* STM32MP: Can't lock PHK fuses through U-Boot cmd's "stm32key" or "fuse"
@ 2022-02-11 14:02 Johann Neuhauser
2022-02-14 11:14 ` Patrick DELAUNAY
0 siblings, 1 reply; 4+ messages in thread
From: Johann Neuhauser @ 2022-02-11 14:02 UTC (permalink / raw)
To: patrick.delaunay, Patrice Chotard; +Cc: u-boot
Hello Patrick, Patrice and other devs,
I'm trying to roll out secure boot with U-Boot v2022.01 only.
The boot flow should be like:
BootROM -(signed STM32 image)-> U-Boot SPL -(signed fit)-> U-Boot -(signed fit)-> Linux
Everything except the first part in the chain is working as expected.
I've used the U-Boot cmd "stm32key" to programm the file "publicKeyhash.bin",
but the command failed with: "Lock OTP 24 failed".
Here are the excact commands with output (hash values are replaced by xxxxxxxx):
STM32MP> load mmc 0:4 ${loadaddr} publicKeyhash.bin
STM32MP> stm32key read ${loadaddr}
Read KEY at 0xc2000000
OTP value 24: xxxxxxxx
OTP value 25: xxxxxxxx
OTP value 26: xxxxxxxx
OTP value 27: xxxxxxxx
OTP value 28: xxxxxxxx
OTP value 29: xxxxxxxx
OTP value 30: xxxxxxxx
OTP value 31: xxxxxxxx
STM32MP> stm32key fuse -y ${loadaddr}
Lock OTP 24 failed
A second call failed because the word 24 is already fused and not locked!
STM32MP> stm32key fuse ${loadaddr}
OTP HASH 24: xxxxxxxx lock : 0
OTP HASH 25: 0 lock : 0
OTP HASH 26: 0 lock : 0
OTP HASH 27: 0 lock : 0
OTP HASH 28: 0 lock : 0
OTP HASH 29: 0 lock : 0
OTP HASH 30: 0 lock : 0
OTP HASH 31: 0 lock : 0
OTP 0: closed status: 0 lock : 0
Hash of key is not locked!
Error: can't fuse again the OTP
After this failed attempt, I tried to fuse the hash with the command "fuse", like:
STM32MP> fuse prog -y 0 0x18 0x4e31bbcd
STM32MP> fuse prog -y 0 0x19 0x51e827dd
STM32MP> fuse prog -y 0 0x1a 0x3511f521
STM32MP> fuse prog -y 0 0x1b 0xfd9c11a2
STM32MP> fuse prog -y 0 0x1c 0x5b997b82
STM32MP> fuse prog -y 0 0x1d 0x8150adc5
STM32MP> fuse prog -y 0 0x1e 0xa9c68fa9
STM32MP> fuse prog -y 0 0x1f 0x72a3ba74
Which gives me a matching "stm32key read" == "stm32key read ${loadaddr}",
except that the fuses aren't locked.
If I wanna lock the fuses with, it always fails with "ERROR":
STM32MP> fuse prog -y 0 0x10000018 1 1 1 1 1 1 1 1
Programming bank 0 word 0x10000018 to 0x00000001...
ERROR
According to the reference manual, chapter 4, only writes to the shadow registers aren't allowed!
Do you have any clue why locking the fuses isn't possilbe either with "stm32key" or with "fuse"?
The next thing is, that I can't authenticate any signed STM32 images with the non locked PHK fuses.
And no, I haven't closed the device already nor have I locked/fused any other fuses.
I've implemented a authentication status output inside "arch/arm/mach-stm32mp/spl.c"
like in TF-A "plat/st/stm32mp1/bl2_plat_setup.c", which I'll probably mainline into U-Boot.
I'm using a STM32MP157C on a DHCOM with PDK2 from DH electronics GmbH.
