Close the device, fuse under op-tee?

Hi @milkylainen​ ,

Where did you read it's the recommanded method?

Now it's recommended to use the command "stm32key close".

cf https://wiki.st.com/stm32mpu/wiki/How_to_use_U-Boot_stm32key_command#Closing_the_device

Hope it help

Olivier

I thought it was obvious that this was an early ecosystem 3.x version,

esp. since I stated TF-A 2.4-r1 and optee 3.12-r1. Apparently not. My bad.

So. Ecosystem 3.0. You don't have stm32key close in < 3.1.

https://wiki.st.com/stm32mpu-ecosystem-v3/wiki/How_to_update_OTP_with_U-Boot

https://wiki.st.com/stm32mpu-ecosystem-v3/wiki/STM32MP15_ROM_code_secure_boot#Closing_the_device

Not that any of this answers why I can't write the bit or what the error means.

I can't remember closing the device, or touching the close bit.

Can you close the device to a unclosed state?

Ie. Lock the bit to an unclosed state?

So. Tried 3.1 with stm32key close.

Didn't do any difference. Same error.

Hi @milkylainen​ ,

Sorry, I anwered too fast. My bad.

I guess I found the problem

By default op-tee disable the access to fuse.

You have to enable it by compiling with CFG_STM32_BSEC_WRITE=1

see :

How to configure OP-TEE - stm32mpu-ecosystem-v3

Hope it help

Olivier

Oh.

That would explain a lot.

But I can't find any documentation about it.

Seems pretty critical...

If your intention was that OTP programming is disabled,

that would mean two different op-tee variants.

One for factory and one for runtime?

Hi @milkylainen​ ,

Our intention to not enable it by default is to prevent unwanted operation by a non-advertised user.

I agree that a specific warning need to be added in Wiki to better communicate on it.

Else, I don't see any restriction or security issue to keep the factory version which allow key provisioning and closure of the device inside the final product .. since all is then lock by HW.

Do you see one ?

Olivier

Hi @Community member​,

No I don't really see an issue. It's just surprising.

I came from sp_min without such restrictions.

I didn't look at the code because I was pretty sure I was doing something wrong.

And available documentation did not imply any restrictions in writing.

Now that I have them, they imply that I _must_ use a factory production image to write OTPs.

But it isn't a big problem really.

Lack of documentation was, however. :)

We can close this now.

Thanks!

Hi @milkylainen​ ,

Thanks for feedback and sorry for the inconvenience for you of this ST's choice.

I will escalate your comment and for sure we will enhance the communication on this.

Olivier