[openwrt/openwrt] arm-trusted-firmware-mvebu: switch to CZ.NIC's Secure Firmware

Sun Jul 25 04:59:04 PDT 2021

hauke pushed a commit to openwrt/openwrt.git, branch master:
https://git.openwrt.org/896d49d10aab219b905ae844490954d51090ee2d

commit 896d49d10aab219b905ae844490954d51090ee2d
Author: Andre Heider <a.heider at gmail.com>
AuthorDate: Tue Jun 8 05:42:51 2021 +0200

    arm-trusted-firmware-mvebu: switch to CZ.NIC's Secure Firmware
    
    CZ.NIC as part of Turris project released free and open source WTMI
    application firmware wtmi_app.bin for all Armada 3720 devices.
    
    This firmware includes additional features like access to Hardware
    Random Number Generator of Armada 3720 SoC which original Marvell's
    fuse.bin image does not have.
    
    Add a patch which allows to pass the commit id, so the firmware is able
    to identify itself, see a04bffeb.
    Add a patch to disable linking with gold, since the ARM toolchain
    doesn't ship gold.
    Cherry-pick the 3 post-release fixes.
    
    Signed-off-by: Andre Heider <a.heider at gmail.com>
---
 package/boot/arm-trusted-firmware-mvebu/Makefile   | 24 ++++++++
 .../patches-mox-boot-builder/001-version.patch     | 12 ++++
 .../patches-mox-boot-builder/002-no-gold.patch     | 13 +++++
 ...art-fix-UART-baudrate-divisor-calculation.patch | 66 ++++++++++++++++++++++
 ...3700-change-pwm-clock-for-600-600-and-120.patch | 48 ++++++++++++++++
 .../102-avs-Validate-VDD-value-from-OTP.patch      | 52 +++++++++++++++++
 6 files changed, 215 insertions(+)

diff --git a/package/boot/arm-trusted-firmware-mvebu/Makefile b/package/boot/arm-trusted-firmware-mvebu/Makefile
index 9082fc63ad..2369a1930a 100644
--- a/package/boot/arm-trusted-firmware-mvebu/Makefile
+++ b/package/boot/arm-trusted-firmware-mvebu/Makefile
@@ -111,6 +111,7 @@ TFA_MAKE_FLAGS += \
 		BL33=$(STAGING_DIR_IMAGE)/$(UBOOT)-u-boot.bin \
 		MV_DDR_PATH=$(STAGING_DIR_IMAGE)/$(MV_DDR_NAME) \
 		WTP=$(STAGING_DIR_IMAGE)/$(A3700_UTILS_NAME) \
+		WTMI_IMG=$(STAGING_DIR_IMAGE)/$(MOX_BB_NAME)-$(MOX_BB_RELEASE)/wtmi_app.bin \
 		USE_COHERENT_MEM=0 \
 		FIP_ALIGN=0x100 \
 		DDR_TOPOLOGY=$(DDR_TOPOLOGY) \
@@ -147,6 +148,16 @@ define Download/mv-ddr-marvell
   SUBDIR:=$(MV_DDR_NAME)
 endef
 
+MOX_BB_NAME:=mox-boot-builder
+MOX_BB_RELEASE:=v2021.04.09
+MOX_BB_SOURCE:=$(MOX_BB_NAME)-$(MOX_BB_RELEASE).tar.bz2
+
+define Download/mox-boot-builder
+  FILE:=$(MOX_BB_SOURCE)
+  URL:=https://gitlab.nic.cz/turris/mox-boot-builder/-/archive/$(MOX_BB_RELEASE)
+  HASH:=f0ed4fa25006e36a07d4256f633e3f25d6f8898dbe2e081e578251a182885520
+endef
+
 CM3_GCC_NAME:=gcc-arm
 CM3_GCC_RELEASE:=10.2-2020.11
 CM3_GCC_VERSION:=$(HOST_ARCH)-arm-none-eabi
@@ -162,6 +173,7 @@ define Build/Clean
 	rm -rf \
 		$(STAGING_DIR_IMAGE)/$(A3700_UTILS_NAME) \
 		$(STAGING_DIR_IMAGE)/$(MV_DDR_NAME) \
+		$(STAGING_DIR_IMAGE)/$(MOX_BB_NAME)-$(MOX_BB_RELEASE) \
 		$(STAGING_DIR_IMAGE)/$(CM3_GCC_NAME)-$(CM3_GCC_RELEASE)-$(CM3_GCC_VERSION)
 endef
 
