| Bipin Ravi | 4b31341 | 2022-02-25 19:12:10 -0600 | [diff] [blame] | 1 | Advisory TFV-9 (CVE-2022-23960) |
| 2 | ============================================================ |
| 3 | |
| 4 | +----------------+-------------------------------------------------------------+ |
| 5 | | Title | Trusted Firmware-A exposure to speculative processor | |
| 6 | | | vulnerabilities with branch prediction target reuse | |
| 7 | +================+=============================================================+ |
| 8 | | CVE ID | `CVE-2022-23960`_ | |
| 9 | +----------------+-------------------------------------------------------------+ |
| 10 | | Date | 08 Mar 2022 | |
| 11 | +----------------+-------------------------------------------------------------+ |
| 12 | | Versions | All, up to and including v2.6 | |
| 13 | | Affected | | |
| 14 | +----------------+-------------------------------------------------------------+ |
| 15 | | Configurations | All | |
| 16 | | Affected | | |
| 17 | +----------------+-------------------------------------------------------------+ |
| 18 | | Impact | Potential leakage of secure world data to normal world | |
| 19 | | | if an attacker is able to find a TF-A exfiltration primitive| |
| 20 | | | that can be predicted as a valid branch target, and somehow | |
| 21 | | | induce misprediction onto that primitive. There are | |
| 22 | | | currently no known exploits. | |
| 23 | +----------------+-------------------------------------------------------------+ |
| 24 | | Fix Version | `Gerrit topic #spectre_bhb`_ | |
| 25 | +----------------+-------------------------------------------------------------+ |
| 26 | | Credit | Systems and Network Security Group at Vrije Universiteit | |
| 27 | | | Amsterdam for CVE-2022-23960, Arm for patches | |
| 28 | +----------------+-------------------------------------------------------------+ |
| 29 | |
| 30 | This security advisory describes the current understanding of the Trusted |
| 31 | Firmware-A exposure to the new speculative processor vulnerability. |
| 32 | To understand the background and wider impact of these vulnerabilities on Arm |
| 33 | systems, please refer to the `Arm Processor Security Update`_. The whitepaper |
| 34 | referred to below describes the Spectre attack and mitigation in more detail |
| 35 | including implementation specific mitigation details for all impacted Arm CPUs. |
| 36 | |
| 37 | |
| 38 | `CVE-2022-23960`_ |
| 39 | ----------------- |
| 40 | |
| 41 | Where possible on vulnerable CPUs that implement FEAT_CSV2, Arm recommends |
| 42 | inserting a loop workaround with implementation specific number of iterations |
| 43 | that will discard the branch history on exception entry to a higher exception |
| 44 | level for the given CPU. This is done as early as possible on entry into EL3, |
| 45 | before any branch instruction is executed. This is sufficient to mitigate |
| 46 | Spectre-BHB on behalf of all secure world code, assuming that no secure world |
| 47 | code is under attacker control. |
| 48 | |
| 49 | The below table lists the CPUs that mitigate against this vulnerability in |
| 50 | TF-A using the loop workaround(all cores that implement FEAT_CSV2 except the |
| 51 | revisions of Cortex-A73 and Cortex-A75 that implements FEAT_CSV2). |
| 52 | |
| 53 | +----------------------+ |
| 54 | | Core | |
| 55 | +----------------------+ |
| 56 | | Cortex-A72(from r1p0)| |
| 57 | +----------------------+ |
| 58 | | Cortex-A76 | |
| 59 | +----------------------+ |
| Bipin Ravi | 071da43 | 2022-06-16 16:32:22 -0500 | [diff] [blame] | 60 | | Cortex-A76AE | |
| 61 | +----------------------+ |
| Bipin Ravi | 4b31341 | 2022-02-25 19:12:10 -0600 | [diff] [blame] | 62 | | Cortex-A77 | |
| 63 | +----------------------+ |
| 64 | | Cortex-A78 | |
| 65 | +----------------------+ |
| Bipin Ravi | 071da43 | 2022-06-16 16:32:22 -0500 | [diff] [blame] | 66 | | Cortex-A78AE | |
| 67 | +----------------------+ |
| 68 | | Cortex-A78C | |
| 69 | +----------------------+ |
| 70 | | Cortex-X1 | |