Best regards and a nice weekend,
Johann Neuhauser
DH electronics GmbH | Am Anger 8 | 83346 Bergen | Germany | Fon: +49 8662 4882 0
Board of Management: Stefan Daxenberger, Helmut Henschke | HRB Traunstein 9602
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: STM32MP: Can't lock PHK fuses through U-Boot cmd's "stm32key" or "fuse"
2022-02-11 14:02 STM32MP: Can't lock PHK fuses through U-Boot cmd's "stm32key" or "fuse" Johann Neuhauser
@ 2022-02-14 11:14 ` Patrick DELAUNAY
2022-02-14 15:20 ` Patrick DELAUNAY
0 siblings, 1 reply; 4+ messages in thread
From: Patrick DELAUNAY @ 2022-02-14 11:14 UTC (permalink / raw)
To: Johann Neuhauser, Patrice Chotard; +Cc: u-boot, bernard.puel
Hi Johann,
On 2/11/22 15:02, Johann Neuhauser wrote:
> Hello Patrick, Patrice and other devs,
>
> I'm trying to roll out secure boot with U-Boot v2022.01 only.
> The boot flow should be like:
> BootROM -(signed STM32 image)-> U-Boot SPL -(signed fit)-> U-Boot -(signed fit)-> Linux
>
> Everything except the first part in the chain is working as expected.
> I've used the U-Boot cmd "stm32key" to programm the file "publicKeyhash.bin",
> but the command failed with: "Lock OTP 24 failed".
>
> Here are the excact commands with output (hash values are replaced by xxxxxxxx):
> STM32MP> load mmc 0:4 ${loadaddr} publicKeyhash.bin
> STM32MP> stm32key read ${loadaddr}
> Read KEY at 0xc2000000
> OTP value 24: xxxxxxxx
> OTP value 25: xxxxxxxx
> OTP value 26: xxxxxxxx
> OTP value 27: xxxxxxxx
> OTP value 28: xxxxxxxx
> OTP value 29: xxxxxxxx
> OTP value 30: xxxxxxxx
> OTP value 31: xxxxxxxx
> STM32MP> stm32key fuse -y ${loadaddr}
> Lock OTP 24 failed
>
> A second call failed because the word 24 is already fused and not locked!
> STM32MP> stm32key fuse ${loadaddr}
> OTP HASH 24: xxxxxxxx lock : 0
> OTP HASH 25: 0 lock : 0
> OTP HASH 26: 0 lock : 0
> OTP HASH 27: 0 lock : 0
> OTP HASH 28: 0 lock : 0
> OTP HASH 29: 0 lock : 0
> OTP HASH 30: 0 lock : 0
> OTP HASH 31: 0 lock : 0
> OTP 0: closed status: 0 lock : 0
> Hash of key is not locked!
> Error: can't fuse again the OTP
>
> After this failed attempt, I tried to fuse the hash with the command "fuse", like:
> STM32MP> fuse prog -y 0 0x18 0x4e31bbcd
> STM32MP> fuse prog -y 0 0x19 0x51e827dd
> STM32MP> fuse prog -y 0 0x1a 0x3511f521
> STM32MP> fuse prog -y 0 0x1b 0xfd9c11a2
> STM32MP> fuse prog -y 0 0x1c 0x5b997b82
> STM32MP> fuse prog -y 0 0x1d 0x8150adc5
> STM32MP> fuse prog -y 0 0x1e 0xa9c68fa9
> STM32MP> fuse prog -y 0 0x1f 0x72a3ba74
> Which gives me a matching "stm32key read" == "stm32key read ${loadaddr}",
> except that the fuses aren't locked.
>
> If I wanna lock the fuses with, it always fails with "ERROR":
> STM32MP> fuse prog -y 0 0x10000018 1 1 1 1 1 1 1 1
> Programming bank 0 word 0x10000018 to 0x00000001...
> ERROR
>
> According to the reference manual, chapter 4, only writes to the shadow registers aren't allowed!
> Do you have any clue why locking the fuses isn't possilbe either with "stm32key" or with "fuse"?
>
> The next thing is, that I can't authenticate any signed STM32 images with the non locked PHK fuses.
> And no, I haven't closed the device already nor have I locked/fused any other fuses.