@@ -169,6 +181,7 @@ define Build/Prepare
 	# Download sources
 	$(eval $(call Download,a3700-utils))
 	$(eval $(call Download,mv-ddr-marvell))
+	$(eval $(call Download,mox-boot-builder))
 	$(eval $(call Download,cm3-gcc))
 
 	$(call Build/Prepare/Default,)
@@ -180,7 +193,18 @@ define Build/Prepare
 	$(TAR) -C $(STAGING_DIR_IMAGE) -xf $(DL_DIR)/$(MV_DDR_SOURCE)
 	echo "master" > $(STAGING_DIR_IMAGE)/$(MV_DDR_NAME)/branch.txt
 	$(call PatchDir/Default,$(STAGING_DIR_IMAGE)/$(MV_DDR_NAME),./patches-mv-ddr-marvell)
+	$(TAR) -C $(STAGING_DIR_IMAGE) -xf $(DL_DIR)/$(MOX_BB_SOURCE)
+	$(call PatchDir/Default,$(STAGING_DIR_IMAGE)/$(MOX_BB_NAME)-$(MOX_BB_RELEASE),./patches-mox-boot-builder)
 	$(TAR) -C $(STAGING_DIR_IMAGE) -xf $(DL_DIR)/$(CM3_GCC_SOURCE)
 endef
 
