1*91f16700SchasingluluAdvisory TFV-9 (CVE-2022-23960) 2*91f16700Schasinglulu============================================================ 3*91f16700Schasinglulu 4*91f16700Schasinglulu+----------------+-------------------------------------------------------------+ 5*91f16700Schasinglulu| Title | Trusted Firmware-A exposure to speculative processor | 6*91f16700Schasinglulu| | vulnerabilities with branch prediction target reuse | 7*91f16700Schasinglulu+================+=============================================================+ 8*91f16700Schasinglulu| CVE ID | `CVE-2022-23960`_ | 9*91f16700Schasinglulu+----------------+-------------------------------------------------------------+ 10*91f16700Schasinglulu| Date | 08 Mar 2022 | 11*91f16700Schasinglulu+----------------+-------------------------------------------------------------+ 12*91f16700Schasinglulu| Versions | All, up to and including v2.6 | 13*91f16700Schasinglulu| Affected | | 14*91f16700Schasinglulu+----------------+-------------------------------------------------------------+ 15*91f16700Schasinglulu| Configurations | All | 16*91f16700Schasinglulu| Affected | | 17*91f16700Schasinglulu+----------------+-------------------------------------------------------------+ 18*91f16700Schasinglulu| Impact | Potential leakage of secure world data to normal world | 19*91f16700Schasinglulu| | if an attacker is able to find a TF-A exfiltration primitive| 20*91f16700Schasinglulu| | that can be predicted as a valid branch target, and somehow | 21*91f16700Schasinglulu| | induce misprediction onto that primitive. There are | 22*91f16700Schasinglulu| | currently no known exploits. | 23*91f16700Schasinglulu+----------------+-------------------------------------------------------------+ 24*91f16700Schasinglulu| Fix Version | `Gerrit topic #spectre_bhb`_ | 25*91f16700Schasinglulu+----------------+-------------------------------------------------------------+ 26*91f16700Schasinglulu| Credit | Systems and Network Security Group at Vrije Universiteit | 27*91f16700Schasinglulu| | Amsterdam for CVE-2022-23960, Arm for patches | 28*91f16700Schasinglulu+----------------+-------------------------------------------------------------+ 29*91f16700Schasinglulu 30*91f16700SchasingluluThis security advisory describes the current understanding of the Trusted 31*91f16700SchasingluluFirmware-A exposure to the new speculative processor vulnerability. 32*91f16700SchasingluluTo understand the background and wider impact of these vulnerabilities on Arm 33*91f16700Schasinglulusystems, please refer to the `Arm Processor Security Update`_. The whitepaper 34*91f16700Schasinglulureferred to below describes the Spectre attack and mitigation in more detail 35*91f16700Schasingluluincluding implementation specific mitigation details for all impacted Arm CPUs. 36*91f16700Schasinglulu 37*91f16700Schasinglulu 38*91f16700Schasinglulu`CVE-2022-23960`_ 39*91f16700Schasinglulu----------------- 40*91f16700Schasinglulu 41*91f16700SchasingluluWhere possible on vulnerable CPUs that implement FEAT_CSV2, Arm recommends 42*91f16700Schasingluluinserting a loop workaround with implementation specific number of iterations 43*91f16700Schasingluluthat will discard the branch history on exception entry to a higher exception 44*91f16700Schasinglululevel for the given CPU. This is done as early as possible on entry into EL3, 45*91f16700Schasinglulubefore any branch instruction is executed. This is sufficient to mitigate 46*91f16700SchasingluluSpectre-BHB on behalf of all secure world code, assuming that no secure world 47*91f16700Schasinglulucode is under attacker control. 48*91f16700Schasinglulu 49*91f16700SchasingluluThe below table lists the CPUs that mitigate against this vulnerability in 50*91f16700SchasingluluTF-A using the loop workaround(all cores that implement FEAT_CSV2 except the 51*91f16700Schasinglulurevisions of Cortex-A73 and Cortex-A75 that implements FEAT_CSV2). 