This series implements FEAT_RNG_TRAP in QEMU's AArch64 emulation and enables it on the cortex-max CPU.
FEAT_RNG_TRAP lets EL3 firmware trap MRS reads of RNDR and RNDRRS by setting SCR_EL3.TRNDR=1. When that bit is set, every read is delivered to EL3 as sysreg trap, from any EL (including EL3). SCR_TRNDR and ID_AA64PFR1_EL1.RNDR_TRAP are already defined, but had no readers and no CPU advertising the feature. With these two patches, EL3 firmware that detects FEAT_RNG_TRAP via ID_AA64PFR1_EL1 and sets SCR_EL3.TRNDR receives the architected trap. Patch 1 adds the implementation: an .accessfn on the RNDR/RNDRRS ARMCPRegInfo entries that returns CP_ACCESS_TRAP_EL3 whenever SCR_EL3.TRNDR is set, plus a one-line addition to scr_write()'s valid_mask to keep the bit writable when the CPU advertises the feature. It is a no-op on its own because no CPU model yet advertises FEAT_RNG_TRAP. Patch 2 enables FEAT_RNG_TRAP on cortex-max by setting ID_AA64PFR1_EL1.RNDR_trap=1. Jason Wright (2): target/arm: implement FEAT_RNG_TRAP for RNDR/RNDRRS target/arm: advertise FEAT_RNG_TRAP on cortex-max target/arm/cpu-features.h | 5 +++++ target/arm/helper.c | 16 ++++++++++++++-- target/arm/tcg/cpu64.c | 1 + 3 files changed, 20 insertions(+), 2 deletions(-) -- 2.50.1 (Apple Git-155)
