue: a libQt5core crash.
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff73417f4 in QString::append(QString const&) () from /media/sf_VM_Shared/STM32MPU-Tools/bin/../lib/libQt5Core.so.5
- Using the CLI with all the required arguments ends in a signed binary.
Prime256v1 curve is selected.
Header version 1 preparation ...
Reading Private Key File...
ECDSA signature generated.
Signature verification: SUCCESS
The Signed image file generated successfully: .../tf-a-stm32mp157f-ev1-sdcard-SIGNED.stm32
I will try to sign the fsbl with bitbake and come back to you later.
Regards