> I've implemented a authentication status output inside "arch/arm/mach-stm32mp/spl.c"
> like in TF-A "plat/st/stm32mp1/bl2_plat_setup.c", which I'll probably mainline into U-Boot.
> I'm using a STM32MP157C on a DHCOM with PDK2 from DH electronics GmbH.
>
> Best regards and a nice weekend,
> Johann Neuhauser
>
> DH electronics GmbH | Am Anger 8 | 83346 Bergen | Germany | Fon: +49 8662 4882 0
> Board of Management: Stefan Daxenberger, Helmut Henschke | HRB Traunstein 9602
You correctly use the stm32key or the stm32fuse command
https://wiki.st.com/stm32mpu/wiki/STM32MP15_ROM_code_secure_boot
https://wiki.st.com/stm32mpu/wiki/How_to_update_OTP_with_U-Boot
But in fact the OTP LOCK feature is NOT supported in U-Boot basic boot.
As OpenSTLinux only use boot with TF-A and the OTP operations are managed by
secure service (SMC), all the feature in basic boot with SPL wasn't
developed
By STMicroelectronics.
Today OTP LOCK feature is a a security to avoid a 2nd write on lower OTP
which
will cause an ECC error.
So it wasn't a blocking feature, you can experiment the secure boot chain
without locking the OTP.
Reference in code : CONFIG_ARM_SMCCC is not activated
arch/arm/mach-stm32mp/bsec.c():: stm32mp_bsec_write_lock()
static int stm32mp_bsec_write_lock(struct udevice *dev, u32 val, u32 otp)
{
if (!IS_ENABLED(CONFIG_ARM_SMCCC) || IS_ENABLED(CONFIG_SPL_BUILD))
return -ENOTSUPP;
....
=> without TF-A the lock feature is not (yet ?) supported
reference code in TF-A:
drivers/st/bsec/bsec2.c::bsec_permanent_lock_otp()
Regards
Patrick
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: STM32MP: Can't lock PHK fuses through U-Boot cmd's "stm32key" or "fuse"
2022-02-14 11:14 ` Patrick DELAUNAY
@ 2022-02-14 15:20 ` Patrick DELAUNAY
2022-02-15 9:03 ` Johann Neuhauser
0 siblings, 1 reply; 4+ messages in thread
From: Patrick DELAUNAY @ 2022-02-14 15:20 UTC (permalink / raw)
To: Johann Neuhauser, Patrice Chotard; +Cc: u-boot, bernard.puel
Hi,
On 2/14/22 12:14, Patrick DELAUNAY wrote:
> Hi Johann,
>
> On 2/11/22 15:02, Johann Neuhauser wrote:
>> Hello Patrick, Patrice and other devs,
>>
>> I'm trying to roll out secure boot with U-Boot v2022.01 only.
>> The boot flow should be like:
>> BootROM -(signed STM32 image)-> U-Boot SPL -(signed fit)-> U-Boot
>> -(signed fit)-> Linux
>>
>> Everything except the first part in the chain is working as expected.
>> I've used the U-Boot cmd "stm32key" to programm the file
>> "publicKeyhash.bin",
>> but the command failed with: "Lock OTP 24 failed".
>>
>> Here are the excact commands with output (hash values are replaced by
>> xxxxxxxx):
>> STM32MP> load mmc 0:4 ${loadaddr} publicKeyhash.bin
>> STM32MP> stm32key read ${loadaddr}
>> Read KEY at 0xc2000000
>> OTP value 24: xxxxxxxx
>> OTP value 25: xxxxxxxx
>> OTP value 26: xxxxxxxx
>> OTP value 27: xxxxxxxx
>> OTP value 28: xxxxxxxx
>> OTP value 29: xxxxxxxx
>> OTP value 30: xxxxxxxx
>> OTP value 31: xxxxxxxx
>> STM32MP> stm32key fuse -y ${loadaddr}
>> Lock OTP 24 failed
>>
>> A second call failed because the word 24 is already fused and not
>> locked!
