fix(security): update Cortex-A15 CPU lib files for CVE-2022-23960

Cortex-A15 does not support FEAT_CSV2 so the existing workaround for
Spectre V2 is sufficient to mitigate against Spectre BHB attacks,
however the code needed to be updated to work with the new build flag.

Also, some code was refactored several years ago and not updated in
the Cortex-A15 library file so this patch fixes that as well.

Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I768c88a38c561c91019b038ac6c22b291955f18e
This commit is contained in:
John Powell 2022-04-14 19:10:17 -05:00
parent 942b039221
commit 187a61761e
2 changed files with 18 additions and 4 deletions

View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2016-2021, ARM Limited and Contributors. All rights reserved.
# Copyright (c) 2016-2022, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@ -35,6 +35,10 @@ endif
ifeq (${WORKAROUND_CVE_2017_5715},1)
BL32_SOURCES += bl32/sp_min/wa_cve_2017_5715_bpiall.S \
bl32/sp_min/wa_cve_2017_5715_icache_inv.S
else
ifeq (${WORKAROUND_CVE_2022_23960},1)
BL32_SOURCES += bl32/sp_min/wa_cve_2017_5715_icache_inv.S
endif
endif
ifeq (${TRNG_SUPPORT},1)

View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2016-2019, ARM Limited and Contributors. All rights reserved.
* Copyright (c) 2016-2022, Arm Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@ -100,6 +100,15 @@ func check_errata_cve_2017_5715
bx lr
endfunc check_errata_cve_2017_5715
func check_errata_cve_2022_23960
#if WORKAROUND_CVE_2022_23960
mov r0, #ERRATA_APPLIES
#else
mov r0, #ERRATA_MISSING
#endif
bx lr
endfunc check_errata_cve_2022_23960
#if REPORT_ERRATA
/*
* Errata printing function for Cortex A15. Must follow AAPCS.
@ -117,6 +126,7 @@ func cortex_a15_errata_report
report_errata ERRATA_A15_816470, cortex_a15, 816470
report_errata ERRATA_A15_827671, cortex_a15, 827671
report_errata WORKAROUND_CVE_2017_5715, cortex_a15, cve_2017_5715
report_errata WORKAROUND_CVE_2022_23960, cortex_a15, cve_2022_23960
pop {r12, lr}
bx lr
@ -131,11 +141,11 @@ func cortex_a15_reset_func
bl errata_a15_827671_wa
#endif
#if IMAGE_BL32 && WORKAROUND_CVE_2017_5715
#if IMAGE_BL32 && (WORKAROUND_CVE_2017_5715 || WORKAROUND_CVE_2022_23960)
ldcopr r0, ACTLR
orr r0, #CORTEX_A15_ACTLR_INV_BTB_BIT
stcopr r0, ACTLR
ldr r0, =workaround_icache_inv_runtime_exceptions
ldr r0, =wa_cve_2017_5715_icache_inv_vbar
stcopr r0, VBAR
stcopr r0, MVBAR
/* isb will be applied in the course of the reset func */