On Fri, 12 Mar 2021 15:48:14 +0100 Andrew Lunn andrew@lunn.ch wrote:
On Fri, Mar 12, 2021 at 10:10:27AM +0100, Marek Behún wrote:
On Fri, 12 Mar 2021 09:58:34 +0100 Gregory CLEMENT gregory.clement@bootlin.com wrote:
Hello Marek,
From: Pali Rohár pali@kernel.org
Move the turris-mox-rwtm firmware node from Turris MOX' device tree into the generic armada-37xx.dtsi file.
I disagree with this patch. This firmware is specific to Turris MOX so it is not something that should be exposed to all the Armada 3700 based boards.
If you want you still can create an dtsi for this and include it when needed.
Gregory
Gregory, we are planning to send pull-request for TF-A documentation, adding information that people can compile the firmware with CZ.NIC's firmware.
Since this firmware exposes HW random number generator, it is possible that people will start using it for espressobin.
In that case this won't be specific for Turris MOX anymore.
Part of the problem is that it looks specific to the Turris MOX.
But please help me understand the big picture first. How is the firmware distributed? Is the binary part of linux-firmware? How does it get loaded? Does the firmware contain anything which is specific to the Turris MOX? Could the hardware number generator part be split out into a more generic sounding name blob?
Andrew
Hello Andrew,
The WTMI firmware is loaded before kernel. This firmware is loaded by BootROM, and it is this firmware that does DDR training before loading TF-A + U-Boot.
For example for ESPRESSObin you have several repositories you need to create a final flash-image.bin containing this WTMI firmware + TF-A + U-Boot. These repositories are: trusted-firmware-a (contains documentation how to build all this) A3700-utils-marvell u-boot mv-ddr-marvell From these sources you are able to create a final flash-image.bin that you can flash onto the SPI-NOR (or eMMC or other devices which A3720 can boot from).
The A3700-utils-marvell repository contains the code of the WTMI firmware.
On Turris MOX this is a little bit different, because - we have implemented the WTMI firmware differently (more mailbox commands, HW crypto, ...) - it supports retrieving MOX board information (MAC addresses, serial number) stored in eFuses (this information is stored in a specific way that in only true for MOX) - the firmware binary must be signed by our private key in order to boot on MOX.
This is because the secure firmware has access to an ECDSA engine with a private key storage in eFuses (each MOX has its own private key generated and stored into the eFuses when manufactured) In order to disallow hackers to somehow extract the private key, the firmware must be signed so that they cannot load arbitrary firmware into the secure processor.
BUT - since this firmware is able to provide HWRNG, we wanted to make it available for other Armada 3720 boards - we updated the code so that users can build it for non-MOX devices - it does not have to be signed for other devices - it does not contain MOX specific stuff for non-MOX devices
So currently when users build the flash-image.bin binary containing WTMI firmware, they are using code from A3700-utils-marvell. This code is split into 2 parts: - sys_init - does HW and DDR initialization and execution of an "app" - efuse - default "app" which is loaded by sys_init The way it is written is that user can select a different "app" when building, and we have updated Turris MOX firmware code to be loadable as this "app" for sys_init. (And we have renamed it from "Turris MOX secure firmware" to "CZ.NIC's Armada 3720 secure firmware").
Could the hardware number generator part be split out into a more generic sounding name blob?
It basically is. As I have written above, when users build the flash-image.bin with CZ.NIC's firmware, the prompt does not say anything about Turris MOX. Instead it says something like CZ.NIC's Armada 3720 Secure Firmware version build date Running on ESPRESSObin and currently provides only the random number generator command.
So theoretically the turris-mox-rwtm driver can be renamed into something else and we can add a different compatible in order not to sound so turris-mox specific.
Marek