Hi
I was trying to enable the RPMB on i.MX8MP, and I built OP-TEE with the following command
make O="./out" -j$(nproc) \
          CFG_STMM_PATH=../BL32_AP_MM.fd CFG_CORE_DYN_SHM=y \
          CFG_RPMB_FS=y CFG_RPMB_FS_DEV_ID=2 CFG_RPMB_WRITE_KEY=y CFG_REE_FS_ALLOW_RESET=y \
          CFG_CORE_HUK_SUBKEY_COMPAT_USE_OTP_DIE_ID=y CFG_UART_ENABLE=y \
          CFG_TEE_CORE_LOG_LEVEL=4 CFG_TEE_TA_LOG_LEVEL=4 CFG_DEBUG_INFO=y
However, looks like the RPMB is not working correctly, please see the error below
U-Boot 2024.04-ga1c2d65a (Dec 26 2024 - 16:28:41 +0800)
CPU:   i.MX8MP[8] rev1.1 1800 MHz (running at 1200 MHz)
CPU:   Commercial temperature grade (0C to 95C) at 41C
Reset cause: POR
Model: NXP i.MX8MPlus LPDDR4 EVK board
DRAM:  6 GiB
I/TC: Reserved shared memory is enabled
I/TC: Dynamic shared memory is enabled
I/TC: Normal World virtualization support is disabled
I/TC: Asynchronous notifications are disabled
D/TC:0 0 core_mmu_xlat_table_alloc:528 xlat tables used 4 / 8
D/TC:? 0 tee_ta_init_pseudo_ta_session:303 Lookup pseudo TA 7011a688-ddde-4053-a5a9-7b3c4ddf13b8
D/TC:? 0 tee_ta_init_pseudo_ta_session:315 Open device.pta
D/TC:? 0 tee_ta_init_pseudo_ta_session:330 device.pta : 7011a688-ddde-4053-a5a9-7b3c4ddf13b8
F/TC:? 0 plat_prng_add_jitter_entropy:68 0x3316
D/TC:? 0 tee_ta_close_session:460 csess 0x561c1680 id 1
D/TC:? 0 tee_ta_close_session:479 Destroy session
TCPC:  Vendor ID [0x1fc9], Product ID [0x5110], Addr [I2C2 0x50]
SNK.Power3.0 on CC1
PDO 0: type 0, 5000 mV, 3000 mA [E]
PDO 1: type 0, 9000 mV, 3000 mA []
PDO 2: type 0, 15000 mV, 3000 mA []
PDO 3: type 0, 20000 mV, 2250 mA []
Requesting PDO 3: 20000 mV, 2250 mA
Source accept request
PD source ready!
tcpc_pd_receive_message: Polling ALERT register, TCPC_ALERT_RX_STATUS bit failed, ret = -62
Power supply on USB2
TCPC:  Vendor ID [0x1fc9], Product ID [0x5110], Addr [I2C1 0x50]
Core:  287 devices, 37 uclasses, devicetree: separate
MMC:   FSL_SDHC: 1, FSL_SDHC: 2
Loading Environment from MMC... *** Warning - bad CRC, using default environment
[*]-Video Link 0adv7535_mipi2hdmi adv7535@3d: Can't find cec device id=0x3c
fail to probe panel device adv7535@3d
fail to get display timings
probe video device failed, ret -19
        [0] lcd-controller@32e80000, video
        [1] mipi_dsi@32e60000, video_bridge
        [2] adv7535@3d, panel
adv7535_mipi2hdmi adv7535@3d: Can't find cec device id=0x3c
fail to probe panel device adv7535@3d
fail to get display timings
probe video device failed, ret -19
In:    serial
Out:   serial
Err:   serial
SEC0:  RNG instantiated
switch to partitions #0, OK
mmc2(part 0) is current device
flash target is MMC:2
Net:   eth0: ethernet@30be0000, eth1: ethernet@30bf0000 [PRIME]
Fastboot: Normal
Normal Boot
Hit any key to stop autoboot:  0 
Working FDT set to 43000000
libfdt fdt_path_offset() returned FDT_ERR_NOTFOUND
libfdt fdt_path_offset() returned FDT_ERR_NOTFOUND
libfdt fdt_path_offset() returned FDT_ERR_NOTFOUND
libfdt fdt_path_offset() returned FDT_ERR_NOTFOUND
libfdt fdt_path_offset() returned FDT_ERR_NOTFOUND
starting USB...
