Marvell 3720 datasheet/manual

When I google to find the datasheet on the Marvell 3720, the top hit is:
which is rather humorous, but which links to: which stupidly, redirects to a generic embedded processors page, which does not include the 3700! I wander through the 3800, presumably a better version, but nowhere do I find a datasheet detailed enough to tell me useful things, like about this OTP system.

Is there a public datasheet?

At most what you can probably get is

Full datasheet can be obtained only on Marvell agreement and unfortunately we can’t provide it to non-CZ.NIC employees. This is sadly limitation of using pretty beefy procesor. There might be some slimmed down version of datasheet available from alternative sources but I am not aware of it.

1 Like

Thanks for the link. I figured that the datasheet was NDA only. Very annoying :frowning:
I am still looking for the details on the turris-mox-rwtm module. It seems that it can sign, but I’d like to know in what formats it is signing.

I did read the module source at build_dir/target-aarch64_cortex-a53_musl/linux-mvebu_cortexa53/linux-4.14.180/drivers/crypto/turris-mox-rwtm.c but it doesn’t tell me anything about what is coming out.

1 Like

You might be interested then in code here and

1 Like

The functional specification document for Armada 3720 is under NDA.

But on Mox we are running custom firmware on the Secure Processor (this firmware is derived from Marvell’s). You can find the sources in the mox-boot-builder repository, in directory wtmi. See file main.c, at the bottom the various commands are registered via call to mbox_register_cmd.

The turris-mox-rwtm kernel driver communicates via mailbox with this firmware.

1 Like

The only document publicly available is “Hardware Specifications” for 88F3710/88F3720

The “A” revision is still accessible from WaybackMachine
The rest is, like already mentioned, under NDA.

Ah, it was not obvious (since I have no datasheet…) that these were calls into a secure enclave (vs a hardware function), and that the code is available. Wunderbar! I see that it is doing ECDSA signatures, and I am sure that I can decode the result, and make it useable for signing stuff. I would guess that will be at least as fast as any other CPU code, so making this work as an openssl engine (well, they changed the nomenclature for 3.0) would mean that we could use the built-in private key for HTTPS.

Thanks for that spec sheet. Block diagrams are always interesting. I used to play a Verilog hacker on TV, back in 2000. Given the firmware image, I will look rather to the TrustZone documents that I have somewhere.

And also for ssh, via mox-pkcs11.