1*267f8085SPaul BeesleyAdvisory TFV-5 (CVE-2017-15031) 2*267f8085SPaul Beesley=============================== 3*267f8085SPaul Beesley 44fe91230SJoel Hutton+----------------+-------------------------------------------------------------+ 54fe91230SJoel Hutton| Title | Not initializing or saving/restoring ``PMCR_EL0`` can leak | 64fe91230SJoel Hutton| | secure world timing information | 74fe91230SJoel Hutton+================+=============================================================+ 812fc6ba7SPaul Beesley| CVE ID | `CVE-2017-15031`_ | 94fe91230SJoel Hutton+----------------+-------------------------------------------------------------+ 104fe91230SJoel Hutton| Date | 02 Oct 2017 | 114fe91230SJoel Hutton+----------------+-------------------------------------------------------------+ 124fe91230SJoel Hutton| Versions | All, up to and including v1.4 | 134fe91230SJoel Hutton| Affected | | 144fe91230SJoel Hutton+----------------+-------------------------------------------------------------+ 154fe91230SJoel Hutton| Configurations | All | 164fe91230SJoel Hutton| Affected | | 174fe91230SJoel Hutton+----------------+-------------------------------------------------------------+ 184fe91230SJoel Hutton| Impact | Leakage of sensitive secure world timing information | 194fe91230SJoel Hutton+----------------+-------------------------------------------------------------+ 204fe91230SJoel Hutton| Fix Version | `Pull Request #1127`_ (merged on 18 October 2017) | 214fe91230SJoel Hutton+----------------+-------------------------------------------------------------+ 224fe91230SJoel Hutton| Credit | Arm | 234fe91230SJoel Hutton+----------------+-------------------------------------------------------------+ 244fe91230SJoel Hutton 254fe91230SJoel HuttonThe ``PMCR_EL0`` (Performance Monitors Control Register) provides details of the 264fe91230SJoel HuttonPerformance Monitors implementation, including the number of counters 274fe91230SJoel Huttonimplemented, and configures and controls the counters. If the ``PMCR_EL0.DP`` 284fe91230SJoel Huttonbit is set to zero, the cycle counter (when enabled) counts during secure world 294fe91230SJoel Huttonexecution, even when prohibited by the debug signals. 304fe91230SJoel Hutton 314fe91230SJoel HuttonSince Arm TF does not save and restore ``PMCR_EL0`` when switching between the 324fe91230SJoel Huttonnormal and secure worlds, normal world code can set ``PMCR_EL0.DP`` to zero to 334fe91230SJoel Huttoncause leakage of secure world timing information. This register should be added 344fe91230SJoel Huttonto the list of saved/restored registers. 354fe91230SJoel Hutton 364fe91230SJoel HuttonFurthermore, ``PMCR_EL0.DP`` has an architecturally ``UNKNOWN`` reset value. 374fe91230SJoel HuttonSince Arm TF does not initialize this register, it's possible that on at least 384fe91230SJoel Huttonsome implementations, ``PMCR_EL0.DP`` is set to zero by default. This and other 394fe91230SJoel Huttonbits with an architecturally UNKNOWN reset value should be initialized to 404fe91230SJoel Huttonsensible default values in the secure context. 414fe91230SJoel Hutton 424fe91230SJoel HuttonThe same issue exists for the equivalent AArch32 register, ``PMCR``, except that 434fe91230SJoel Huttonhere ``PMCR_EL0.DP`` architecturally resets to zero. 444fe91230SJoel Hutton 4512fc6ba7SPaul Beesley.. _CVE-2017-15031: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15031 464fe91230SJoel Hutton.. _Pull Request #1127: https://github.com/ARM-software/arm-trusted-firmware/pull/1127 47