Bus usb@38100000: Failed to initialize board for imx8m USB
probe failed, error -1
Bus usb@38200000: Register 2000140 NbrPorts 2
Starting the controller
USB XHCI 1.10
scanning bus usb@38200000 for devices... 1 USB Device(s) found
       scanning usb for storage devices... 0 Storage Device(s) found
Device 0: unknown device
MMC: no card present
switch to partitions #0, OK
mmc2(part 0) is current device
Scanning mmc 2:1...
64720 bytes read in 2 ms (30.9 MiB/s)
MMC: no card present
D/TC:? 0 load_stmm:297 stmm load address 0x80004000
D/TC:? 0 spm_handle_scall:859 Received FFA version
D/TC:? 0 spm_handle_scall:867 Received FFA direct request
D/TC:? 0 spm_handle_scall:867 Received FFA direct request
D/TC:? 0 spm_handle_scall:867 Received FFA direct request
D/TC:? 0 spm_handle_scall:867 Received FFA direct request
D/TC:? 0 spm_handle_scall:867 Received FFA direct request
D/TC:? 0 spm_handle_scall:867 Received FFA direct request
D/TC:? 0 spm_handle_scall:867 Received FFA direct request
D/TC:? 0 spm_handle_scall:867 Received FFA direct request
D/TC:? 0 spm_handle_scall:867 Received FFA direct request
D/TC:? 0 spm_handle_scall:867 Received FFA direct request
D/TC:? 0 spm_handle_scall:867 Received FFA direct request
D/TC:? 0 spm_handle_scall:867 Received FFA direct request
D/TC:? 0 spm_handle_scall:867 Received FFA direct request
D/TC:? 0 spm_handle_scall:867 Received FFA direct request
D/TC:? 0 spm_handle_scall:867 Received FFA direct request
D/TC:? 0 spm_handle_scall:867 Received FFA direct request
D/TC:? 0 spm_handle_scall:867 Received FFA direct request
D/TC:? 0 spm_handle_scall:867 Received FFA direct request
D/TC:? 0 spm_handle_scall:867 Received FFA direct request
D/TC:? 0 spm_handle_scall:867 Received FFA direct request
D/TC:? 0 spm_handle_scall:867 Received FFA direct request
D/TC:? 0 spm_handle_scall:867 Received FFA direct request
D/TC:? 0 spm_handle_scall:867 Received FFA direct request
D/TC:? 0 spm_handle_scall:867 Received FFA direct request
D/TC:? 0 spm_handle_scall:867 Received FFA direct request
D/TC:? 0 stmm_handle_storage_service:802 RPMB read
D/TC:? 0 legacy_rpmb_init:1142 Trying legacy RPMB init
D/TC:? 0 rpmb_set_dev_info:1111 RPMB: Syncing device information
D/TC:? 0 rpmb_set_dev_info:1113 RPMB: RPMB size is 32*128 KB
D/TC:? 0 rpmb_set_dev_info:1114 RPMB: Reliable Write Sector Count is 1
D/TC:? 0 rpmb_set_dev_info:1116 RPMB: CID
D/TC:? 0 rpmb_set_dev_info:1117 00000000561dca80  70 01 00 49 42 32 39 33  32 90 1e 16 cf e8 b7 00 
D/TC:? 0 legacy_rpmb_init:1162 RPMB INIT: Deriving key
I/TC: RPMB: Using generated key
D/TC:? 0 legacy_rpmb_init:1176 RPMB INIT: Verifying Key
D/TC:? 0 legacy_rpmb_init:1188 RPMB INIT: Auth key not yet written
D/TC:? 0 snvs_get_ssm_mode:158 HPSR: SSM ST Mode: 0xb
D/TC:? 0 tee_rpmb_write_and_verify_key:1085 RPMB INIT: platform indicates RPMB key is not ready
D/TC:? 0 spm_handle_scall:867 Received FFA direct request
D/TC:? 0 stmm_handle_storage_service:808 RPMB write
D/TC:? 0 legacy_rpmb_init:1142 Trying legacy RPMB init
D/TC:? 0 legacy_rpmb_init:1176 RPMB INIT: Verifying Key
F/TC:? 0 plat_prng_add_jitter_entropy:68 0x57
