xref: /arm-trusted-firmware/docs/security_advisories/security-advisory-tfv-2.rst (revision 91f16700b400a8c0651d24a598fc48ee2997a0d7) 
1*91f16700SchasingluluAdvisory TFV-2 (CVE-2017-7564)
2*91f16700Schasinglulu==============================
3*91f16700Schasinglulu
4*91f16700Schasinglulu+----------------+-------------------------------------------------------------+
5*91f16700Schasinglulu| Title          | Enabled secure self-hosted invasive debug interface can     |
6*91f16700Schasinglulu|                | allow normal world to panic secure world                    |
7*91f16700Schasinglulu+================+=============================================================+
8*91f16700Schasinglulu| CVE ID         | `CVE-2017-7564`_                                            |
9*91f16700Schasinglulu+----------------+-------------------------------------------------------------+
10*91f16700Schasinglulu| Date           | 02 Feb 2017                                                 |
11*91f16700Schasinglulu+----------------+-------------------------------------------------------------+
12*91f16700Schasinglulu| Versions       | All versions up to v1.3                                     |
13*91f16700Schasinglulu| Affected       |                                                             |
14*91f16700Schasinglulu+----------------+-------------------------------------------------------------+
15*91f16700Schasinglulu| Configurations | All                                                         |
16*91f16700Schasinglulu| Affected       |                                                             |
17*91f16700Schasinglulu+----------------+-------------------------------------------------------------+
18*91f16700Schasinglulu| Impact         | Denial of Service (secure world panic)                      |
19*91f16700Schasinglulu+----------------+-------------------------------------------------------------+
20*91f16700Schasinglulu| Fix Version    | 15 Feb 2017 `Pull Request #841`_                            |
21*91f16700Schasinglulu+----------------+-------------------------------------------------------------+
22*91f16700Schasinglulu| Credit         | ARM                                                         |
23*91f16700Schasinglulu+----------------+-------------------------------------------------------------+
24*91f16700Schasinglulu
25*91f16700SchasingluluThe ``MDCR_EL3.SDD`` bit controls AArch64 secure self-hosted invasive debug
26*91f16700Schasingluluenablement. By default, the BL1 and BL31 images of the current version of ARM
27*91f16700SchasingluluTrusted Firmware (TF) unconditionally assign this bit to ``0`` in the early
28*91f16700Schasingluluentrypoint code, which enables debug exceptions from the secure world. This can
29*91f16700Schasinglulube seen in the implementation of the ``el3_arch_init_common`` `AArch64 macro`_ .
30*91f16700SchasingluluGiven that TF does not currently contain support for this feature (for example,
31*91f16700Schasingluluby saving and restoring the appropriate debug registers), this may allow a
32*91f16700Schasinglulunormal world attacker to induce a panic in the secure world.
33*91f16700Schasinglulu
34*91f16700SchasingluluThe ``MDCR_EL3.SDD`` bit should be assigned to ``1`` to disable debug exceptions
35*91f16700Schasinglulufrom the secure world.
36*91f16700Schasinglulu
37*91f16700SchasingluluEarlier versions of TF (prior to `commit 495f3d3`_) did not assign this bit.
38*91f16700SchasingluluSince the bit has an architecturally ``UNKNOWN`` reset value, earlier versions
39*91f16700Schasinglulumay or may not have the same problem, depending on the platform.
40*91f16700Schasinglulu
41*91f16700SchasingluluA similar issue applies to the ``MDCR_EL3.SPD32`` bits, which control AArch32
42*91f16700Schasinglulusecure self-hosted invasive debug enablement. TF assigns these bits to ``00``
43*91f16700Schasinglulumeaning that debug exceptions from Secure EL1 are enabled by the authentication
44*91f16700Schasingluluinterface. Therefore this issue only exists for AArch32 Secure EL1 code when
45*91f16700Schasinglulusecure privileged invasive debug is enabled by the authentication interface, at
46*91f16700Schasingluluwhich point the device is vulnerable to other, more serious attacks anyway.
47*91f16700Schasinglulu
48*91f16700SchasingluluHowever, given that TF contains no support for handling debug exceptions, the
49*91f16700Schasinglulu``MDCR_EL3.SPD32`` bits should be assigned to ``10`` to disable debug exceptions
50*91f16700Schasinglulufrom AArch32 Secure EL1.
51*91f16700Schasinglulu
52*91f16700SchasingluluFinally, this also issue applies to AArch32 platforms that use the TF SP_MIN
53*91f16700Schasingluluimage or integrate the `AArch32 equivalent`_ of the ``el3_arch_init_common``
54*91f16700Schasinglulumacro. Here the affected bits are ``SDCR.SPD``, which should also be assigned to
55*91f16700Schasinglulu``10`` instead of ``00``
56*91f16700Schasinglulu
57*91f16700Schasinglulu.. _CVE-2017-7564: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7564
58*91f16700Schasinglulu.. _commit 495f3d3: https://github.com/ARM-software/arm-trusted-firmware/commit/495f3d3
59*91f16700Schasinglulu.. _AArch64 macro: https://github.com/ARM-software/arm-trusted-firmware/blob/bcc2bf0/include/common/aarch64/el3_common_macros.S#L85
60*91f16700Schasinglulu.. _AArch32 equivalent: https://github.com/ARM-software/arm-trusted-firmware/blob/bcc2bf0/include/common/aarch32/el3_common_macros.S#L41
61*91f16700Schasinglulu.. _Pull Request #841: https://github.com/ARM-software/arm-trusted-firmware/pull/841
62