>> STM32MP> stm32key fuse ${loadaddr}
>> OTP HASH 24: xxxxxxxx lock : 0
>> OTP HASH 25: 0 lock : 0
>> OTP HASH 26: 0 lock : 0
>> OTP HASH 27: 0 lock : 0
>> OTP HASH 28: 0 lock : 0
>> OTP HASH 29: 0 lock : 0
>> OTP HASH 30: 0 lock : 0
>> OTP HASH 31: 0 lock : 0
>> OTP 0: closed status: 0 lock : 0
>> Hash of key is not locked!
>> Error: can't fuse again the OTP
>>
>> After this failed attempt, I tried to fuse the hash with the command
>> "fuse", like:
>> STM32MP> fuse prog -y 0 0x18 0x4e31bbcd
>> STM32MP> fuse prog -y 0 0x19 0x51e827dd
>> STM32MP> fuse prog -y 0 0x1a 0x3511f521
>> STM32MP> fuse prog -y 0 0x1b 0xfd9c11a2
>> STM32MP> fuse prog -y 0 0x1c 0x5b997b82
>> STM32MP> fuse prog -y 0 0x1d 0x8150adc5
>> STM32MP> fuse prog -y 0 0x1e 0xa9c68fa9
>> STM32MP> fuse prog -y 0 0x1f 0x72a3ba74
>> Which gives me a matching "stm32key read" == "stm32key read
>> ${loadaddr}",
>> except that the fuses aren't locked.
>>
>> If I wanna lock the fuses with, it always fails with "ERROR":
>> STM32MP> fuse prog -y 0 0x10000018 1 1 1 1 1 1 1 1
>> Programming bank 0 word 0x10000018 to 0x00000001...
>> ERROR
>>
>> According to the reference manual, chapter 4, only writes to the
>> shadow registers aren't allowed!
>> Do you have any clue why locking the fuses isn't possilbe either with
>> "stm32key" or with "fuse"?
>>
>> The next thing is, that I can't authenticate any signed STM32 images
>> with the non locked PHK fuses.
>> And no, I haven't closed the device already nor have I locked/fused
>> any other fuses.
>> I've implemented a authentication status output inside
>> "arch/arm/mach-stm32mp/spl.c"
>> like in TF-A "plat/st/stm32mp1/bl2_plat_setup.c", which I'll probably
>> mainline into U-Boot.
>> I'm using a STM32MP157C on a DHCOM with PDK2 from DH electronics GmbH.
>>
>> Best regards and a nice weekend,
>> Johann Neuhauser
>>
>> DH electronics GmbH | Am Anger 8 | 83346 Bergen | Germany | Fon: +49
>> 8662 4882 0
>> Board of Management: Stefan Daxenberger, Helmut Henschke | HRB
>> Traunstein 9602
>
>
> You correctly use the stm32key or the stm32fuse command
>
> https://wiki.st.com/stm32mpu/wiki/STM32MP15_ROM_code_secure_boot
>
> https://wiki.st.com/stm32mpu/wiki/How_to_update_OTP_with_U-Boot
>
>
> But in fact the OTP LOCK feature is NOT supported in U-Boot basic boot.
>
>
> As OpenSTLinux only use boot with TF-A and the OTP operations are
> managed by
>
> secure service (SMC), all the feature in basic boot with SPL wasn't
> developed
>
> By STMicroelectronics.
>
>
> Today OTP LOCK feature is a a security to avoid a 2nd write on lower
> OTP which
>
> will cause an ECC error.
>
> So it wasn't a blocking feature, you can experiment the secure boot chain
>
> without locking the OTP.
>
>
> Reference in code : CONFIG_ARM_SMCCC is not activated
>
> arch/arm/mach-stm32mp/bsec.c():: stm32mp_bsec_write_lock()
>
>
> static int stm32mp_bsec_write_lock(struct udevice *dev, u32 val, u32 otp)
> {
> if (!IS_ENABLED(CONFIG_ARM_SMCCC) || IS_ENABLED(CONFIG_SPL_BUILD))
> return -ENOTSUPP;
> ....