D/TC:? 0 legacy_rpmb_init:1188 RPMB INIT: Auth key not yet written
D/TC:? 0 snvs_get_ssm_mode:158 HPSR: SSM ST Mode: 0xb
D/TC:? 0 tee_rpmb_write_and_verify_key:1085 RPMB INIT: platform indicates RPMB key is not ready
D/TC:? 0 spm_handle_scall:867 Received FFA direct request
D/TC:? 0 stmm_handle_storage_service:802 RPMB read
D/TC:? 0 legacy_rpmb_init:1142 Trying legacy RPMB init
D/TC:? 0 legacy_rpmb_init:1176 RPMB INIT: Verifying Key
D/TC:? 0 legacy_rpmb_init:1188 RPMB INIT: Auth key not yet written
D/TC:? 0 snvs_get_ssm_mode:158 HPSR: SSM ST Mode: 0xb
D/TC:? 0 tee_rpmb_write_and_verify_key:1085 RPMB INIT: platform indicates RPMB key is not ready
D/TC:? 0 spm_handle_scall:867 Received FFA direct request
D/TC:? 0 stmm_handle_storage_service:808 RPMB write
D/TC:? 0 legacy_rpmb_init:1142 Trying legacy RPMB init
D/TC:? 0 legacy_rpmb_init:1176 RPMB INIT: Verifying Key
D/TC:? 0 legacy_rpmb_init:1188 RPMB INIT: Auth key not yet written
D/TC:? 0 snvs_get_ssm_mode:158 HPSR: SSM ST Mode: 0xb
D/TC:? 0 tee_rpmb_write_and_verify_key:1085 RPMB INIT: platform indicates RPMB key is not ready
D/TC:? 0 spm_handle_scall:867 Received FFA direct request
D/TC:? 0 stmm_handle_storage_service:802 RPMB read
D/TC:? 0 legacy_rpmb_init:1142 Trying legacy RPMB init
D/TC:? 0 legacy_rpmb_init:1176 RPMB INIT: Verifying Key
D/TC:? 0 legacy_rpmb_init:1188 RPMB INIT: Auth key not yet written
D/TC:? 0 snvs_get_ssm_mode:158 HPSR: SSM ST Mode: 0xb
D/TC:? 0 tee_rpmb_write_and_verify_key:1085 RPMB INIT: platform indicates RPMB key is not ready
D/TC:? 0 spm_handle_scall:867 Received FFA direct request
D/TC:? 0 stmm_handle_storage_service:808 RPMB write
D/TC:? 0 legacy_rpmb_init:1142 Trying legacy RPMB init
D/TC:? 0 legacy_rpmb_init:1176 RPMB INIT: Verifying Key
F/TC:? 0 plat_prng_add_jitter_entropy:68 0xC6
D/TC:? 0 legacy_rpmb_init:1188 RPMB INIT: Auth key not yet written
D/TC:? 0 snvs_get_ssm_mode:158 HPSR: SSM ST Mode: 0xb
D/TC:? 0 tee_rpmb_write_and_verify_key:1085 RPMB INIT: platform indicates RPMB key is not ready
D/TC:0 0 abort_handler:560 [abort] abort in User mode (TA will panic)
E/TC:? 0 
E/TC:? 0 User mode data-abort at address 0x0 (translation fault)
E/TC:? 0  esr 0x92000005  ttbr0 0x20000561d5000   ttbr1 0x00000000   cidr 0x0
E/TC:? 0  cpu #0          cpsr 0x60000000
E/TC:? 0  x0  0000000000000000 x1  0000000000000000
E/TC:? 0  x2  0000000000000000 x3  0000000080285000
E/TC:? 0  x4  000000008000b298 x5  000000008000b298
E/TC:? 0  x6  0000000000000000 x7  0000000000000000
E/TC:? 0  x8  00000000c4000067 x9  800000000000000f
E/TC:? 0  x10 00000000803fe000 x11 0000000000003fe0
E/TC:? 0  x12 0000000080411118 x13 00000000803fc058
E/TC:? 0  x14 0000000080411110 x15 0000000000000000
E/TC:? 0  x16 000000008000746c x17 0000000000000000
E/TC:? 0  x18 0000000000000000 x19 00000000803f2010
E/TC:? 0  x20 00000000803fc0d0 x21 00000000803fc048
E/TC:? 0  x22 00000000803fc000 x23 00000000803fc000
E/TC:? 0  x24 00000000803f1fd0 x25 0000000000000000
E/TC:? 0  x26 00000000803f7000 x27 0000000080411428
E/TC:? 0  x28 00000000803f7e58 x29 0000000080415b70
