xref: /rk3399_ARM-atf/docs/security_advisories/security-advisory-tfv-2.rst (revision 12fc6ba73d7191a71bf8b3b611fd3f618ed2f25e) 
14fe91230SJoel Hutton+----------------+-------------------------------------------------------------+
24fe91230SJoel Hutton| Title          | Enabled secure self-hosted invasive debug interface can     |
34fe91230SJoel Hutton|                | allow normal world to panic secure world                    |
44fe91230SJoel Hutton+================+=============================================================+
5*12fc6ba7SPaul Beesley| CVE ID         | `CVE-2017-7564`_                                            |
64fe91230SJoel Hutton+----------------+-------------------------------------------------------------+
74fe91230SJoel Hutton| Date           | 02 Feb 2017                                                 |
84fe91230SJoel Hutton+----------------+-------------------------------------------------------------+
94fe91230SJoel Hutton| Versions       | All versions up to v1.3                                     |
104fe91230SJoel Hutton| Affected       |                                                             |
114fe91230SJoel Hutton+----------------+-------------------------------------------------------------+
124fe91230SJoel Hutton| Configurations | All                                                         |
134fe91230SJoel Hutton| Affected       |                                                             |
144fe91230SJoel Hutton+----------------+-------------------------------------------------------------+
154fe91230SJoel Hutton| Impact         | Denial of Service (secure world panic)                      |
164fe91230SJoel Hutton+----------------+-------------------------------------------------------------+
174fe91230SJoel Hutton| Fix Version    | 15 Feb 2017 `Pull Request #841`_                            |
184fe91230SJoel Hutton+----------------+-------------------------------------------------------------+
194fe91230SJoel Hutton| Credit         | ARM                                                         |
204fe91230SJoel Hutton+----------------+-------------------------------------------------------------+
214fe91230SJoel Hutton
224fe91230SJoel HuttonThe ``MDCR_EL3.SDD`` bit controls AArch64 secure self-hosted invasive debug
234fe91230SJoel Huttonenablement. By default, the BL1 and BL31 images of the current version of ARM
244fe91230SJoel HuttonTrusted Firmware (TF) unconditionally assign this bit to ``0`` in the early
254fe91230SJoel Huttonentrypoint code, which enables debug exceptions from the secure world. This can
264fe91230SJoel Huttonbe seen in the implementation of the ``el3_arch_init_common`` `AArch64 macro`_ .
274fe91230SJoel HuttonGiven that TF does not currently contain support for this feature (for example,
284fe91230SJoel Huttonby saving and restoring the appropriate debug registers), this may allow a
294fe91230SJoel Huttonnormal world attacker to induce a panic in the secure world.
304fe91230SJoel Hutton
314fe91230SJoel HuttonThe ``MDCR_EL3.SDD`` bit should be assigned to ``1`` to disable debug exceptions
324fe91230SJoel Huttonfrom the secure world.
334fe91230SJoel Hutton
344fe91230SJoel HuttonEarlier versions of TF (prior to `commit 495f3d3`_) did not assign this bit.
354fe91230SJoel HuttonSince the bit has an architecturally ``UNKNOWN`` reset value, earlier versions
364fe91230SJoel Huttonmay or may not have the same problem, depending on the platform.
374fe91230SJoel Hutton
384fe91230SJoel HuttonA similar issue applies to the ``MDCR_EL3.SPD32`` bits, which control AArch32
394fe91230SJoel Huttonsecure self-hosted invasive debug enablement. TF assigns these bits to ``00``
404fe91230SJoel Huttonmeaning that debug exceptions from Secure EL1 are enabled by the authentication
414fe91230SJoel Huttoninterface. Therefore this issue only exists for AArch32 Secure EL1 code when
424fe91230SJoel Huttonsecure privileged invasive debug is enabled by the authentication interface, at
434fe91230SJoel Huttonwhich point the device is vulnerable to other, more serious attacks anyway.
444fe91230SJoel Hutton
454fe91230SJoel HuttonHowever, given that TF contains no support for handling debug exceptions, the
464fe91230SJoel Hutton``MDCR_EL3.SPD32`` bits should be assigned to ``10`` to disable debug exceptions
474fe91230SJoel Huttonfrom AArch32 Secure EL1.
484fe91230SJoel Hutton
494fe91230SJoel HuttonFinally, this also issue applies to AArch32 platforms that use the TF SP_MIN
504fe91230SJoel Huttonimage or integrate the `AArch32 equivalent`_ of the ``el3_arch_init_common``
514fe91230SJoel Huttonmacro. Here the affected bits are ``SDCR.SPD``, which should also be assigned to
524fe91230SJoel Hutton``10`` instead of ``00``
534fe91230SJoel Hutton
54*12fc6ba7SPaul Beesley.. _CVE-2017-7564: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7564
554fe91230SJoel Hutton.. _commit 495f3d3: https://github.com/ARM-software/arm-trusted-firmware/commit/495f3d3
564fe91230SJoel Hutton.. _AArch64 macro: https://github.com/ARM-software/arm-trusted-firmware/blob/bcc2bf0/include/common/aarch64/el3_common_macros.S#L85
574fe91230SJoel Hutton.. _AArch32 equivalent: https://github.com/ARM-software/arm-trusted-firmware/blob/bcc2bf0/include/common/aarch32/el3_common_macros.S#L41
584fe91230SJoel Hutton.. _Pull Request #841: https://github.com/ARM-software/arm-trusted-firmware/pull/841
59