>
> => without TF-A the lock feature is not (yet ?) supported
>
>
> reference code in TF-A:
>
> drivers/st/bsec/bsec2.c::bsec_permanent_lock_otp()
>
>
> Regards
>
> Patrick
>
>
I will propose a patch to solve this issue soon (in few day).
Regards
Patrick
^ permalink raw reply [flat|nested] 4+ messages in thread
* RE: STM32MP: Can't lock PHK fuses through U-Boot cmd's "stm32key" or "fuse"
2022-02-14 15:20 ` Patrick DELAUNAY
@ 2022-02-15 9:03 ` Johann Neuhauser
0 siblings, 0 replies; 4+ messages in thread
From: Johann Neuhauser @ 2022-02-15 9:03 UTC (permalink / raw)
To: Patrick DELAUNAY, Patrice Chotard; +Cc: u-boot, bernard.puel
> -----Original Message-----
> From: Patrick DELAUNAY [mailto:patrick.delaunay@foss.st.com]
> Sent: Monday, February 14, 2022 4:21 PM
>
> Hi,
>
>
> On 2/14/22 12:14, Patrick DELAUNAY wrote:
> > Hi Johann,
> >
Hello Patrick,
> > On 2/11/22 15:02, Johann Neuhauser wrote:
> >> Hello Patrick, Patrice and other devs,
> >>
> >> I'm trying to roll out secure boot with U-Boot v2022.01 only.
> >> The boot flow should be like:
> >> BootROM -(signed STM32 image)-> U-Boot SPL -(signed fit)-> U-Boot
> >> -(signed fit)-> Linux
> >>
> >> Everything except the first part in the chain is working as expected.
> >> I've used the U-Boot cmd "stm32key" to programm the file
> >> "publicKeyhash.bin",
> >> but the command failed with: "Lock OTP 24 failed".
> >>
> >> Here are the excact commands with output (hash values are replaced by
> >> xxxxxxxx):
> >> STM32MP> load mmc 0:4 ${loadaddr} publicKeyhash.bin
> >> STM32MP> stm32key read ${loadaddr}
> >> Read KEY at 0xc2000000
> >> OTP value 24: xxxxxxxx
> >> OTP value 25: xxxxxxxx
> >> OTP value 26: xxxxxxxx
> >> OTP value 27: xxxxxxxx
> >> OTP value 28: xxxxxxxx
> >> OTP value 29: xxxxxxxx
> >> OTP value 30: xxxxxxxx
> >> OTP value 31: xxxxxxxx
> >> STM32MP> stm32key fuse -y ${loadaddr}
> >> Lock OTP 24 failed
> >>
> >> A second call failed because the word 24 is already fused and not
> >> locked!
> >> STM32MP> stm32key fuse ${loadaddr}
> >> OTP HASH 24: xxxxxxxx lock : 0
> >> OTP HASH 25: 0 lock : 0
> >> OTP HASH 26: 0 lock : 0
> >> OTP HASH 27: 0 lock : 0
> >> OTP HASH 28: 0 lock : 0
> >> OTP HASH 29: 0 lock : 0
> >> OTP HASH 30: 0 lock : 0
> >> OTP HASH 31: 0 lock : 0
> >> OTP 0: closed status: 0 lock : 0
> >> Hash of key is not locked!
> >> Error: can't fuse again the OTP
> >>
> >> After this failed attempt, I tried to fuse the hash with the command
> >> "fuse", like:
> >> STM32MP> fuse prog -y 0 0x18 0x4e31bbcd
> >> STM32MP> fuse prog -y 0 0x19 0x51e827dd
> >> STM32MP> fuse prog -y 0 0x1a 0x3511f521
> >> STM32MP> fuse prog -y 0 0x1b 0xfd9c11a2
> >> STM32MP> fuse prog -y 0 0x1c 0x5b997b82
> >> STM32MP> fuse prog -y 0 0x1d 0x8150adc5
> >> STM32MP> fuse prog -y 0 0x1e 0xa9c68fa9
> >> STM32MP> fuse prog -y 0 0x1f 0x72a3ba74
> >> Which gives me a matching "stm32key read" == "stm32key read
> >> ${loadaddr}",
> >> except that the fuses aren't locked.
