1*2d972cc9SBipin RaviAdvisory TFV-9 (CVE-2022-23960) 2*2d972cc9SBipin Ravi============================================================ 3*2d972cc9SBipin Ravi 4*2d972cc9SBipin Ravi+----------------+-------------------------------------------------------------+ 5*2d972cc9SBipin Ravi| Title | Trusted Firmware-A exposure to speculative processor | 6*2d972cc9SBipin Ravi| | vulnerabilities with branch prediction target reuse | 7*2d972cc9SBipin Ravi+================+=============================================================+ 8*2d972cc9SBipin Ravi| CVE ID | `CVE-2022-23960`_ | 9*2d972cc9SBipin Ravi+----------------+-------------------------------------------------------------+ 10*2d972cc9SBipin Ravi| Date | 08 Mar 2022 | 11*2d972cc9SBipin Ravi+----------------+-------------------------------------------------------------+ 12*2d972cc9SBipin Ravi| Versions | All, up to and including v2.6 | 13*2d972cc9SBipin Ravi| Affected | | 14*2d972cc9SBipin Ravi+----------------+-------------------------------------------------------------+ 15*2d972cc9SBipin Ravi| Configurations | All | 16*2d972cc9SBipin Ravi| Affected | | 17*2d972cc9SBipin Ravi+----------------+-------------------------------------------------------------+ 18*2d972cc9SBipin Ravi| Impact | Potential leakage of secure world data to normal world | 19*2d972cc9SBipin Ravi| | if an attacker is able to find a TF-A exfiltration primitive| 20*2d972cc9SBipin Ravi| | that can be predicted as a valid branch target, and somehow | 21*2d972cc9SBipin Ravi| | induce misprediction onto that primitive. There are | 22*2d972cc9SBipin Ravi| | currently no known exploits. | 23*2d972cc9SBipin Ravi+----------------+-------------------------------------------------------------+ 24*2d972cc9SBipin Ravi| Fix Version | `Gerrit topic #spectre_bhb`_ | 25*2d972cc9SBipin Ravi+----------------+-------------------------------------------------------------+ 26*2d972cc9SBipin Ravi| Credit | Systems and Network Security Group at Vrije Universiteit | 27*2d972cc9SBipin Ravi| | Amsterdam for CVE-2022-23960, Arm for patches | 28*2d972cc9SBipin Ravi+----------------+-------------------------------------------------------------+ 29*2d972cc9SBipin Ravi 30*2d972cc9SBipin RaviThis security advisory describes the current understanding of the Trusted 31*2d972cc9SBipin RaviFirmware-A exposure to the new speculative processor vulnerability. 32*2d972cc9SBipin RaviTo understand the background and wider impact of these vulnerabilities on Arm 33*2d972cc9SBipin Ravisystems, please refer to the `Arm Processor Security Update`_. The whitepaper 34*2d972cc9SBipin Ravireferred to below describes the Spectre attack and mitigation in more detail 35*2d972cc9SBipin Raviincluding implementation specific mitigation details for all impacted Arm CPUs. 36*2d972cc9SBipin Ravi 37*2d972cc9SBipin Ravi 38*2d972cc9SBipin Ravi`CVE-2022-23960`_ 39*2d972cc9SBipin Ravi----------------- 40*2d972cc9SBipin Ravi 41*2d972cc9SBipin RaviWhere possible on vulnerable CPUs that implement FEAT_CSV2, Arm recommends 42*2d972cc9SBipin Raviinserting a loop workaround with implementation specific number of iterations 43*2d972cc9SBipin Ravithat will discard the branch history on exception entry to a higher exception 44*2d972cc9SBipin Ravilevel for the given CPU. This is done as early as possible on entry into EL3, 45*2d972cc9SBipin Ravibefore any branch instruction is executed. This is sufficient to mitigate 46*2d972cc9SBipin RaviSpectre-BHB on behalf of all secure world code, assuming that no secure world 47*2d972cc9SBipin Ravicode is under attacker control. 