- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- Advanced AnalogAdvanced Analog
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
- S32Z/E
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- Generative AI & LLMs
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
- RFID / NFC
- Advanced Analog
-
- NXP Tech Blogs
- Home
- :
- i.MX Forums
- :
- i.MX Processors
- :
- Failure loading TEE-Crypto kernel module on IMX93 custom board
Failure loading TEE-Crypto kernel module on IMX93 custom board
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Failure loading TEE-Crypto kernel module on IMX93 custom board
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am using release scarthgap-6.6.52-2.2.0.
This is the output that i get from optee-os and dmesg:
tee_ta_init_pseudo_ta_session:303 Lookup pseudo TA 560c5231-71bc-476d-8c2e-4ba107991e72
D/TC:? 0 ldelf_load_ldelf:110 ldelf load address 0x40007000
D/LD: ldelf:142 Loading TS 560c5231-71bc-476d-8c2e-4ba107991e72
F/TC:? 0 trace_syscall:147 syscall #3 (syscall_get_property)
F/TC:? 0 trace_syscall:147 syscall #5 (syscall_open_ta_session)
D/TC:? 0 ldelf_syscall_open_bin:163 Lookup user TA ELF 560c5231-71bc-476d-8c2e-4ba107991e72 (early TA)
D/TC:? 0 ldelf_syscall_open_bin:167 res=0xffff0008
D/TC:? 0 ldelf_syscall_open_bin:163 Lookup user TA ELF 560c5231-71bc-476d-8c2e-4ba107991e72 (Secure Storage TA)
F/TC:? 0 plat_prng_add_jitter_entropy:68 0xC9
F/TC:? 0 plat_prng_add_jitter_entropy:68 0x70
F/TC:? 0 plat_prng_add_jitter_entropy:68 0xD2
D/TC:? 0 ldelf_syscall_open_bin:167 res=0xffff0008
D/TC:? 0 ldelf_syscall_open_bin:163 Lookup user TA ELF 560c5231-71bc-476d-8c2e-4ba107991e72 (REE)
D/TC:? 0 ldelf_syscall_open_bin:167 res=0xffff0008
E/LD: init_elf:493 sys_open_ta_bin(560c5231-71bc-476d-8c2e-4ba107991e72)
E/TC:? 0 ldelf_init_with_ldelf:152 ldelf failed with res: 0xffff0008
D/TC:? 0 tee_ta_open_session:696 init session failed 0xffff0008
[ 39.166586] tee_client_open_session failed, err: ffff0008
[ 39.172875] TEE-Crypto: Init failed[0xffffffea].
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Currently facing a related issue while trying to test dm-crypt with various operating modes. Without CONFIG_SOC_IMX9, frequency scaling is not available.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Indeed, in the document it says we have to disable CONFIG_SEC_ENCLAVE, but disabling that causes CONFIG_SOC_IMX9 to be disabled, which causes a lot of different problems.
Chavira
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @omar_aberkan!
Thank you for contacting NXP Support!
The BSP version 6.6.52 is not officially launched yet.
We will Launch this version soon.
Please try compiling the version 6.6.36
You can consult the latest release version in our web page.
Best Regards!
Chavira
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Chavira
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @omar_aberkan!
How are compiling your custom image?
Are you using Yocto or You are compiling standalone?
Are you coping the tee.bin to the mkimage?
Please follow the steps described in our Linux Users Guide page 40.
Best Regards!
Chavira
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Chavira
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @omar_aberkan!
Can you confirm if you are using NXP BSP scartgap 6.6.36 with no custom firmware or modification?
What steps are you taking to get that output from dmesg and optee-os? Is it on boot?
Is this an i.MX93 EVK or custom board?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Chavira
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @omar_aberkan!
Sorry for my late response!
Here are the steps I followed that worked for me on 6.6.52-2.2.0 (the scarthgap release in initial post which worked for me). For recreating steps on 6.6.36-2.1.0, the steps should be the same and this is what I am doing at the moment:
- Compile Kernel Image with following KCONFIG
- Either download stand alone linux-imx or use yocto devtool to modify linux-imx (Following Linux User's Guide / Yocto Project User's Guide)
- initalize board config
- make imx_v8_defconfig
- modify .config file
-
CONFIG_DM_CRYPT=y
CONFIG_TRUSTED_KEYS=m
CONFIG_TRUSTED_KEYS_TEE=y
CONFIG_IMX_SEC_ENCLAVE=n
CONFIG_IMX_ELE_TRNG=n
-
- (Optional if building standalone) make kernel image
- make
- Compile new OP-TEE OS image
- Either download stand alone optee-os or use Yocto devtool or .bbappends to modify source
- add configuration to device conf.h
- #define CFG_WITH_SOFTWARE_PRNG 1
- OR
- when building stand alone, add config to the build command
- CFG_WITH_SOFTWARE_PRNG=y source ./scripts/nxp_build.sh imx-mx93evk
- For yocto build, this should be all you need and the final yocto image will have correct configuration
- (Optional) if building stand alone (Linux User's Guide)
- build imx-boot image with required components following Section 4.5.13
- build bootable SD card following steps 4.3
I was not able to complete all these steps today for working 6.6.36 image. Will continue tomorrow and see if 6.6.36 fails, while 6.6.52 succeeds.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I was able to get it working by enabling the following options which are stated in the document:
CFG_WITH_SOFTWARE_PRNG=y
CFG_HWRNG_PTA=y
CFG_IMX_TRUSTED_ARM_CE=y
CFG_HWRNG_QUALITY=1024
But i still got problems when starting systemd:
[UNSUPP] Starting of Root Slice unsupported.