| 71 | +----------------------+ |
| Bipin Ravi | 4b31341 | 2022-02-25 19:12:10 -0600 | [diff] [blame] | 72 | | Cortex-X2 | |
| 73 | +----------------------+ |
| Boyan Karatotev | bdf953c | 2022-10-25 11:29:04 +0100 | [diff] [blame] | 74 | | Cortex-X3 | |
| 75 | +----------------------+ |
| Bipin Ravi | 4b31341 | 2022-02-25 19:12:10 -0600 | [diff] [blame] | 76 | | Cortex-A710 | |
| 77 | +----------------------+ |
| Bipin Ravi | 9365f8a | 2022-11-04 22:52:56 -0500 | [diff] [blame] | 78 | | Cortex-A715 | |
| Bipin Ravi | 071da43 | 2022-06-16 16:32:22 -0500 | [diff] [blame] | 79 | +----------------------+ |
| Bipin Ravi | 071da43 | 2022-06-16 16:32:22 -0500 | [diff] [blame] | 80 | | Cortex-Hunter | |
| 81 | +----------------------+ |
| Bipin Ravi | 4b31341 | 2022-02-25 19:12:10 -0600 | [diff] [blame] | 82 | | Neoverse-N1 | |
| 83 | +----------------------+ |
| 84 | | Neoverse-N2 | |
| 85 | +----------------------+ |
| 86 | | Neoverse-V1 | |
| 87 | +----------------------+ |
| Joel Goddard | a1c50ab | 2022-09-21 21:52:28 +0530 | [diff] [blame] | 88 | | Neoverse-V2 | |
| Bipin Ravi | 071da43 | 2022-06-16 16:32:22 -0500 | [diff] [blame] | 89 | +----------------------+ |
| 90 | | Neoverse-Poseidon | |
| 91 | +----------------------+ |
| Bipin Ravi | 4b31341 | 2022-02-25 19:12:10 -0600 | [diff] [blame] | 92 | |
| 93 | For all other cores impacted by Spectre-BHB, some of which that do not implement |
| 94 | FEAT_CSV2 and some that do e.g. Cortex-A73, the recommended mitigation is to |
| 95 | flush all branch predictions via an implementation specific route. |
| 96 | |
| 97 | In case local workaround is not feasible, the Rich OS can invoke the SMC |
| 98 | (``SMCCC_ARCH_WORKAROUND_3``) to apply the workaround. Refer to `SMCCC Calling |
| 99 | Convention specification`_ for more details. |
| 100 | |
| 101 | `Gerrit topic #spectre_bhb`_ This patchset implements the Spectre-BHB loop |
| Bipin Ravi | 9365f8a | 2022-11-04 22:52:56 -0500 | [diff] [blame] | 102 | workaround for CPUs mentioned in the above table. For CPUs supporting |
| 103 | speculative barrier instruction, the loop workaround is optimised by using SB |
| 104 | in place of the common DSB and ISB sequence. It also mitigates against |
| Bipin Ravi | 4b31341 | 2022-02-25 19:12:10 -0600 | [diff] [blame] | 105 | this vulnerability for Cortex-A72 CPU versions that support the CSV2 feature |
| 106 | (from r1p0). The patch stack also includes an implementation for a specified |
| 107 | `CVE-2022-23960`_ workaround SMC(``SMCCC_ARCH_WORKAROUND_3``) for use by normal |
| 108 | world privileged software. Details of ``SMCCC_ARCH_WORKAROUND_3`` can be found |
| 109 | in the `SMCCC Calling Convention specification`_. The specification and |
| 110 | implementation also enables the normal world to discover the presence of this |
| 111 | firmware service. This patch also implements ``SMCCC_ARCH_WORKAROUND_3`` for |
| 112 | Cortex-A57, Coxtex-A72, Cortex-A73 and Cortex-A75 using the existing workaround. |
| Bipin Ravi | 071da43 | 2022-06-16 16:32:22 -0500 | [diff] [blame] | 113 | for CVE-2017-5715. Cortex-A15 patch extends Spectre V2 mitigation to Spectre-BHB. |
| Bipin Ravi | 4b31341 | 2022-02-25 19:12:10 -0600 | [diff] [blame] | 114 | |
| 115 | The above workaround is enabled by default (on vulnerable CPUs only). Platforms |
| 116 | can choose to disable them at compile time if they do not require them. |
| 117 | |
| 118 | For more information about non-Arm CPUs, please contact the CPU vendor. |
| 119 | |
| 120 | .. _Arm Processor Security Update: http://www.arm.com/security-update |
| 121 | .. _CVE-2022-23960: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23960 |
| 122 | .. _Gerrit topic #spectre_bhb: https://review.trustedfirmware.org/q/topic:"spectre_bhb"+(status:open%20OR%20status:merged) |
| 123 | .. _CVE-2022-23960 mitigation specification: https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability |
| 124 | .. _SMCCC Calling Convention specification: https://developer.arm.com/documentation/den0028/latest |