48*2d972cc9SBipin Ravi 49*2d972cc9SBipin RaviThe below table lists the CPUs that mitigate against this vulnerability in 50*2d972cc9SBipin RaviTF-A using the loop workaround(all cores that implement FEAT_CSV2 except the 51*2d972cc9SBipin Ravirevisions of Cortex-A73 and Cortex-A75 that implements FEAT_CSV2). 52*2d972cc9SBipin Ravi 53*2d972cc9SBipin Ravi+----------------------+ 54*2d972cc9SBipin Ravi| Core | 55*2d972cc9SBipin Ravi+----------------------+ 56*2d972cc9SBipin Ravi| Cortex-A72(from r1p0)| 57*2d972cc9SBipin Ravi+----------------------+ 58*2d972cc9SBipin Ravi| Cortex-A76 | 59*2d972cc9SBipin Ravi+----------------------+ 60*2d972cc9SBipin Ravi| Cortex-A77 | 61*2d972cc9SBipin Ravi+----------------------+ 62*2d972cc9SBipin Ravi| Cortex-A78 | 63*2d972cc9SBipin Ravi+----------------------+ 64*2d972cc9SBipin Ravi| Cortex-X2 | 65*2d972cc9SBipin Ravi+----------------------+ 66*2d972cc9SBipin Ravi| Cortex-A710 | 67*2d972cc9SBipin Ravi+----------------------+ 68*2d972cc9SBipin Ravi| Neoverse-N1 | 69*2d972cc9SBipin Ravi+----------------------+ 70*2d972cc9SBipin Ravi| Neoverse-N2 | 71*2d972cc9SBipin Ravi+----------------------+ 72*2d972cc9SBipin Ravi| Neoverse-V1 | 73*2d972cc9SBipin Ravi+----------------------+ 74*2d972cc9SBipin Ravi 75*2d972cc9SBipin RaviFor all other cores impacted by Spectre-BHB, some of which that do not implement 76*2d972cc9SBipin RaviFEAT_CSV2 and some that do e.g. Cortex-A73, the recommended mitigation is to 77*2d972cc9SBipin Raviflush all branch predictions via an implementation specific route. 78*2d972cc9SBipin Ravi 79*2d972cc9SBipin RaviIn case local workaround is not feasible, the Rich OS can invoke the SMC 80*2d972cc9SBipin Ravi(``SMCCC_ARCH_WORKAROUND_3``) to apply the workaround. Refer to `SMCCC Calling 81*2d972cc9SBipin RaviConvention specification`_ for more details. 82*2d972cc9SBipin Ravi 83*2d972cc9SBipin Ravi`Gerrit topic #spectre_bhb`_ This patchset implements the Spectre-BHB loop 84*2d972cc9SBipin Raviworkaround for CPUs mentioned in the above table. It also mitigates against 85*2d972cc9SBipin Ravithis vulnerability for Cortex-A72 CPU versions that support the CSV2 feature 86*2d972cc9SBipin Ravi(from r1p0). The patch stack also includes an implementation for a specified 87*2d972cc9SBipin Ravi`CVE-2022-23960`_ workaround SMC(``SMCCC_ARCH_WORKAROUND_3``) for use by normal 88*2d972cc9SBipin Raviworld privileged software. Details of ``SMCCC_ARCH_WORKAROUND_3`` can be found 89*2d972cc9SBipin Raviin the `SMCCC Calling Convention specification`_. The specification and 90*2d972cc9SBipin Raviimplementation also enables the normal world to discover the presence of this 91*2d972cc9SBipin Ravifirmware service. This patch also implements ``SMCCC_ARCH_WORKAROUND_3`` for 92*2d972cc9SBipin RaviCortex-A57, Coxtex-A72, Cortex-A73 and Cortex-A75 using the existing workaround. 93*2d972cc9SBipin Ravifor CVE-2017-5715. 94*2d972cc9SBipin Ravi 95*2d972cc9SBipin RaviThe above workaround is enabled by default (on vulnerable CPUs only). Platforms 96*2d972cc9SBipin Ravican choose to disable them at compile time if they do not require them. 97*2d972cc9SBipin Ravi 98*2d972cc9SBipin RaviFor more information about non-Arm CPUs, please contact the CPU vendor. 99*2d972cc9SBipin Ravi 100*2d972cc9SBipin Ravi.. _Arm Processor Security Update: http://www.arm.com/security-update 101*2d972cc9SBipin Ravi.. _CVE-2022-23960: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23960 102*2d972cc9SBipin Ravi.. _Gerrit topic #spectre_bhb: https://review.trustedfirmware.org/q/topic:"spectre_bhb"+(status:open%20OR%20status:merged) 103*2d972cc9SBipin Ravi.. _CVE-2022-23960 mitigation specification: https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability 104*2d972cc9SBipin Ravi.. _SMCCC Calling Convention specification: https://developer.arm.com/documentation/den0028/latest 105