+define Build/Compile
+	+$(MAKE) \
+		CROSS_CM3=$(STAGING_DIR_IMAGE)/$(CM3_GCC_NAME)-$(CM3_GCC_RELEASE)-$(CM3_GCC_VERSION)/bin/arm-none-eabi- \
+		WTMI_VERSION=$(MOX_BB_RELEASE) \
+		-C $(STAGING_DIR_IMAGE)/$(MOX_BB_NAME)-$(MOX_BB_RELEASE) \
+		wtmi_app.bin
+	$(call Build/Compile/Default)
+endef
+
 $(eval $(call BuildPackage/Trusted-Firmware-A))
diff --git a/package/boot/arm-trusted-firmware-mvebu/patches-mox-boot-builder/001-version.patch b/package/boot/arm-trusted-firmware-mvebu/patches-mox-boot-builder/001-version.patch
new file mode 100644
index 0000000000..eb6941d2ae
--- /dev/null
+++ b/package/boot/arm-trusted-firmware-mvebu/patches-mox-boot-builder/001-version.patch
@@ -0,0 +1,12 @@
+diff --git a/wtmi/Makefile b/wtmi/Makefile
+index 75754dc..3602ec3 100644
+--- a/wtmi/Makefile
++++ b/wtmi/Makefile
+@@ -41,7 +41,6 @@ else
+ 	LTO_FLAGS =
+ endif
+ 
+-override WTMI_VERSION = $(shell git describe --always --dirty --tags)
+ ifndef WTMI_VERSION
+ $(error Repository is without git tags, please do a full git clone again)
+ endif
diff --git a/package/boot/arm-trusted-firmware-mvebu/patches-mox-boot-builder/002-no-gold.patch b/package/boot/arm-trusted-firmware-mvebu/patches-mox-boot-builder/002-no-gold.patch
new file mode 100644
index 0000000000..943a6e2f4d
--- /dev/null
+++ b/package/boot/arm-trusted-firmware-mvebu/patches-mox-boot-builder/002-no-gold.patch
@@ -0,0 +1,13 @@
+diff --git a/wtmi/Makefile b/wtmi/Makefile
+index 75754dc..0c6238f 100644
+--- a/wtmi/Makefile
++++ b/wtmi/Makefile
+@@ -36,7 +36,7 @@ LDSCRIPT = wtmi.ld
+ INCLUDE  = -I.
+ 
+ ifeq ($(LTO), 1)
+-	LTO_FLAGS = -flto -flto-partition=none -Wl,-fuse-ld=gold
++	LTO_FLAGS = -flto -flto-partition=none
+ else
+ 	LTO_FLAGS =
+ endif
diff --git a/package/boot/arm-trusted-firmware-mvebu/patches-mox-boot-builder/100-wtmi-uart-fix-UART-baudrate-divisor-calculation.patch b/package/boot/arm-trusted-firmware-mvebu/patches-mox-boot-builder/100-wtmi-uart-fix-UART-baudrate-divisor-calculation.patch
new file mode 100644
index 0000000000..4bd66f9107
--- /dev/null
+++ b/package/boot/arm-trusted-firmware-mvebu/patches-mox-boot-builder/100-wtmi-uart-fix-UART-baudrate-divisor-calculation.patch
@@ -0,0 +1,66 @@
+From fb5e436843614f93b30aec0a2a00e5e59a133aab Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Marek=20Beh=C3=BAn?= <marek.behun at nic.cz>
+Date: Sat, 15 May 2021 17:44:24 +0200
+Subject: [PATCH] wtmi: uart: fix UART baudrate divisor calculation
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The UART code uses the xtal clock as parent for UART baudrate
+generation, but it assumes that xtal runs at 25 MHz, which isn't
+necessarily the case for all A3720 boards.
+
+Use get_ref_clk() to determine xtal clock rate.
+
+Use rounding division to compute the divisor value.
+
+Signed-off-by: Marek Behún <marek.behun at nic.cz>
+Suggested-by: Pali Rohár <pali at kernel.org>
+---
+ wtmi/types.h | 5 +++++
+ wtmi/uart.c  | 7 ++++---
+ 2 files changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/wtmi/types.h b/wtmi/types.h
+index 7a6c6c6..ea873fc 100644
+--- a/wtmi/types.h
++++ b/wtmi/types.h
+@@ -47,4 +47,9 @@ typedef u32			size_t;
+ 
+ #define maybe_unused __attribute__((unused))
+ 
++static inline u32 div_round_closest_u32(u32 x, u32 d)
++{
++	return (x + d / 2) / d;
++}
++
+ #endif /* __TYPES_H */
+diff --git a/wtmi/uart.c b/wtmi/uart.c
+index d40633d..75864b5 100644
+--- a/wtmi/uart.c
++++ b/wtmi/uart.c
+@@ -40,8 +40,6 @@
+ #include "stdio.h"
+ #include "debug.h"
+ 
+-#define UART_CLOCK_FREQ		25804800
+-
+ const struct uart_info uart1_info = {
+ 	.rx	= 0xc0012000,
+ 	.tx	= 0xc0012004,
+@@ -76,8 +74,11 @@ void uart_set_stdio(const struct uart_info *info)
+ 
+ void uart_reset(const struct uart_info *info, unsigned int baudrate)
+ {
++	u32 parent_rate = get_ref_clk() * 1000000;
++
+ 	/* set baudrate */
+-	writel((UART_CLOCK_FREQ / baudrate / 16), info->baud);
++	writel(div_round_closest_u32(parent_rate, baudrate * 16), info->baud);
++
+ 	/* set Programmable Oversampling Stack to 0, UART defaults to 16X scheme */
+ 	writel(0, info->possr);
+ 
+-- 
+2.30.2
+
diff --git a/package/boot/arm-trusted-firmware-mvebu/patches-mox-boot-builder/101-fix-clock-a3700-change-pwm-clock-for-600-600-and-120.patch b/package/boot/arm-trusted-firmware-mvebu/patches-mox-boot-builder/101-fix-clock-a3700-change-pwm-clock-for-600-600-and-120.patch