> >>
> >> If I wanna lock the fuses with, it always fails with "ERROR":
> >> STM32MP> fuse prog -y 0 0x10000018 1 1 1 1 1 1 1 1
> >> Programming bank 0 word 0x10000018 to 0x00000001...
> >> ERROR
> >>
> >> According to the reference manual, chapter 4, only writes to the
> >> shadow registers aren't allowed!
> >> Do you have any clue why locking the fuses isn't possilbe either with
> >> "stm32key" or with "fuse"?
> >>
> >> The next thing is, that I can't authenticate any signed STM32 images
> >> with the non locked PHK fuses.
> >> And no, I haven't closed the device already nor have I locked/fused
> >> any other fuses.
> >> I've implemented a authentication status output inside
> >> "arch/arm/mach-stm32mp/spl.c"
> >> like in TF-A "plat/st/stm32mp1/bl2_plat_setup.c", which I'll probably
> >> mainline into U-Boot.
> >> I'm using a STM32MP157C on a DHCOM with PDK2 from DH electronics GmbH.
> >>
> >> Best regards and a nice weekend,
> >> Johann Neuhauser
> >>
> >> DH electronics GmbH | Am Anger 8 | 83346 Bergen | Germany | Fon: +49
> >> 8662 4882 0
> >> Board of Management: Stefan Daxenberger, Helmut Henschke | HRB
> >> Traunstein 9602
> >
> >
> > You correctly use the stm32key or the stm32fuse command
> >
> > https://wiki.st.com/stm32mpu/wiki/STM32MP15_ROM_code_secure_boot
> >
> > https://wiki.st.com/stm32mpu/wiki/How_to_update_OTP_with_U-Boot
> >
> >
> > But in fact the OTP LOCK feature is NOT supported in U-Boot basic boot.
> >
Thanks for this information, I wasn't aware of this fact.
> >
> > As OpenSTLinux only use boot with TF-A and the OTP operations are
> > managed by
> >
> > secure service (SMC), all the feature in basic boot with SPL wasn't
> > developed
> >
> > By STMicroelectronics.
> >
> >
> > Today OTP LOCK feature is a a security to avoid a 2nd write on lower
> > OTP which
> >
> > will cause an ECC error.
> >
> > So it wasn't a blocking feature, you can experiment the secure boot chain
> >
> > without locking the OTP.
> >
> >
> > Reference in code : CONFIG_ARM_SMCCC is not activated
> >
> > arch/arm/mach-stm32mp/bsec.c():: stm32mp_bsec_write_lock()
> >
> >
> > static int stm32mp_bsec_write_lock(struct udevice *dev, u32 val, u32 otp)
> > {
> > if (!IS_ENABLED(CONFIG_ARM_SMCCC) || IS_ENABLED(CONFIG_SPL_BUILD))
> > return -ENOTSUPP;
> > ....
> >
> > => without TF-A the lock feature is not (yet ?) supported
> >
> >
> > reference code in TF-A:
> >
> > drivers/st/bsec/bsec2.c::bsec_permanent_lock_otp()
> >
> >
> > Regards
> >
> > Patrick
> >
> >
>
> I will propose a patch to solve this issue soon (in few day).
Thank you for your efforts.
For now, I'll port our platform to tf-a and optee,
but I'm looking forward to a patch on the mailing list.
>
> Regards
>
>
> Patrick
>
>
Best Regards,
Johann Neuhauser
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-02-15 9:04 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-02-11 14:02 STM32MP: Can't lock PHK fuses through U-Boot cmd's "stm32key" or "fuse" Johann Neuhauser
2022-02-14 11:14 ` Patrick DELAUNAY
2022-02-14 15:20 ` Patrick DELAUNAY
2022-02-15 9:03 ` Johann Neuhauser
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.