52*91f16700Schasinglulu 53*91f16700Schasinglulu+----------------------+ 54*91f16700Schasinglulu| Core | 55*91f16700Schasinglulu+----------------------+ 56*91f16700Schasinglulu| Cortex-A72(from r1p0)| 57*91f16700Schasinglulu+----------------------+ 58*91f16700Schasinglulu| Cortex-A76 | 59*91f16700Schasinglulu+----------------------+ 60*91f16700Schasinglulu| Cortex-A76AE | 61*91f16700Schasinglulu+----------------------+ 62*91f16700Schasinglulu| Cortex-A77 | 63*91f16700Schasinglulu+----------------------+ 64*91f16700Schasinglulu| Cortex-A78 | 65*91f16700Schasinglulu+----------------------+ 66*91f16700Schasinglulu| Cortex-A78AE | 67*91f16700Schasinglulu+----------------------+ 68*91f16700Schasinglulu| Cortex-A78C | 69*91f16700Schasinglulu+----------------------+ 70*91f16700Schasinglulu| Cortex-X1 | 71*91f16700Schasinglulu+----------------------+ 72*91f16700Schasinglulu| Cortex-X2 | 73*91f16700Schasinglulu+----------------------+ 74*91f16700Schasinglulu| Cortex-X3 | 75*91f16700Schasinglulu+----------------------+ 76*91f16700Schasinglulu| Cortex-A710 | 77*91f16700Schasinglulu+----------------------+ 78*91f16700Schasinglulu| Cortex-A715 | 79*91f16700Schasinglulu+----------------------+ 80*91f16700Schasinglulu| Cortex-A720 | 81*91f16700Schasinglulu+----------------------+ 82*91f16700Schasinglulu| Neoverse-N1 | 83*91f16700Schasinglulu+----------------------+ 84*91f16700Schasinglulu| Neoverse-N2 | 85*91f16700Schasinglulu+----------------------+ 86*91f16700Schasinglulu| Neoverse-V1 | 87*91f16700Schasinglulu+----------------------+ 88*91f16700Schasinglulu| Neoverse-V2 | 89*91f16700Schasinglulu+----------------------+ 90*91f16700Schasinglulu| Neoverse-Poseidon | 91*91f16700Schasinglulu+----------------------+ 92*91f16700Schasinglulu 93*91f16700SchasingluluFor all other cores impacted by Spectre-BHB, some of which that do not implement 94*91f16700SchasingluluFEAT_CSV2 and some that do e.g. Cortex-A73, the recommended mitigation is to 95*91f16700Schasingluluflush all branch predictions via an implementation specific route. 96*91f16700Schasinglulu 97*91f16700SchasingluluIn case local workaround is not feasible, the Rich OS can invoke the SMC 98*91f16700Schasinglulu(``SMCCC_ARCH_WORKAROUND_3``) to apply the workaround. Refer to `SMCCC Calling 99*91f16700SchasingluluConvention specification`_ for more details. 100*91f16700Schasinglulu 101*91f16700Schasinglulu`Gerrit topic #spectre_bhb`_ This patchset implements the Spectre-BHB loop 102*91f16700Schasingluluworkaround for CPUs mentioned in the above table. For CPUs supporting 103*91f16700Schasingluluspeculative barrier instruction, the loop workaround is optimised by using SB 104*91f16700Schasingluluin place of the common DSB and ISB sequence. It also mitigates against 105*91f16700Schasingluluthis vulnerability for Cortex-A72 CPU versions that support the CSV2 feature 106*91f16700Schasinglulu(from r1p0). The patch stack also includes an implementation for a specified 107*91f16700Schasinglulu`CVE-2022-23960`_ workaround SMC(``SMCCC_ARCH_WORKAROUND_3``) for use by normal 108*91f16700Schasingluluworld privileged software. Details of ``SMCCC_ARCH_WORKAROUND_3`` can be found 109*91f16700Schasingluluin the `SMCCC Calling Convention specification`_. The specification and 110*91f16700Schasingluluimplementation also enables the normal world to discover the presence of this 111*91f16700Schasinglulufirmware service. This patch also implements ``SMCCC_ARCH_WORKAROUND_3`` for 112*91f16700SchasingluluCortex-A57, Coxtex-A72, Cortex-A73 and Cortex-A75 using the existing workaround. 113*91f16700Schasinglulufor CVE-2017-5715. Cortex-A15 patch extends Spectre V2 mitigation to Spectre-BHB. 114*91f16700Schasinglulu 115*91f16700SchasingluluThe above workaround is enabled by default (on vulnerable CPUs only). Platforms 116*91f16700Schasinglulucan choose to disable them at compile time if they do not require them. 117*91f16700Schasinglulu 118*91f16700SchasingluluFor more information about non-Arm CPUs, please contact the CPU vendor. 119*91f16700Schasinglulu 120*91f16700Schasinglulu.. _Arm Processor Security Update: http://www.arm.com/security-update 121*91f16700Schasinglulu.. _CVE-2022-23960: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23960 122*91f16700Schasinglulu.. _Gerrit topic #spectre_bhb: https://review.trustedfirmware.org/q/topic:"spectre_bhb"+(status:open%20OR%20status:merged) 123*91f16700Schasinglulu.. _CVE-2022-23960 mitigation specification: https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability 124*91f16700Schasinglulu.. _SMCCC Calling Convention specification: https://developer.arm.com/documentation/den0028/latest 125