12d972cc9SBipin RaviAdvisory TFV-9 (CVE-2022-23960) 22d972cc9SBipin Ravi============================================================ 32d972cc9SBipin Ravi 42d972cc9SBipin Ravi+----------------+-------------------------------------------------------------+ 52d972cc9SBipin Ravi| Title | Trusted Firmware-A exposure to speculative processor | 62d972cc9SBipin Ravi| | vulnerabilities with branch prediction target reuse | 72d972cc9SBipin Ravi+================+=============================================================+ 82d972cc9SBipin Ravi| CVE ID | `CVE-2022-23960`_ | 92d972cc9SBipin Ravi+----------------+-------------------------------------------------------------+ 102d972cc9SBipin Ravi| Date | 08 Mar 2022 | 112d972cc9SBipin Ravi+----------------+-------------------------------------------------------------+ 122d972cc9SBipin Ravi| Versions | All, up to and including v2.6 | 132d972cc9SBipin Ravi| Affected | | 142d972cc9SBipin Ravi+----------------+-------------------------------------------------------------+ 152d972cc9SBipin Ravi| Configurations | All | 162d972cc9SBipin Ravi| Affected | | 172d972cc9SBipin Ravi+----------------+-------------------------------------------------------------+ 182d972cc9SBipin Ravi| Impact | Potential leakage of secure world data to normal world | 192d972cc9SBipin Ravi| | if an attacker is able to find a TF-A exfiltration primitive| 202d972cc9SBipin Ravi| | that can be predicted as a valid branch target, and somehow | 212d972cc9SBipin Ravi| | induce misprediction onto that primitive. There are | 222d972cc9SBipin Ravi| | currently no known exploits. | 232d972cc9SBipin Ravi+----------------+-------------------------------------------------------------+ 242d972cc9SBipin Ravi| Fix Version | `Gerrit topic #spectre_bhb`_ | 252d972cc9SBipin Ravi+----------------+-------------------------------------------------------------+ 262d972cc9SBipin Ravi| Credit | Systems and Network Security Group at Vrije Universiteit | 272d972cc9SBipin Ravi| | Amsterdam for CVE-2022-23960, Arm for patches | 282d972cc9SBipin Ravi+----------------+-------------------------------------------------------------+ 292d972cc9SBipin Ravi 302d972cc9SBipin RaviThis security advisory describes the current understanding of the Trusted 312d972cc9SBipin RaviFirmware-A exposure to the new speculative processor vulnerability. 322d972cc9SBipin RaviTo understand the background and wider impact of these vulnerabilities on Arm 332d972cc9SBipin Ravisystems, please refer to the `Arm Processor Security Update`_. The whitepaper 342d972cc9SBipin Ravireferred to below describes the Spectre attack and mitigation in more detail 352d972cc9SBipin Raviincluding implementation specific mitigation details for all impacted Arm CPUs. 362d972cc9SBipin Ravi 372d972cc9SBipin Ravi 382d972cc9SBipin Ravi`CVE-2022-23960`_ 392d972cc9SBipin Ravi----------------- 402d972cc9SBipin Ravi 412d972cc9SBipin RaviWhere possible on vulnerable CPUs that implement FEAT_CSV2, Arm recommends 422d972cc9SBipin Raviinserting a loop workaround with implementation specific number of iterations 432d972cc9SBipin Ravithat will discard the branch history on exception entry to a higher exception 442d972cc9SBipin Ravilevel for the given CPU. This is done as early as possible on entry into EL3, 452d972cc9SBipin Ravibefore any branch instruction is executed. This is sufficient to mitigate 462d972cc9SBipin RaviSpectre-BHB on behalf of all secure world code, assuming that no secure world 472d972cc9SBipin Ravicode is under attacker control. 482d972cc9SBipin Ravi 492d972cc9SBipin RaviThe below table lists the CPUs that mitigate against this vulnerability in 502d972cc9SBipin RaviTF-A using the loop workaround(all cores that implement FEAT_CSV2 except the 512d972cc9SBipin Ravirevisions of Cortex-A73 and Cortex-A75 that implements FEAT_CSV2). 