From patchwork Thu Jan 25 21:45:57 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Nishanth Menon <nm@ti.com>
X-Patchwork-Id: 125976
Delivered-To: patch@linaro.org
Received: by 10.46.66.141 with SMTP id h13csp1412467ljf;
 Thu, 25 Jan 2018 13:47:48 -0800 (PST)
X-Google-Smtp-Source: AH8x225mqey19Z27SaOY8PPg2C1//dORaULziOLkO/L0CYzmHl6nWJZsi70cUj/NXQbO/qidkcYj
X-Received: by 10.80.152.19 with SMTP id g19mr31650449edb.33.1516916868195; 
 Thu, 25 Jan 2018 13:47:48 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1516916868; cv=none;
 d=google.com; s=arc-20160816;
 b=ftg1rmNosXKOppBVIMTfZsBUKL9Zal7WVfHjb7sXH1pAo5gRYlEXlYFxuIAdqsufxh
 55nYDci13yLusKnzFIj4rewXTItHxUaE98r5W8O7iDVd1gvsXj0xPkhTggMguR3IT5H8
 fBfXpWWACcZoiGeT98NjYZ3KBYmluRdx3ukQCj836p2xgLX/ytrpklxNiZEwZi/YlG6X
 FGjdsRSaW+CGd02iIXy3dvMhq33ehDmlNqEDl2hnQBfaLxJ77Oc5VnsvxbPlUCcyRxH5
 6iu/IQsUFVqVqqtajWissMMzpUswHIxmB+W1dXZLvGI1k4aEqL6EMHM7jV4PG/DgZJak
 1arQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:content-transfer-encoding:list-subscribe:list-help
 :list-post:list-archive:list-unsubscribe:list-id:precedence:subject
 :cc:mime-version:message-id:date:to:from:dkim-signature
 :arc-authentication-results;
 bh=6cZsBYsgMUHsH6h/reMe+le8mzlajGx8At33LmCLzWA=;
 b=qQoH1JMKYO2DNSbDIG/lv92pEXvOslIC2cFSYlWoQZ2I3VvXd9W03/dI3ekCpD/D8y
 nuRlMdlnnClsa5R7s43c+6VTCx+zO1xt51n3wRU7phm1T2UlQUSJozYwCbFa2bTghMBO
 SrPF5o6+rODxito1OZ10k1DLwRBtDNBNPG5UYfzNDwJFaCuaX94+hElxMmLhv4mnDQC2
 aMUMOMY1ewB986jl20c2WYB0zNiInlH/RwIc270O62LduXbZW47jAADP06T6Dd8cp3OX
 ovdtSB/4NaW1Cs5lKwiLUYkmUCHhVMbM6i8Kr/UsLng4cfQUYdwFbK3kUSY+gb8NHHlo
 upVA==
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=neutral (body hash did not verify) header.i=@ti.com
 header.s=ti-com-17Q1 header.b=KH5sitbI; 
 spf=pass (google.com: best guess record for domain of
 u-boot-bounces@lists.denx.de designates 81.169.180.215 as
 permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; 
 dmarc=fail (p=QUARANTINE sp=NONE dis=QUARANTINE) header.from=ti.com
Return-Path: <u-boot-bounces@lists.denx.de>
Received: from lists.denx.de (dione.denx.de. [81.169.180.215])
 by mx.google.com with ESMTP id 92si2319092ede.216.2018.01.25.13.47.47;
 Thu, 25 Jan 2018 13:47:48 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of
 u-boot-bounces@lists.denx.de designates 81.169.180.215 as
 permitted sender) client-ip=81.169.180.215; 
Authentication-Results: mx.google.com;
 dkim=neutral (body hash did not verify) header.i=@ti.com
 header.s=ti-com-17Q1 header.b=KH5sitbI; 
 spf=pass (google.com: best guess record for domain of
 u-boot-bounces@lists.denx.de designates 81.169.180.215 as
 permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; 
 dmarc=fail (p=QUARANTINE sp=NONE dis=QUARANTINE) header.from=ti.com
Received: by lists.denx.de (Postfix, from userid 105)
 id 9616EC22357; Thu, 25 Jan 2018 21:47:14 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de
X-Spam-Level: 
X-Spam-Status: No, score=0.0 required=5.0 tests=T_DKIM_INVALID
 autolearn=unavailable autolearn_force=no version=3.4.0
Received: from lists.denx.de (localhost [IPv6:::1])
 by lists.denx.de (Postfix) with ESMTP id E2764C22345;
 Thu, 25 Jan 2018 21:46:29 +0000 (UTC)
Received: by lists.denx.de (Postfix, from userid 105)
 id 32181C21D9F; Thu, 25 Jan 2018 21:46:27 +0000 (UTC)
Received: from lelnx193.ext.ti.com (lelnx193.ext.ti.com [198.47.27.77])
 by lists.denx.de (Postfix) with ESMTPS id 2E571C21F76
 for <u-boot@lists.denx.de>; Thu, 25 Jan 2018 21:46:26 +0000 (UTC)
Received: from dflxv15.itg.ti.com ([128.247.5.124])
 by lelnx193.ext.ti.com (8.15.1/8.15.1) with ESMTP id w0PLk0YA021225; 
 Thu, 25 Jan 2018 15:46:00 -0600
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ti.com;
 s=ti-com-17Q1; t=1516916760;
 bh=9yral33JyHa3vCbr1rYmcxI2wFN4zZJF4bcTlbIJmfk=;
 h=From:To:CC:Subject:Date;
 b=KH5sitbI8X+SJ0BHN+KBPlqzBkbWMQ1WiHuvfShogcswipF7q3ndQihAemJ/DeRqp
 wFExjUB8Ti47PaKbGSURCKM6A2s3cjG7toyuUWxeHsDn29Qh0avgKiB/N6YAFvEjGn
 uJjaMoZuJXVCk7kwumClK+sAOB+TdbfYrRbtMNIQ=
Received: from DLEE105.ent.ti.com (dlee105.ent.ti.com [157.170.170.35])
 by dflxv15.itg.ti.com (8.14.3/8.13.8) with ESMTP id w0PLk0gH022903;
 Thu, 25 Jan 2018 15:46:00 -0600
Received: from DLEE100.ent.ti.com (157.170.170.30) by DLEE105.ent.ti.com
 (157.170.170.35) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1261.35;
 Thu, 25 Jan 2018 15:45:59 -0600
Received: from dflp32.itg.ti.com (10.64.6.15) by DLEE100.ent.ti.com
 (157.170.170.30) with Microsoft SMTP Server (version=TLS1_0,
 cipher=TLS_RSA_WITH_AES_256_CBC_SHA) id 15.1.1261.35 via Frontend
 Transport; Thu, 25 Jan 2018 15:45:59 -0600
Received: from localhost (ileax41-snat.itg.ti.com [10.172.224.153])
 by dflp32.itg.ti.com (8.14.3/8.13.8) with ESMTP id w0PLjxn8032382;
 Thu, 25 Jan 2018 15:45:59 -0600
From: Nishanth Menon <nm@ti.com>
To: Tom Rini <trini@konsulko.com>
Date: Thu, 25 Jan 2018 15:45:57 -0600
Message-ID: <20180125214559.27570-1-nm@ti.com>
X-Mailer: git-send-email 2.15.1
MIME-Version: 1.0
X-EXCLAIMER-MD-CONFIG: e1e8a2fd-e40a-4ac6-ac9b-f7e9cc9ee180
Cc: Russell King <linux@arm.linux.org.uk>, u-boot@lists.denx.de,
 Ard Biesheuvel <ard.biesheuvel@linaro.org>,
 Marc Zyngier <marc.zyngier@arm.com>,
 Catalin Marinas <catalin.marinas@arm.com>, 
 Will Deacon <will.deacon@arm.com>, Tony Lindgren <tony@atomide.com>, 
 Andre Przywara <Andre.Przywara@arm.com>,
 Robin Murphy <robin.murphy@arm.com>
Subject: [U-Boot] [RFC PATCH 0/2] ARM: v7: Enable basic framework for
 supporting bits for CVE-2017-5715
X-BeenThere: u-boot@lists.denx.de
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: U-Boot discussion <u-boot.lists.denx.de>
List-Unsubscribe: <https://lists.denx.de/options/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>
List-Archive: <http://lists.denx.de/pipermail/u-boot/>
List-Post: <mailto:u-boot@lists.denx.de>
List-Help: <mailto:u-boot-request@lists.denx.de?subject=help>
List-Subscribe: <https://lists.denx.de/listinfo/u-boot>,
 <mailto:u-boot-request@lists.denx.de?subject=subscribe>
Errors-To: u-boot-bounces@lists.denx.de
Sender: "U-Boot" <u-boot-bounces@lists.denx.de>

