| Paul Beesley | 1ed4cf2 | 2019-03-07 16:22:44 +0000 | [diff] [blame] | 1 | Advisory TFV-5 (CVE-2017-15031) |
| 2 | =============================== |
| 3 | |
| Joel Hutton | 9e60563 | 2019-02-25 15:18:56 +0000 | [diff] [blame] | 4 | +----------------+-------------------------------------------------------------+ |
| 5 | | Title | Not initializing or saving/restoring ``PMCR_EL0`` can leak | |
| 6 | | | secure world timing information | |
| 7 | +================+=============================================================+ |
| Paul Beesley | 75017f2 | 2019-03-05 17:10:07 +0000 | [diff] [blame] | 8 | | CVE ID | `CVE-2017-15031`_ | |
| Joel Hutton | 9e60563 | 2019-02-25 15:18:56 +0000 | [diff] [blame] | 9 | +----------------+-------------------------------------------------------------+ |
| 10 | | Date | 02 Oct 2017 | |
| 11 | +----------------+-------------------------------------------------------------+ |
| 12 | | Versions | All, up to and including v1.4 | |
| 13 | | Affected | | |
| 14 | +----------------+-------------------------------------------------------------+ |
| 15 | | Configurations | All | |
| 16 | | Affected | | |
| 17 | +----------------+-------------------------------------------------------------+ |
| 18 | | Impact | Leakage of sensitive secure world timing information | |
| 19 | +----------------+-------------------------------------------------------------+ |
| 20 | | Fix Version | `Pull Request #1127`_ (merged on 18 October 2017) | |
| 21 | +----------------+-------------------------------------------------------------+ |
| 22 | | Credit | Arm | |
| 23 | +----------------+-------------------------------------------------------------+ |
| 24 | |
| 25 | The ``PMCR_EL0`` (Performance Monitors Control Register) provides details of the |
| 26 | Performance Monitors implementation, including the number of counters |
| 27 | implemented, and configures and controls the counters. If the ``PMCR_EL0.DP`` |
| 28 | bit is set to zero, the cycle counter (when enabled) counts during secure world |
| 29 | execution, even when prohibited by the debug signals. |
| 30 | |
| 31 | Since Arm TF does not save and restore ``PMCR_EL0`` when switching between the |
| 32 | normal and secure worlds, normal world code can set ``PMCR_EL0.DP`` to zero to |
| 33 | cause leakage of secure world timing information. This register should be added |
| 34 | to the list of saved/restored registers. |
| 35 | |
| 36 | Furthermore, ``PMCR_EL0.DP`` has an architecturally ``UNKNOWN`` reset value. |
| 37 | Since Arm TF does not initialize this register, it's possible that on at least |
| 38 | some implementations, ``PMCR_EL0.DP`` is set to zero by default. This and other |
| 39 | bits with an architecturally UNKNOWN reset value should be initialized to |
| 40 | sensible default values in the secure context. |
| 41 | |
| 42 | The same issue exists for the equivalent AArch32 register, ``PMCR``, except that |
| 43 | here ``PMCR_EL0.DP`` architecturally resets to zero. |
| 44 | |
| Paul Beesley | 75017f2 | 2019-03-05 17:10:07 +0000 | [diff] [blame] | 45 | .. _CVE-2017-15031: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15031 |
| Joel Hutton | 9e60563 | 2019-02-25 15:18:56 +0000 | [diff] [blame] | 46 | .. _Pull Request #1127: https://github.com/ARM-software/arm-trusted-firmware/pull/1127 |