[DEPEND] Dependency failed for Kernel Configuration File System.
[DEPEND] Dependency failed for Root Mount.
[DEPEND] Dependency failed for Bind mount volatile /srv.
[DEPEND] Dependency failed for Local File Systems.
[DEPEND] Dependency failed for FUSE Control File System.
[DEPEND] Dependency failed for Load/Save OS Random Seed.
[DEPEND] Dependency failed for POSIX Message Queue File System.
[DEPEND] Dependency failed for Network Configuration.
[DEPEND] Dependency failed for Kernel Debug File System.
[DEPEND] Dependency failed for initctl Compatibility Named Pipe.
[DEPEND] Dependency failed for User Database Manager Socket.
[DEPEND] Dependency failed for Journal Socket.
[DEPEND] Dependency failed for Journal Service.
[DEPEND] Dependency failed for Bind mount volatile /var/cache.
[DEPEND] Dependency failed for Record System Boot/Shutdown in UTMP.
[DEPEND] Dependency failed for Record Runlevel Change in UTMP.
[DEPEND] Dependency failed for Flush Journal to Persistent Storage.
[DEPEND] Dependency failed for udev Control Socket.
[DEPEND] Dependency failed for Bind mount volatile /var/spool.
[DEPEND] Dependency failed for Kernel Trace File System.
[DEPEND] Dependency failed for /var/volatile.
[DEPEND] Dependency failed for Bind mount volatile /var/lib.
[DEPEND] Dependency failed for Journal Socket (/dev/log).
[DEPEND] Dependency failed for Network Name Resolution.
[DEPEND] Dependency failed for Huge Pages File System.
[DEPEND] Dependency failed for Temporary Directory /tmp.
[DEPEND] Dependency failed for User and Session Slice.
[DEPEND] Dependency failed for System Slice.
[DEPEND] Dependency failed for Network Service Netlink Socket.
[DEPEND] Dependency failed for Commit a transient machine-id on disk.
[DEPEND] Dependency failed for Rebuild Journal Catalog.
[DEPEND] Dependency failed for udev Kernel Socket.
[DEPEND] Dependency failed for Slice /system/getty.
[DEPEND] Dependency failed for Remount Root and Kernel File Systems.
[DEPEND] Dependency failed for Create Static Device Nodes in /dev.
[DEPEND] Dependency failed for Create Static Device Nodes in /dev gracefully.
[DEPEND] Dependency failed for Coldplug All udev Devices.
[DEPEND] Dependency failed for Load Kernel Modules.
[DEPEND] Dependency failed for Create System Users.
[DEPEND] Dependency failed for Emergency Shell.
[DEPEND] Dependency failed for Emergency Mode.
[DEPEND] Dependency failed for Rebuild Hardware Database.
[DEPEND] Dependency failed for Slice /system/modprobe.
[DEPEND] Dependency failed for Load Kernel Module drm.
[DEPEND] Dependency failed for Load Kernel Module configfs.
[DEPEND] Dependency failed for Load Kernel Module fuse.
[DEPEND] Dependency failed for Create System Files and Directories.
[DEPEND] Dependency failed for File System Check on Root Device.
[DEPEND] Dependency failed for Rule-based Manager for Device Events and Files.
[DEPEND] Dependency failed for Create List of Static Device Nodes.
[DEPEND] Dependency failed for Apply Kernel Variables.
[DEPEND] Dependency failed for Update is Completed.
[DEPEND] Dependency failed for Slice /system/serial-getty.
[DEPEND] Dependency failed for Generate network units from Kernel command line.
[DEPEND] Dependency failed for Sets the hostname and FQDN.
[DEPEND] Dependency failed for Journal Audit Socket.
[DEPEND] Dependency failed for Rebuild Dynamic Linker Cache.
[UNSUPP] Starting of Root Slice unsupported.
[DEPEND] Dependency failed for System Slice.
[DEPEND] Dependency failed for Emergency Shell.
[DEPEND] Dependency failed for Emergency Mode.
Chavira
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @omar_aberkan!
You say you enabled
CFG_WITH_SOFTWARE_PRNG=y
CFG_HWRNG_PTA=y
CFG_IMX_TRUSTED_ARM_CE=y
CFG_HWRNG_QUALITY=1024
This appears to only be OP-TEE OS changes. Did you make appropriate changes to the Linux Kernel config? Following the document, you need changes to BOTH, i.e. these need to be added to the Kernel .conf file:
CONFIG_DM_CRYPT=y
CONFIG_TRUSTED_KEYS=m
CONFIG_TRUSTED_KEYS_TEE=y
CONFIG_IMX_SEC_ENCLAVE=n
CONFIG_IMX_ELE_TRNG=n
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It even doesn't work with the latest styhead release. Systemd and/or other applications are not able to start. Many people have reported issues related to dm-crypt. But the support is very bad.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