Hi Folks,

This is a follow through on the discussion we have had in [1].
This itself is'nt a complete solution and is based on recommendation
This from Arm[2] for variant 2 CVE-2017-5715

The Linux kernel discussions are spread out in [3], ATF and OPTEE
status are available in [4].

This is just an RFC series (build tested at this point) to check if
the direction is fine and should follow the final solution once kernel
patches get to upstream, IMHO.

NOTE: As per ARM recommendations[2], and discussions in list[1] ARM
Cortex-A9/12/17 do not need additional steps in u-boot to enable the
OS level workarounds.

Nishanth Menon (2):
  ARM: Introduce ability to enable ACR::IBE on Cortex-A8 for
    CVE-2017-5715
  ARM: Introduce ability to enable invalidate of BTB on Cortex-A15 for
    CVE-2017-5715

 arch/arm/Kconfig           |  9 +++++++++
 arch/arm/cpu/armv7/start.S | 15 +++++++++++++--
 2 files changed, 22 insertions(+), 2 deletions(-)

[1] https://marc.info/?t=151639906500002&r=1&w=2
[2] https://developer.arm.com/support/security-update
[3] https://marc.info/?t=151543790400007&r=1&w=2 and the latest in https://marc.info/?l=linux-arm-kernel&m=151689379521082&w=2
[4] https://github.com/ARM-software/arm-trusted-firmware/wiki/ARM-Trusted-Firmware-Security-Advisory-TFV-6 https://www.op-tee.org/security-advisories/ https://www.linaro.org/blog/meltdown-spectre/