E/TC:? 0  x30 00000000803fa864 elr 00000000803fa6b0
E/TC:? 0  sp_el0 0000000080415b70
E/TC:? 0  region  0: va 0x0000000080000000 pa 0x0000000056002000 size 0x002000 flags ---R-X
E/TC:? 0  region  1: va 0x0000000080002000 pa 0x00000000561c2000 size 0x001000 flags ---RW-
E/TC:? 0  region  2: va 0x0000000080004000 pa 0x0000000056200000 size 0x001000 flags r-xR--
E/TC:? 0  region  3: va 0x0000000080005000 pa 0x0000000056201000 size 0x001000 flags rw----                                
E/TC:? 0  region  4: va 0x0000000080006000 pa 0x0000000056202000 size 0x005000 flags r-x---                                
E/TC:? 0  region  5: va 0x000000008000b000 pa 0x0000000056207000 size 0x001000 flags rw----                                
E/TC:? 0  region  6: va 0x000000008000c000 pa 0x0000000056208000 size 0x001000 flags r-x---                                
E/TC:? 0  region  7: va 0x000000008000d000 pa 0x0000000056209000 size 0x277000 flags r-xR--
E/TC:? 0  region  8: va 0x0000000080284000 pa 0x0000000056480000 size 0x174000 flags rw-RW-
E/TC:? 0  region  9: va 0x00000000803f8000 pa 0x00000000565f4000 size 0x004000 flags r-x---
E/TC:? 0  region 10: va 0x00000000803fc000 pa 0x00000000565f8000 size 0x00f000 flags rw-RW-
E/TC:? 0  region 11: va 0x000000008040b000 pa 0x0000000056607000 size 0x001000 flags r-x---
E/TC:? 0  region 12: va 0x000000008040c000 pa 0x0000000056608000 size 0x00e000 flags rw-RW-
E/TC:? 0  region 13: va 0x000000008041a000 pa 0x0000000056616000 size 0x004000 flags rw-RW-
D/TC:? 0 stmm_enter_user_mode:140 stmm panicked with code 0xdeadbeef
D/TC:? 0 tee_ta_open_session:696 init session failed 0xffff3024
Unable to open OP-TEE session (err=-5)
mm_communicate failed!
Error: Cannot initialize UEFI sub-system, r = 3
Found EFI removable media binary efi/boot/bootaa64.efi
989264 bytes read in 5 ms (188.7 MiB/s)
Error: Cannot initialize UEFI sub-system, r = 3
EFI LOAD FAILED: continuing...
Running BSP bootcmd ...
switch to partitions #0, OK
mmc2(part 0) is current device
Failed to load 'boot.scr'
Failed to load 'Image'
Booting from net ...
ethernet@30bf0000 Waiting for PHY auto negotiation to complete....... done
BOOTP broadcast 1
BOOTP broadcast 2
BOOTP broadcast 3
DHCP client bound to address 10.102.88.182 (1002 ms)
Using ethernet@30bf0000 device
TFTP from server 10.102.88.1; our IP address is 10.102.88.182
Filename 'Image'.
Load address: 0x40400000
Loading: *
Abort
BOOTP broadcast 1
DHCP client bound to address 10.102.88.182 (0 ms)
Using ethernet@30bf0000 device
TFTP from server 10.102.88.1; our IP address is 10.102.88.182
Filename 'imx8mp-evk.dtb'.
Load address: 0x43000000
Loading: *
Abort
WARN: Cannot load the DT
u-boot=> mmc rpmb counter
Authentication key not yet programmed 
AFAICT, looks like NXP implemented a mechanism to derive key from the hardware, is there any related document talking about this? Or is there any document for enabling RPMB on i.MX8MP EVK?
By checking the name of the config(CFG_CORE_HUK_SUBKEY_COMPAT_USE_OTP_DIE_ID), does it mean that I should write the key value to OTP fuse?
Thanks
Aristo
 Harvey021
		
