0xffff0007 = TEEC_ERROR_BAD_STATE when RPMB is enabled in OPTEE

[Muhammadhassan1234]

I am Working on Optee in imx8mm device and xtests and other applications were working fine. However, then I enabled the following flags in Optee-os

EXTRA_OEMAKE:append = " \

    CFG_RPMB_FS=y \

    CFG_RPMB_WRITE_KEY=y \

    CFG_RPMB_FS_DEV_ID=0 \

    CFG_RPMB_TESTKEY=y \

    CFG_REE_FS=y \

"

and added theRPMB_EMU=0 in tee-supplicant/Makefile in optee-client but after doing these changes, all my tests are failing

* regression_1004 Test User Crypt TA
/usr/src/debug/optee-test/3.19.0.imx-r0/git/host/xtest/regression_1000.c:459: xtest_teec_open_session( &session, &crypt_user_ta_uuid, ((void *)0), &ret_orig) has an unexpected value: 0xffff0007 = TEEC_ERROR_BAD_STATE, expected 0x0 = TEEC_SUCCESS
  regression_1004 FAILED

* regression_1005 Many sessions
/usr/src/debug/optee-test/3.19.0.imx-r0/git/host/xtest/regression_1000.c:551: xtest_teec_open_session(&sessions[i], &concurrent_ta_uuid, ((void *)0), &ret_orig) has an unexpected value: 0xffff0007 = TEEC_ERROR_BAD_STATE, expected 0x0 = TEEC_SUCCESS
  regression_1005 FAILED

* regression_1006 Test Basic OS features
/usr/src/debug/optee-test/3.19.0.imx-r0/git/host/xtest/regression_1000.c:570: xtest_teec_open_session(&session, &os_test_ta_uuid, ((void *)0), &ret_orig) has an unexpected value: 0xffff0007 = TEEC_ERROR_BAD_STATE, expected 0x0 = TEEC_SUCCESS
  regression_1006 FAILED

* regression_1007 Test Panic
/usr/src/debug/optee-test/3.19.0.imx-r0/git/host/xtest/regression_1000.c:594: xtest_teec_open_session(&session, &os_test_ta_uuid, ((void *)0), &ret_orig) has an unexpected value: 0xffff0007 = TEEC_ERROR_BAD_STATE, expected 0x0 = TEEC_SUCCESS
  regression_1007 FAILED

* regression_1008 TEE internal client API
o regression_1008.1 Invoke command
/usr/src/debug/optee-test/3.19.0.imx-r0/git/host/xtest/regression_1000.c:738: xtest_teec_open_session(&session, &os_test_ta_uuid, ((void *)0), &ret_orig) has an unexpected value: 0xffff0007 = TEEC_ERROR_BAD_STATE, expected 0x0 = TEEC_SUCCESS
  regression_1008.1 FAILED
o regression_1008.2 Invoke command with timeout
/usr/src/debug/optee-test/3.19.0.imx-r0/git/host/xtest/regression_1000.c:759: xtest_teec_open_session(&session, &os_test_ta_uuid, ((void *)0), &ret_orig) has an unexpected value: 0xffff0007 = TEEC_ERROR_BAD_STATE, expected 0x0 = TEEC_SUCCESS
  regression_1008.2 FAILED
o regression_1008.3 Create session fail
n = 0

Note: I am using optee_os_3.19 version right now. I have not touched the emmc rpmb before. I even removed the CFG_REE_FS=y flag but it still gave the same results

[sahilnxp]

Hi @Muhammadhassan1234

I did enable the RPMB on i.MX8ULP, by following steps:

So Steps to enable the RPMB storage in OP-TEE is:

First make a OP-TEE OS image with:

CFG_RPMB_FS = y CFG_REE_FS = n CFG_RPMB_WRITE_KEY = y

Compile OP-TEE client with: RPMB_EMU = 0

Boot the board with compiled images. Then run xtest on board, this will provision the eMMC key.

Since eMMC key provision is a onetime process, disable CFG_RPMB_WRITE_KEY for subsequent OP-TEE os builds and keep CFG_RPMB_FS = y & CFG_REE_FS = n.

This will enable the RPMB support on OP-TEE.

[Muhammadhassan1234]

I have already tried this but it didn't work. Tee supplicant is not provisioning the key even after running xtest.

I tried to manually read mmc first block after running xtest but got the error shown in figure, This error indicates that key is not fused yet.

[Muhammadhassan1234]

I dry run the optee code (I can't see optee logs due to some reason ) and I found out the error was coming from here. I just wanna ask that I just want to fuse the testkey, what it has to do with HW Unique key and which flags I need further to write the test key on rpmb. Should I need to Fuse OTP necessarily?

There is another weak function for plat_rpmb_key_is_ready which simply returns true everytime. What are the drawbacks of using that function?

[Muhammadhassan1234]

The issue is resolved by removing the plat_rpmb_key_is_ready check as my Hardware was not closed and it was checking whether hardware is closed or not.