Skip to main content
K
Kaushendra
Visitor II
December 3, 2020
Question

STM32MP157CAC Secure Boot Process on Avenger96 board fails

  • December 3, 2020
  • 2 replies
  • 1209 views

Hi All,

I have performed Secure Boot over Avenger96 Board replaced with STM32MP157CAC earlier,but now I'm facing error provided below.

NOTICE: CPU: STM32MP157CAC Rev.?
NOTICE: Model: Arrow Electronics STM32MP157A Avenger96 board
NOTICE: Boot authentication Failed
INFO: Reset reason (0x15):
INFO: Power-on Reset (rst_por)
INFO: Using SDMMC
INFO: Instance 1
INFO: Boot used partition fsbl1
NOTICE: BL2: v2.0-r1.5(debug):
NOTICE: BL2: Built : 13:13:37, Oct 2 2018
INFO: BL2: Doing platform setup
INFO: PMIC version = 0x10
INFO: RAM: DDR3-1066/888 bin G 2x4Gb 533MHz v1.45
INFO: Memory size = 0x40000000 (1024 MB)
INFO: BL2 runs SP_MIN setup
INFO: BL2: Loading image id 4
INFO: Loading image id=4 at address 0x2fff0000
INFO: Image id=4 loaded: 0x2fff0000 - 0x30000000
INFO: BL2: Loading image id 5
INFO: Loading image id=5 at address 0xc0100000
INFO: STM32 Image size : 833640
INFO: Check signature on Non-Full-Secured platform
ERROR: Authentication Failed
WARNING: Failed to load image id=5 (-22)
ERROR: BL2: Failed to load image (-22)

Steps followed :

1 Key generation:

sudo ./STM32MP_KeyGen_CLI -ecc 2 -pubk /home/user/secure_keys/public.pem -prvk /home/user/secure_keys/private.pem -hash /home/user/secure_keys/pubKeyHash.bin -pwd seed

2 Extending PublickeyHash

Copied PublickeyHash in SD-card into bootfs

cp /home/ <username> /secure_keys/pubKeyHash.bin /media/<username>/bootfs/

3 Key registration

at u-boot used the below commands

STM32MP>ext4load mmc 0:4 0xc0000000 pubKeyHash.bin
STM32MP> stm32key read 0xc0000000
STM32MP> stm32key fuse -y 0xc0000000 (after verifcation we have fused)

now power-off the board and and again Plug SD-card to PC for flashing signed image.

4 Image Signing the FSBL and SSBL

FSBL

sudo ./STM32MP_SigningTool_CLI -bin /home/kaushendra/Board_Test/tf-a-stm32mp157a-av96-trusted.stm32 -pubk /home/kaushendra/secure_test/public.pem -prvk /home/kaushendra/secure_test/private.pem -pwd seed -a 2 -o /home/kaushendra/Board_Test/tf-a-stm32mp157a-av96-trusted-signed.stm32

SSBL

sudo ./STM32MP_SigningTool_CLI -bin /home/kaushendra/Board_Test/u-boot-stm32mp157a-av96-trusted.stm32 -pubk /home/kaushendra/secure_test/public.pem -prvk /home/kaushendra/secure_test/private.pem -pwd seed -a 2 -o /home/kaushendra/Board_Test/u-boot-stm32mp157a-av96-trusted-signed.stm32

5 Image Programming

flash the SD-card plugged into PC

FSBL:
sudo dd if=tf-a-stm32mp157a-av96-trusted-signed.stm32 of=/dev/sdb1 bs=1M conv=fdatasync status=progress && sync
 
sudo dd if=tf-a-stm32mp157a-av96-trusted-signed.stm32 of=/dev/sdb2 bs=1M conv=fdatasync status=progress && sync
 
SSBL:
sudo dd if=u-boot-stm32mp157a-av96-trusted-signed.stm32 of=/dev/sdb3 bs=1M conv=fdatasync status=progress && sync

After that when Plug the SD-card into board, i receive the above provided error log.

Please help me debugging the issue,or which step i just went wrong.

Regards,

kaushendra sah

    This topic has been closed for replies.

    2 replies

    K
    KaushendraAuthor
    Visitor II
    December 4, 2020

    Hi @Community member​ ,

    I have tried to read OTP word :24-31,but it didn't seems to be perfectly programmed with pubKeyHash.bin values.

    Below are my steps performed.

    1.reading pubKeyHash.bin into mmc address location.

    STM32MP> ext4load mmc 0:4 0xc0000000 pubKeyHash.bin 
32 bytes read in 0 ms

    2.reading the Values and confirming it before fuse.

    STM32MP> stm32key read 0xc0000000
OTP value 24: a107d303
OTP value 25: c42e280a
OTP value 26: f67ef283
OTP value 27: 3b1ef514
OTP value 28: 62e2039c
OTP value 29: a75c084e
OTP value 30: a9c56463
OTP value 31: a8ee723f

    3.fuse the OTP

    STM32MP> stm32key fuse -y 0xc0000000

    4.reading the OTP fused location word :24-31

    STM32MP> fuse read 0 0 32
Reading bank 0:
Word 0x00000000: 00000017 00008000 a0200000 00000000
Word 0x00000004: 00000000 00000000 00000000 00000000
Word 0x00000008: 00000018 00000000 00000000 00000000
Word 0x0000000c: 7d1cf901 0021002e 31395111 38313636
Word 0x00000010: 139585e6 20d31468 7ad72140 06591382
Word 0x00000014: 5e140042 00000000 00000000 404b306f
Word 0x00000018: ffffffff ffffffff ffffffff ffffffff
Word 0x0000001c: ffffffff ffffffff ffffffff ffffffff

    However, above values for word:24-31 should have to changed but they remains as 0xff.

    please help me debug this issue it would be appreciated.

    Regards,

    kaushendra sah

    L
    LionelD
    Visitor II
    December 18, 2020

    Hi @Kaushendra​ ,

    Looking to your first sequence, everything looks good. I'm more surprised about the dump you have made in the second part.

    0xFFFFFFFF is only expect on CPU 15XA where the secure boot is not possible.

    I'm not expecting 0xffffffff value on these fuses as they are ECC 1bit (meaning that you can write them more than ones without blocking them).

    Do you still have some other similar board where you can first do a dump before trying to write, just to confirm that they are properly set to 0x0 otherwise, no write is possible, fuses can go from 0 to 1 but once FFFFFFFF is achieve, you can not do any other operation.

    BR,

    Lionel

    Terms & ConditionsAccessibility statement