OP-TEE OTP overview

This message will disappear after all relevant tasks have been resolved.

Semantic MediaWiki

There are 1 incomplete or pending task to finish installation of Semantic MediaWiki. An administrator or user with sufficient rights can complete it. This should be done before adding new data to avoid inconsistencies.

Applicable for

STM32MP13x lines, STM32MP15x lines

This article gives information about the OTP framework in OP-TEE and the associated interfaces.

1 Framework purpose[edit source]

The two OP-TEE trusted applications (TA), STM32MP BSEC and STM32MP NVMEM, provide a generic interface for the device non-volatile OTP (one-time programmable) fuses.

These two TAs offer interfaces to read and/or write OTP data and status at other TAs in secure world and at non-secure applications.

2 System overview[edit source]

OP-TEE BSEC PTA

OP-TEE NVMEM TA

2.1 Component description[edit source]

Non secure world (Linux):
- NVMEM framework (kernel space) : The NVMEM framework in Linux^® kernel provides sysfs interface and NVMEM API.
- NVMEM drivers (kernel space): Provider drivers such as BSEC Linux^® driver that exposes OTP data to the core.
- TEE Core API Lib (User Space): Library called by the client application to access to the kernel space.
- TEE framework (kernel space): The TEE framework provides TEE client API to communicate with secure services, as the services provided by the OP-TEE Linux^® driver.
- OP-TEE driver (Kernel Space): Generic driver that sends messages to the OP-TEE OS.

Secure world: the OP-TEE secure OS runs on the Cortex-A in secure mode and exposes secure service with trusted applications (TA)
- STM32MP NVMEM TA (User mode): early TA that exposes the NVMEM specific services for provisioning by non-secure world.
- STM32MP BSEC PTA (OP-TEE core): pseudo TA (PTA) that exposes the BSEC specific services for OTP acccess by non-secure world or to other TAs.
- BSEC driver (OP-TEE core): core/drivers/stm32_bsec.c

Hardware: access to hardware specific peripherals
- BSEC internal peripheral

2.2 API description[edit source]

The OTP interface is provided by two trusted applications (TA) in OP-TEE, accessible from the normal world with the GlobalPlatform TEE Client API:

STM32MP BSEC PTA: used to export OTP to other TA or to normal world (individual access)
- lib/libutee/include/pta_bsec.h

STM32MP NVMEM TA: used to export OTP to STM32cubeProgrammer (global access for provisioning)
- ta/stm32mp_nvmem/include/ta_stm32mp_nvmem.h

3 Configuration[edit source]

3.1 OP-TEE_OS configuration[edit source]

Activate STM32MP BSEC PTA in OP-TEE configuration core/arch/arm/plat-stm32mp1/conf.mk :

CFG_BSEC_PTA ?= y

Activate BSEC driver write support in OP-TEE configuration core/arch/arm/plat-stm32mp1/conf.mk :

CFG_STM32_BSEC_WRITE ?= y

In ecosystem release ≤ v4.1.0 , this configuration is activated on OP-TEE debug release with:

CFG_STM32_BSEC_WRITE ?= $(CFG_TEE_CORE_DEBUG)

Activate STM32MP NVMEM TA in OP-TEE configuration core/arch/arm/plat-stm32mp1/conf.mk :

CFG_TA_STM32MP_NVMEM ?= y

Warning

It is strongly recommended to deactivated the TA STM32MP NVMEM in final product

3.2 Device tree configuration[edit source]

Detailed DT configuration for STM32 internal peripherals:

BSEC device tree configuration

4 How to use the OP-TEE OTP interfaces[edit source]

The access to Trusted application (TA) is done with TEE client API architecture/globalplatform_api.html#tee-client-api.

4.1 STM32MP BSEC PTA[edit source]

The STM32MP BSEC PTA interface runs at TEE kernel level and provides access to OTP data and status: lock and error. (core/pta/stm32mp/bsec_pta.c )

This interface is used by Trusted Application in secure world to access all available OTP, not masked by hardware.

See example in the STM32MP NVMEM TA: ta/stm32mp_nvmem/ta_stm32mp_nvmem.c , this access is only allowed for open device (checked during open session) but no access restriction for other TA.

This interface is also used by non-secure world BSEC driver to access to unsecured OTP:

Linux: drivers/nvmem/stm32-romem.c
U-Boot: arch/arm/mach-stm32mp/bsec.c

Only the lower OTPs words are default accessible by non-secure world (TEE_LOGIN_REE_KERNEL), the software needs to manage exceptions to allow some upper OTPs to be accessed by the non-secure world as described in BSEC_device_tree_configuration, when an OTP is not accessible, the returned value is 0x0.

4.2 STM32MP NVMEM TA[edit source]

The STM32MP NVMEM early TA interface runs in at secure user space level and allows access to secure not volatile memory (NVMEM), by exchanging buffer with provisioning application and with STM32CubeProgrammer tools (ta/stm32mp_nvmem/ta_stm32mp_nvmem.c ).

Warning

Session to the STM32MP NVMEM TA failed on closed device, because open session to STM32MP BSEC PTA is refused

See example in U-Boot: arch/arm/mach-stm32mp/cmd_stm32prog/stm32prog.c .

Warning

This interface is a potential security breach, it should be used only in development phases or for provisioning software, it is recommended to deactivate this TA in a final product

5 References[edit source]

Please refer to the following links for additional information: