TFV-6: Arm Trusted Firmware exposure to speculative processor vulnerabilities using cache timing side-channels

[danh-arm]

Please note there is a new TF security advisory, describing the Arm Trusted Firmware exposure to the recently announced speculative processor vulnerabilities using cache timing side-channels:

https://github.com/ARM-software/arm-trusted-firmware/wiki/ARM-Trusted-Firmware-Security-Advisory-TFV-6

For more information about these vulnerabilities, please see the Google Project Zero blog and Arm Processor Security Update:

https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-with-side.html http://www.arm.com/security-update

[danh-arm]

Please note the advisory above has been updated. Changes in this version:

• Removed reference to the "IC ALLU" variant 2 workaround for Cortex-A57/A72, since there is a problematic A57 erratum (833069). When "Disabling MMU Translation with CPUACTLR_EL1 "Enable Invalidates of BTB" bit set can cause Invalidate by PA or VA to fail". This was the least preferred method anyway due to the performance impact.

• Clarified that the BPIALL instruction is not effective at invalidating the branch predictor on all Arm CPUs. In particular, I indicated the alternative workaround method for Cortex-A15.

• Added some performance numbers for the variant 2 workarounds.

• Mentioned that there will be a future specified SMC for branch predictor invalidation. Details will follow when we have them.

• Mentioned that there will be a future PR to show an example on SP_MIN of how to implement a Variant 2 workaround on AArch32 systems, although this will need separately implementing on each AArch32 Trusted OS.

[danh-arm]

Please note the above advisory has been updated again. Change in this version:

• Provided link to PR with Variant 2 workaround reference code in SP_MIN (https://github.com/ARM-software/arm-trusted-firmware/pull/1228).

[danh-arm]

Please note the above advisory has been updated again. Changes in this version:

• Provided link to PR1240 that implements the new CVE-2017-5715 mitigation specification

• Provided performance numbers using the SMCCC_ARCH_WORKAROUND_1 SMC. Also clarified these numbers include the time spent in the caller implementing the SMCCC from AArch64.

• Removed the sentence "Therefore we expect that [MMU enable/disable] workaround to be used where possible". Although implementing this workaround locally avoids a dependency on firmware, it may be more desirable from a standardization point of view to use the firmware interface anyway. This is a choice for the normal world privileged software.

[danh-arm]

Please note the above advisory has been updated again. Changes in this version:

• Updated the variant 2 mitigation instructions for Cortex-A8: "For Cortex-A8, also set ACTLR[6] to 1 during early processor initialization".

[danh-arm]

Please note the above advisory has been updated again. Changes in this version:

• Added Cortex-A76 vulnerability information (not affected variants 2 and 3).

• Add link to PR that optimises the SMCCC_ARCH_WORKAROUND_1 fast path for AArch32 callers.

• Updated link to firmware specification.