522d972cc9SBipin Ravi 532d972cc9SBipin Ravi+----------------------+ 542d972cc9SBipin Ravi| Core | 552d972cc9SBipin Ravi+----------------------+ 562d972cc9SBipin Ravi| Cortex-A72(from r1p0)| 572d972cc9SBipin Ravi+----------------------+ 582d972cc9SBipin Ravi| Cortex-A76 | 592d972cc9SBipin Ravi+----------------------+ 6037200ae0SBipin Ravi| Cortex-A76AE | 6137200ae0SBipin Ravi+----------------------+ 622d972cc9SBipin Ravi| Cortex-A77 | 632d972cc9SBipin Ravi+----------------------+ 642d972cc9SBipin Ravi| Cortex-A78 | 652d972cc9SBipin Ravi+----------------------+ 6637200ae0SBipin Ravi| Cortex-A78AE | 6737200ae0SBipin Ravi+----------------------+ 6837200ae0SBipin Ravi| Cortex-A78C | 6937200ae0SBipin Ravi+----------------------+ 7037200ae0SBipin Ravi| Cortex-X1 | 7137200ae0SBipin Ravi+----------------------+ 722d972cc9SBipin Ravi| Cortex-X2 | 732d972cc9SBipin Ravi+----------------------+ 742d972cc9SBipin Ravi| Cortex-A710 | 752d972cc9SBipin Ravi+----------------------+ 7637200ae0SBipin Ravi| Cortex-Makalu | 7737200ae0SBipin Ravi+----------------------+ 7837200ae0SBipin Ravi| Cortex-Makalu-ELP | 7937200ae0SBipin Ravi+----------------------+ 8037200ae0SBipin Ravi| Cortex-Hunter | 8137200ae0SBipin Ravi+----------------------+ 822d972cc9SBipin Ravi| Neoverse-N1 | 832d972cc9SBipin Ravi+----------------------+ 842d972cc9SBipin Ravi| Neoverse-N2 | 852d972cc9SBipin Ravi+----------------------+ 862d972cc9SBipin Ravi| Neoverse-V1 | 872d972cc9SBipin Ravi+----------------------+ 88*bd063a73SJoel Goddard| Neoverse-V2 | 8937200ae0SBipin Ravi+----------------------+ 9037200ae0SBipin Ravi| Neoverse-Poseidon | 9137200ae0SBipin Ravi+----------------------+ 922d972cc9SBipin Ravi 932d972cc9SBipin RaviFor all other cores impacted by Spectre-BHB, some of which that do not implement 942d972cc9SBipin RaviFEAT_CSV2 and some that do e.g. Cortex-A73, the recommended mitigation is to 952d972cc9SBipin Raviflush all branch predictions via an implementation specific route. 962d972cc9SBipin Ravi 972d972cc9SBipin RaviIn case local workaround is not feasible, the Rich OS can invoke the SMC 982d972cc9SBipin Ravi(``SMCCC_ARCH_WORKAROUND_3``) to apply the workaround. Refer to `SMCCC Calling 992d972cc9SBipin RaviConvention specification`_ for more details. 1002d972cc9SBipin Ravi 1012d972cc9SBipin Ravi`Gerrit topic #spectre_bhb`_ This patchset implements the Spectre-BHB loop 1022d972cc9SBipin Raviworkaround for CPUs mentioned in the above table. It also mitigates against 1032d972cc9SBipin Ravithis vulnerability for Cortex-A72 CPU versions that support the CSV2 feature 1042d972cc9SBipin Ravi(from r1p0). The patch stack also includes an implementation for a specified 1052d972cc9SBipin Ravi`CVE-2022-23960`_ workaround SMC(``SMCCC_ARCH_WORKAROUND_3``) for use by normal 1062d972cc9SBipin Raviworld privileged software. Details of ``SMCCC_ARCH_WORKAROUND_3`` can be found 1072d972cc9SBipin Raviin the `SMCCC Calling Convention specification`_. The specification and 1082d972cc9SBipin Raviimplementation also enables the normal world to discover the presence of this 1092d972cc9SBipin Ravifirmware service. This patch also implements ``SMCCC_ARCH_WORKAROUND_3`` for 1102d972cc9SBipin RaviCortex-A57, Coxtex-A72, Cortex-A73 and Cortex-A75 using the existing workaround. 11137200ae0SBipin Ravifor CVE-2017-5715. Cortex-A15 patch extends Spectre V2 mitigation to Spectre-BHB. 1122d972cc9SBipin Ravi 1132d972cc9SBipin RaviThe above workaround is enabled by default (on vulnerable CPUs only). Platforms 1142d972cc9SBipin Ravican choose to disable them at compile time if they do not require them. 1152d972cc9SBipin Ravi 1162d972cc9SBipin RaviFor more information about non-Arm CPUs, please contact the CPU vendor. 1172d972cc9SBipin Ravi 1182d972cc9SBipin Ravi.. _Arm Processor Security Update: http://www.arm.com/security-update 1192d972cc9SBipin Ravi.. _CVE-2022-23960: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23960 1202d972cc9SBipin Ravi.. _Gerrit topic #spectre_bhb: https://review.trustedfirmware.org/q/topic:"spectre_bhb"+(status:open%20OR%20status:merged) 1212d972cc9SBipin Ravi.. _CVE-2022-23960 mitigation specification: https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability 1222d972cc9SBipin Ravi.. _SMCCC Calling Convention specification: https://developer.arm.com/documentation/den0028/latest 123