Failed to Load the REE Patch
Symptom
One or more of the following symptoms occur:
- The insmod tzdriver.ko command fails, and the message "Operation not permitted" is displayed.
- The teecd file fails to be loaded, and the teecd daemon exits unexpectedly.
Impact on the System
- Non-TrustZone system functions are not affected.
- All TrustZone functions fail to be enabled and CA/TA applications fail to be loaded.
Possible Causes
- The TEE option is not enabled in the TEE Config setting of the BIOS.
- The secure memory configuration in the TEE Config setting is improper. As a result, the TEE OS fails to be started.
- The tzdriver.ko kernel module version does not match the operating environment.
- The user-mode teecd daemon is started when tzdriver.ko is not loaded.
Procedure
- Check the iBMC logs and view the TEE OS startup log.
- Log in to the iBMC WebUI, choose , and view the TEE OS startup log in the latest server startup log.
- If no TEE OS startup log is found, the TEE function is disabled in the BIOS. Enable it by following instructions in Setting the BIOS.
- If the message "tee os load fail" is displayed, the TEE OS fails to be started. Go to 2.
- If the message "tee os load ok" is displayed, the TEE OS has been started properly. Go to 3.
- Log in to the iBMC WebUI, choose , and view the TEE OS startup log in the latest server startup log.
- Check the system serial port data.
- Log in to the iBMC WebUI, choose , and download 2 MB serial port data. Check the TEE OS startup log in the latest server startup log (for example, search for the keyword TEE OS).
- If the message "TEE OS Load FAIL" is displayed and the secure memory allocation failure log "AllocaTeeMem Fail" is recorded, the current secure memory configuration is improper. As a result, the secure memory allocation in the BIOS fails and the TEE OS fails to be started. Refer to Secure Memory Specifications to reconfigure the secure memory size.
- If the TEE OS fails to be started due to other reasons, collect serial port logs and contact Huawei technical support.
- If the message "TEE OS Load FAIL" is displayed and the secure memory allocation failure log "AllocaTeeMem Fail" is recorded, the current secure memory configuration is improper. As a result, the secure memory allocation in the BIOS fails and the TEE OS fails to be started. Refer to Secure Memory Specifications to reconfigure the secure memory size.
- Log in to the iBMC WebUI, choose , and download 2 MB serial port data. Check the TEE OS startup log in the latest server startup log (for example, search for the keyword TEE OS).
- Check whether the tzdriver version matches the kernel version.
- The message "Invalid module format" is displayed after you run the insmod tzdriver.ko command, and a message similar to "tzdriver: disagress about version of symbol module_layout" is displayed in the kernel log after you run the dmesg command.
Solution: Recompile the tzdriver kernel module based on the kernel source code of the current kernel version.
- If the tzdriver version matches the kernel version but the tzdriver fails to be loaded, collect dmesg logs and contact Huawei technical support.
- If the tzdriver is properly loaded, proceed to 4.
- The message "Invalid module format" is displayed after you run the insmod tzdriver.ko command, and a message similar to "tzdriver: disagress about version of symbol module_layout" is displayed in the kernel log after you run the dmesg command.
- Check whether all dependencies of teecd have been correctly deployed.
ll /usr/bin | grep -E "teecd|tlogcat"
Expected result:
ldconfig -p | grep -E "teec|boundscheck"
Expected result:
- If teecd or its dependencies are not correctly deployed, redeploy teecd and the dynamic libraries by following instructions in Loading the REE Driver.
- If they are correctly deployed, load teecd from the absolute path.
/usr/bin/teecd &
Check whether the teecd process exists.
- If yes, no further action is required.
- If no, collect journalctl logs related to teecd and contact Huawei technical support.
Parent topic: Troubleshooting Cases