1.. _security-advisory-tfv-9: 2 3Advisory TFV-9 (CVE-2022-23960) 4============================================================ 5 6+----------------+-------------------------------------------------------------+ 7| Title | Trusted Firmware-A exposure to speculative processor | 8| | vulnerabilities with branch prediction target reuse | 9+================+=============================================================+ 10| CVE ID | `CVE-2022-23960`_ | 11+----------------+-------------------------------------------------------------+ 12| Date | 08 Mar 2022 | 13+----------------+-------------------------------------------------------------+ 14| Versions | All, up to and including v2.6 | 15| Affected | | 16+----------------+-------------------------------------------------------------+ 17| Configurations | All | 18| Affected | | 19+----------------+-------------------------------------------------------------+ 20| Impact | Potential leakage of secure world data to normal world | 21| | if an attacker is able to find a TF-A exfiltration primitive| 22| | that can be predicted as a valid branch target, and somehow | 23| | induce misprediction onto that primitive. There are | 24| | currently no known exploits. | 25+----------------+-------------------------------------------------------------+ 26| Fix Version | `Gerrit topic #spectre_bhb`_ | 27+----------------+-------------------------------------------------------------+ 28| Credit | Systems and Network Security Group at Vrije Universiteit | 29| | Amsterdam for CVE-2022-23960, Arm for patches | 30+----------------+-------------------------------------------------------------+ 31 32This security advisory describes the current understanding of the Trusted 33Firmware-A exposure to the new speculative processor vulnerability. 34To understand the background and wider impact of these vulnerabilities on Arm 35systems, please refer to the `Arm Processor Security Update`_. The whitepaper 36referred to below describes the Spectre attack and mitigation in more detail 37including implementation specific mitigation details for all impacted Arm CPUs. 38 39 40`CVE-2022-23960`_ 41----------------- 42 43Where possible on vulnerable CPUs that implement FEAT_CSV2, Arm recommends 44inserting a loop workaround with implementation specific number of iterations 45that will discard the branch history on exception entry to a higher exception 46level for the given CPU. This is done as early as possible on entry into EL3, 47before any branch instruction is executed. This is sufficient to mitigate 48Spectre-BHB on behalf of all secure world code, assuming that no secure world 49code is under attacker control. 50 51The below table lists the CPUs that mitigate against this vulnerability in 52TF-A using the loop workaround(all cores that implement FEAT_CSV2 except the 53revisions of Cortex-A73 and Cortex-A75 that implements FEAT_CSV2). 54 55+----------------------+ 56| Core | 57+----------------------+ 58| Cortex-A72(from r1p0)| 59+----------------------+ 60| Cortex-A76 | 61+----------------------+ 62| Cortex-A76AE | 63+----------------------+ 64| Cortex-A77 | 65+----------------------+ 66| Cortex-A78 | 67+----------------------+ 68| Cortex-A78AE | 69+----------------------+ 70| Cortex-A78C | 71+----------------------+ 72| Cortex-X1 | 73+----------------------+ 74| Cortex-X2 | 75+----------------------+ 76| Cortex-X3 | 77+----------------------+ 78| Cortex-A710 | 79+----------------------+ 80| Cortex-A715 | 81+----------------------+ 82| Cortex-A720 | 83+----------------------+ 84| Neoverse-N1 | 85+----------------------+ 86| Neoverse-N2 | 87+----------------------+ 88| Neoverse-V1 | 89+----------------------+ 90| Neoverse-V2 | 91+----------------------+ 92| Neoverse-V3 | 93+----------------------+ 94 95For all other cores impacted by Spectre-BHB, some of which that do not implement 96FEAT_CSV2 and some that do e.g. Cortex-A73, the recommended mitigation is to 97flush all branch predictions via an implementation specific route. 98 99In case local workaround is not feasible, the Rich OS can invoke the SMC 100(``SMCCC_ARCH_WORKAROUND_3``) to apply the workaround. Refer to `SMCCC Calling 101Convention specification`_ for more details. 102 103`Gerrit topic #spectre_bhb`_ This patchset implements the Spectre-BHB loop 104workaround for CPUs mentioned in the above table. For CPUs supporting 105speculative barrier instruction, the loop workaround is optimised by using SB 106in place of the common DSB and ISB sequence. It also mitigates against 107this vulnerability for Cortex-A72 CPU versions that support the CSV2 feature 108(from r1p0). The patch stack also includes an implementation for a specified 109`CVE-2022-23960`_ workaround SMC(``SMCCC_ARCH_WORKAROUND_3``) for use by normal 110world privileged software. Details of ``SMCCC_ARCH_WORKAROUND_3`` can be found 111in the `SMCCC Calling Convention specification`_. The specification and 112implementation also enables the normal world to discover the presence of this 113firmware service. This patch also implements ``SMCCC_ARCH_WORKAROUND_3`` for 114Cortex-A57, Coxtex-A72, Cortex-A73 and Cortex-A75 using the existing workaround. 115for CVE-2017-5715. Cortex-A15 patch extends Spectre V2 mitigation to Spectre-BHB. 116 117The above workaround is enabled by default (on vulnerable CPUs only). Platforms 118can choose to disable them at compile time if they do not require them. 119 120For more information about non-Arm CPUs, please contact the CPU vendor. 121 122.. _Arm Processor Security Update: http://www.arm.com/security-update 123.. _CVE-2022-23960: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23960 124.. _Gerrit topic #spectre_bhb: https://review.trustedfirmware.org/q/topic:"spectre_bhb"+(status:open%20OR%20status:merged) 125.. _CVE-2022-23960 mitigation specification: https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability 126.. _SMCCC Calling Convention specification: https://developer.arm.com/documentation/den0028/latest 127