			Harvey021
		
		
		
		
		
		
		
		
	
			
		
		
			
					
		Hi,
Hope that the security user guide - IMX_ANDROID_SEC_UG.pdf be helpful for you, and better check whether RPMB_EMU is removed in tee-supplicant. Can you share your BSP version?
Regards
Harvey
Hi Harvey
Thanks for providing the document! I am currently using the latest BSP(version 6.6.52-2.2.0).
I noticed that the document is for Android OS, so is it also suitable for other OS such as Yocto or Ubuntu? looks like there are something(such as AVB early TA in OPTEE-OS) specifically for Android OS
Thanks!
Aristo
 Harvey021
		
			Harvey021
		
		
		
		
		
		
		
		
	
			
		
		
			
					
		Hi @Harvey021
Thanks for providing other documents! However, I feel like it is not a safe way to access RPMB(Feel free to correct me if my understanding is incorrect), according to the eMMC_RPMB_Enhance_GP_and_user_protection.pdf that you shared, looks like user need to create a file(contain the RPMB key) somewhere in the rootfs, and use the file to validate/verify when read/write RPMB
And according to the i.MX Android Security User's Guide,
The RPMB key can be derived from CAAM/ELE. This is hardware bound and is unique per device. TEE derives this hardware bound key in every boot from CAAM/ELE, and as it is bound to the CAAM/ELE hardware, so it does not need to store one copy of this key. This way is preferred as it is simpler and more secure.
So is it possible to use simliar mechanism(if I understand correctly, the feature to derive RPMB key from CAAM/ELE is only for Android OS?) on other OS such as Yocto or Ubuntu?
Thanks!
Aristo
 Harvey021
		
			Harvey021
		
		
		
		
		
		
		
		
	
			
		
		
			
					
		Hi @AristoChen
This can be applied to both OS.
It seems missing CFG_RPMB_TESTKEY=n and CFG_REE_FS=n while compiling OPTEE.
Regards
Harvey
Hi @Harvey021
I found all the required configs for OPTEE in i.MX Linux User’s Guide
However, I noticed that CFG_NXP_CAAM is set to n, may I know why we need to disable it?
thanks!
 Harvey021
		
			Harvey021
		
		
		
		
		
		
		
		
	
			
		
		
			
					
		Hi @Harvey021
I understand that usually CAAM drivers are enabled in Linux. However, if OPTEE does not need CAAM, then why CFG_NXP_CAAM is set to y by default? And could you please tell me what is the impact of setting CFG_NXP_CAAM and CFG_IMX_SNVS to n? is there any document about these 2 configs?
Thanks!
Aristo
Hi @Harvey021
I also noticed that CFG_IMX_SNVS is set to n. AFAIK, SNVS is Secure Non-Volatile Storage
AFAICT, looks like setting both CFG_IMX_SNVS and CFG_NXP_CAAM to y will not affect RPMB read/write, so why should we disable them?
thanks
Aristo
 Harvey021
		
			Harvey021
		
		
		
		
		
		
		
		
	
			
		
		
			
					
		If CAAM is enabled, HW unique key will be derived from CAAM which in turn will be used in derivation of RPMB key.
Regards
Harvey