new file mode 100644
index 0000000000..6d74a053e2
--- /dev/null
+++ b/package/boot/arm-trusted-firmware-mvebu/patches-mox-boot-builder/101-fix-clock-a3700-change-pwm-clock-for-600-600-and-120.patch
@@ -0,0 +1,48 @@
+From 3f33626ac7037bd62df9391e899f50e076e58cf7 Mon Sep 17 00:00:00 2001
+From: zachary <zhangzg at marvell.com>
+Date: Wed, 25 Oct 2017 15:50:29 +0800
+Subject: [PATCH] fix: clock: a3700: change pwm clock for 600/600 and 1200/750
+ preset
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This patch is to change pwm clock from 100MHz to 50MHz for 600/600 and
+1200/750 preset to align with other presets.
+
+Change-Id: I067e189043be8c776bd3e7015a06f8ddf2590b96
+Signed-off-by: zachary <zhangzg at marvell.com>
+Reviewed-on: http://vgitil04.il.marvell.com:8080/45513
+Tested-by: iSoC Platform CI <ykjenk at marvell.com>
+Reviewed-by: Kostya Porotchkin <kostap at marvell.com>
+Reviewed-by: Hua Jing <jinghua at marvell.com>
+Signed-off-by: Marek Behún <marek.behun at nic.cz>
+---
+ wtmi/clock.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/wtmi/clock.c b/wtmi/clock.c
+index 97c2825..1a1f0c6 100644
+--- a/wtmi/clock.c
++++ b/wtmi/clock.c
+@@ -447,7 +447,7 @@ static struct clock_cfg clk_cfg_all[] = {\
+ 		/* NorthBridge */\
+ 		{{TBG_A_S, TBG_B_S, TBG_B_S, TBG_B_S, TBG_A_P, TBG_A_P, TBG_A_P,\
+ 		  TBG_B_S, TBG_B_S, TBG_A_P, TBG_B_S, TBG_A_P, TBG_B_S},\
+-		 {2, 5, 2, 4, 1, 2, 6, 2},		/* DIV0 */\
++		 {4, 5, 2, 4, 1, 2, 6, 2},		/* DIV0 */\
+ 		 {1, 5, 2, 5, 2, 3, 2, 2, 3},		/* DIV1 */\
+ 		 {4, 1, 5, 1, 3, 1, 2, 0, 0, 1} },	/* DIV2 */\
+ 		/* SouthBridge */\
+@@ -495,7 +495,7 @@ static struct clock_cfg clk_cfg_all[] = {\
+ 		/* NorthBridge */\
+ 		{{TBG_B_S, TBG_B_S, TBG_B_S, TBG_B_S, TBG_B_S, TBG_B_S, TBG_B_S,\
+ 		  TBG_B_S, TBG_A_S, TBG_B_S, TBG_A_P, TBG_B_S, TBG_A_S},\
+-		{3, 4, 3, 4, 1, 1, 5, 1},		/* DIV0 */\
++		{6, 4, 3, 4, 1, 1, 5, 1},		/* DIV0 */\
+ 		{1, 6, 3, 4, 1, 6, 1, 1, 6},		/* DIV1 */\
+ 		{4, 1, 6, 1, 3, 1, 3, 0, 0, 1} },	/* DIV2 */\
+ 		/* SouthBridge */\
+-- 
+2.30.2
+
diff --git a/package/boot/arm-trusted-firmware-mvebu/patches-mox-boot-builder/102-avs-Validate-VDD-value-from-OTP.patch b/package/boot/arm-trusted-firmware-mvebu/patches-mox-boot-builder/102-avs-Validate-VDD-value-from-OTP.patch
new file mode 100644
index 0000000000..d44eb21181
--- /dev/null
+++ b/package/boot/arm-trusted-firmware-mvebu/patches-mox-boot-builder/102-avs-Validate-VDD-value-from-OTP.patch
@@ -0,0 +1,52 @@
+From 15ff10623c83ee2e626d93d16e022b115dcb608f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Pali=20Roh=C3=A1r?= <pali at kernel.org>
+Date: Sat, 10 Apr 2021 16:56:12 +0200
+Subject: [PATCH] avs: Validate VDD value from OTP
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+CPU VDD voltage value for 1.2 GHz frequency on some Espressobin boards is
+not set and raw value 0x00 is returned. In this case init_avs() function
+calculated CPU VDD voltage value to 0x00 + AVS_VDD_BASE = 0.898 V, which is
+too low for any operation and Espressobin board immediately crashed
+init_avs() function set this low value.
+
+This patch fixes above issue by validating returned VDD value from OTP and
+using default VDD value when invalid value is in OTP. With this patch
+init_avs() function does cause CPU crash anymore.
+
+Signed-off-by: Pali Rohár <pali at kernel.org>
+Signed-off-by: Marek Behún <marek.behun at nic.cz>
+---
+ wtmi/avs.c | 14 ++++++++++----
+ 1 file changed, 10 insertions(+), 4 deletions(-)
+
+diff --git a/wtmi/avs.c b/wtmi/avs.c
+index 36ca9fa..4624359 100644
+--- a/wtmi/avs.c
++++ b/wtmi/avs.c
+@@ -140,10 +140,16 @@ int init_avs(u32 speed)
+ 	}
+ 
+ 	if (svc_rev >= SVC_REVISION_2) {
+-		vdd_otp = ((otp_data[OTP_DATA_SVC_SPEED_ID] >> shift) +
+-			   AVS_VDD_BASE) & AVS_VDD_MASK;
+-		regval |= (vdd_otp << HIGH_VDD_LIMIT_OFF);
+-		regval |= (vdd_otp << LOW_VDD_LIMIT_OFF);
++		vdd_otp = (otp_data[OTP_DATA_SVC_SPEED_ID] >> shift) &
++			  AVS_VDD_MASK;
++		if (!vdd_otp || vdd_otp + AVS_VDD_BASE > AVS_VDD_MASK) {
++			regval |= (vdd_default << HIGH_VDD_LIMIT_OFF);
++			regval |= (vdd_default << LOW_VDD_LIMIT_OFF);
++		} else {
++			vdd_otp += AVS_VDD_BASE;
++			regval |= (vdd_otp << HIGH_VDD_LIMIT_OFF);
++			regval |= (vdd_otp << LOW_VDD_LIMIT_OFF);
++		}
+ 	} else {
+ 		regval |= (vdd_default << HIGH_VDD_LIMIT_OFF);
+ 		regval |= (vdd_default << LOW_VDD_LIMIT_OFF);
+-- 
+2.30.2
+

