xref: /rk3399_ARM-atf/docs/security_advisories/security-advisory-tfv-2.rst (revision ced1711297347f24fee45e75e73c7767507a0982) 
1*267f8085SPaul BeesleyAdvisory TFV-2 (CVE-2017-7564)
2*267f8085SPaul Beesley==============================
3*267f8085SPaul Beesley
44fe91230SJoel Hutton+----------------+-------------------------------------------------------------+
54fe91230SJoel Hutton| Title          | Enabled secure self-hosted invasive debug interface can     |
64fe91230SJoel Hutton|                | allow normal world to panic secure world                    |
74fe91230SJoel Hutton+================+=============================================================+
812fc6ba7SPaul Beesley| CVE ID         | `CVE-2017-7564`_                                            |
94fe91230SJoel Hutton+----------------+-------------------------------------------------------------+
104fe91230SJoel Hutton| Date           | 02 Feb 2017                                                 |
114fe91230SJoel Hutton+----------------+-------------------------------------------------------------+
124fe91230SJoel Hutton| Versions       | All versions up to v1.3                                     |
134fe91230SJoel Hutton| Affected       |                                                             |
144fe91230SJoel Hutton+----------------+-------------------------------------------------------------+
154fe91230SJoel Hutton| Configurations | All                                                         |
164fe91230SJoel Hutton| Affected       |                                                             |
174fe91230SJoel Hutton+----------------+-------------------------------------------------------------+
184fe91230SJoel Hutton| Impact         | Denial of Service (secure world panic)                      |
194fe91230SJoel Hutton+----------------+-------------------------------------------------------------+
204fe91230SJoel Hutton| Fix Version    | 15 Feb 2017 `Pull Request #841`_                            |
214fe91230SJoel Hutton+----------------+-------------------------------------------------------------+
224fe91230SJoel Hutton| Credit         | ARM                                                         |
234fe91230SJoel Hutton+----------------+-------------------------------------------------------------+
244fe91230SJoel Hutton
254fe91230SJoel HuttonThe ``MDCR_EL3.SDD`` bit controls AArch64 secure self-hosted invasive debug
264fe91230SJoel Huttonenablement. By default, the BL1 and BL31 images of the current version of ARM
274fe91230SJoel HuttonTrusted Firmware (TF) unconditionally assign this bit to ``0`` in the early
284fe91230SJoel Huttonentrypoint code, which enables debug exceptions from the secure world. This can
294fe91230SJoel Huttonbe seen in the implementation of the ``el3_arch_init_common`` `AArch64 macro`_ .
304fe91230SJoel HuttonGiven that TF does not currently contain support for this feature (for example,
314fe91230SJoel Huttonby saving and restoring the appropriate debug registers), this may allow a
324fe91230SJoel Huttonnormal world attacker to induce a panic in the secure world.
334fe91230SJoel Hutton
344fe91230SJoel HuttonThe ``MDCR_EL3.SDD`` bit should be assigned to ``1`` to disable debug exceptions
354fe91230SJoel Huttonfrom the secure world.
364fe91230SJoel Hutton
374fe91230SJoel HuttonEarlier versions of TF (prior to `commit 495f3d3`_) did not assign this bit.
384fe91230SJoel HuttonSince the bit has an architecturally ``UNKNOWN`` reset value, earlier versions
394fe91230SJoel Huttonmay or may not have the same problem, depending on the platform.
404fe91230SJoel Hutton
414fe91230SJoel HuttonA similar issue applies to the ``MDCR_EL3.SPD32`` bits, which control AArch32
424fe91230SJoel Huttonsecure self-hosted invasive debug enablement. TF assigns these bits to ``00``
434fe91230SJoel Huttonmeaning that debug exceptions from Secure EL1 are enabled by the authentication
444fe91230SJoel Huttoninterface. Therefore this issue only exists for AArch32 Secure EL1 code when
454fe91230SJoel Huttonsecure privileged invasive debug is enabled by the authentication interface, at
464fe91230SJoel Huttonwhich point the device is vulnerable to other, more serious attacks anyway.
474fe91230SJoel Hutton
484fe91230SJoel HuttonHowever, given that TF contains no support for handling debug exceptions, the
494fe91230SJoel Hutton``MDCR_EL3.SPD32`` bits should be assigned to ``10`` to disable debug exceptions
504fe91230SJoel Huttonfrom AArch32 Secure EL1.
514fe91230SJoel Hutton
524fe91230SJoel HuttonFinally, this also issue applies to AArch32 platforms that use the TF SP_MIN
534fe91230SJoel Huttonimage or integrate the `AArch32 equivalent`_ of the ``el3_arch_init_common``
544fe91230SJoel Huttonmacro. Here the affected bits are ``SDCR.SPD``, which should also be assigned to
554fe91230SJoel Hutton``10`` instead of ``00``
564fe91230SJoel Hutton
5712fc6ba7SPaul Beesley.. _CVE-2017-7564: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7564
584fe91230SJoel Hutton.. _commit 495f3d3: https://github.com/ARM-software/arm-trusted-firmware/commit/495f3d3
594fe91230SJoel Hutton.. _AArch64 macro: https://github.com/ARM-software/arm-trusted-firmware/blob/bcc2bf0/include/common/aarch64/el3_common_macros.S#L85
604fe91230SJoel Hutton.. _AArch32 equivalent: https://github.com/ARM-software/arm-trusted-firmware/blob/bcc2bf0/include/common/aarch32/el3_common_macros.S#L41
614fe91230SJoel Hutton.. _Pull Request #841: https://github.com/ARM-software/arm-trusted-firmware/pull/841
62