Skip to main content
M
milkylainen
Visitor II
August 4, 2022
Solved

Confusing information regarding OTP from U-boot vs TF-A.

  • August 4, 2022
  • 2 replies
  • 1213 views

I've put TF-A into verbose printing, resulting in prints regarding BSEC access.

But the printouts from TF-A vs U-boot tell different, or atleast confusing information.

What gives?

(TF-A 2.6-r1, U-Boot 2020.10-r2)

> stm32key read

VERBOSE: BSEC: OTP 24 is locked and write will be ignored

OTP HASH 24: 0 lock : 0

VERBOSE: BSEC: OTP 25 is locked and write will be ignored

OTP HASH 25: 0 lock : 0

VERBOSE: BSEC: OTP 26 is locked and write will be ignored

OTP HASH 26: 0 lock : 0

VERBOSE: BSEC: OTP 27 is locked and write will be ignored

OTP HASH 27: 0 lock : 0

VERBOSE: BSEC: OTP 28 is locked and write will be ignored

OTP HASH 28: 0 lock : 0

VERBOSE: BSEC: OTP 29 is locked and write will be ignored

OTP HASH 29: 0 lock : 0

VERBOSE: BSEC: OTP 30 is locked and write will be ignored

OTP HASH 30: 0 lock : 0

VERBOSE: BSEC: OTP 31 is locked and write will be ignored

OTP HASH 31: 0 lock : 0

VERBOSE: BSEC: OTP 0 is locked and will not be refreshed

VERBOSE: BSEC: OTP 0 is locked and write will be ignored

OTP 0: closed status: 0 lock : 0

HASK key is not locked!

HASK key is free!

    This topic has been closed for replies.
    Best answer by OlivierK

    Hi milkylainen (Community Member)

    OTP read needs to go through secure world. Therefore BL32 needs to be loaded first, and OTP will be accessible from BL33 as you've done using stm32key read. I would ignore the verbose printing in TF-A and focus on U-boot.

    2 replies

    O
    OlivierK
    Technical Moderator
    September 9, 2022

    Hi milkylainen (Community Member) 

    OTP checks can only be done at U-boot stage. So you can ignore the TF-A printouts.

    At U-boot prompt.

    STM32MP> stm32key read                              

    PKHTH OTP 24: 00000000 lock : 10000000                      

    PKHTH OTP 25: 00000000 lock : 10000000                      

    PKHTH OTP 26: 00000000 lock : 10000000                      

    PKHTH OTP 27: 00000000 lock : 10000000                      

    PKHTH OTP 28: 00000000 lock : 10000000                      

    PKHTH OTP 29: 00000000 lock : 10000000                      

    PKHTH OTP 30: 00000000 lock : 10000000                      

    PKHTH OTP 31: 00000000 lock : 10000000                      

    PKHTH is not locked!                               

    PKHTH is free!  

    M
    milkylainenAuthor
    Visitor II
    September 12, 2022

    Hi @OlivierK​ 

    Not sure I follow. The printouts happen while I am in U-boot.

    If I put tf-a into loglevel 50, I get these printouts from secure world (I assume?) into my U-boot console.

    Are you saying that despite the printouts from TF-A, while in BL33, they're inaccurate and I should ignore them?

    O
    OlivierKAnswer
    Technical Moderator
    September 12, 2022

    Hi milkylainen (Community Member)

    OTP read needs to go through secure world. Therefore BL32 needs to be loaded first, and OTP will be accessible from BL33 as you've done using stm32key read. I would ignore the verbose printing in TF-A and focus on U-boot.

    Terms & ConditionsAccessibility statement