From patchwork Thu Jan 25 21:45:57 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nishanth Menon X-Patchwork-Id: 125976 Delivered-To: patch@linaro.org Received: by 10.46.66.141 with SMTP id h13csp1412467ljf; Thu, 25 Jan 2018 13:47:48 -0800 (PST) X-Google-Smtp-Source: AH8x225mqey19Z27SaOY8PPg2C1//dORaULziOLkO/L0CYzmHl6nWJZsi70cUj/NXQbO/qidkcYj X-Received: by 10.80.152.19 with SMTP id g19mr31650449edb.33.1516916868195; Thu, 25 Jan 2018 13:47:48 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1516916868; cv=none; d=google.com; s=arc-20160816; b=ftg1rmNosXKOppBVIMTfZsBUKL9Zal7WVfHjb7sXH1pAo5gRYlEXlYFxuIAdqsufxh 55nYDci13yLusKnzFIj4rewXTItHxUaE98r5W8O7iDVd1gvsXj0xPkhTggMguR3IT5H8 fBfXpWWACcZoiGeT98NjYZ3KBYmluRdx3ukQCj836p2xgLX/ytrpklxNiZEwZi/YlG6X FGjdsRSaW+CGd02iIXy3dvMhq33ehDmlNqEDl2hnQBfaLxJ77Oc5VnsvxbPlUCcyRxH5 6iu/IQsUFVqVqqtajWissMMzpUswHIxmB+W1dXZLvGI1k4aEqL6EMHM7jV4PG/DgZJak 1arQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :cc:mime-version:message-id:date:to:from:dkim-signature :arc-authentication-results; bh=6cZsBYsgMUHsH6h/reMe+le8mzlajGx8At33LmCLzWA=; b=qQoH1JMKYO2DNSbDIG/lv92pEXvOslIC2cFSYlWoQZ2I3VvXd9W03/dI3ekCpD/D8y nuRlMdlnnClsa5R7s43c+6VTCx+zO1xt51n3wRU7phm1T2UlQUSJozYwCbFa2bTghMBO SrPF5o6+rODxito1OZ10k1DLwRBtDNBNPG5UYfzNDwJFaCuaX94+hElxMmLhv4mnDQC2 aMUMOMY1ewB986jl20c2WYB0zNiInlH/RwIc270O62LduXbZW47jAADP06T6Dd8cp3OX ovdtSB/4NaW1Cs5lKwiLUYkmUCHhVMbM6i8Kr/UsLng4cfQUYdwFbK3kUSY+gb8NHHlo upVA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@ti.com header.s=ti-com-17Q1 header.b=KH5sitbI; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=QUARANTINE sp=NONE dis=QUARANTINE) header.from=ti.com Return-Path: Received: from lists.denx.de (dione.denx.de. [81.169.180.215]) by mx.google.com with ESMTP id 92si2319092ede.216.2018.01.25.13.47.47; Thu, 25 Jan 2018 13:47:48 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) client-ip=81.169.180.215; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@ti.com header.s=ti-com-17Q1 header.b=KH5sitbI; spf=pass (google.com: best guess record for domain of u-boot-bounces@lists.denx.de designates 81.169.180.215 as permitted sender) smtp.mailfrom=u-boot-bounces@lists.denx.de; dmarc=fail (p=QUARANTINE sp=NONE dis=QUARANTINE) header.from=ti.com Received: by lists.denx.de (Postfix, from userid 105) id 9616EC22357; Thu, 25 Jan 2018 21:47:14 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lists.denx.de X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=T_DKIM_INVALID autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.denx.de (localhost [IPv6:::1]) by lists.denx.de (Postfix) with ESMTP id E2764C22345; Thu, 25 Jan 2018 21:46:29 +0000 (UTC) Received: by lists.denx.de (Postfix, from userid 105) id 32181C21D9F; Thu, 25 Jan 2018 21:46:27 +0000 (UTC) Received: from lelnx193.ext.ti.com (lelnx193.ext.ti.com [198.47.27.77]) by lists.denx.de (Postfix) with ESMTPS id 2E571C21F76 for ; Thu, 25 Jan 2018 21:46:26 +0000 (UTC) Received: from dflxv15.itg.ti.com ([128.247.5.124]) by lelnx193.ext.ti.com (8.15.1/8.15.1) with ESMTP id w0PLk0YA021225; Thu, 25 Jan 2018 15:46:00 -0600 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ti.com; s=ti-com-17Q1; t=1516916760; bh=9yral33JyHa3vCbr1rYmcxI2wFN4zZJF4bcTlbIJmfk=; h=From:To:CC:Subject:Date; b=KH5sitbI8X+SJ0BHN+KBPlqzBkbWMQ1WiHuvfShogcswipF7q3ndQihAemJ/DeRqp wFExjUB8Ti47PaKbGSURCKM6A2s3cjG7toyuUWxeHsDn29Qh0avgKiB/N6YAFvEjGn uJjaMoZuJXVCk7kwumClK+sAOB+TdbfYrRbtMNIQ= Received: from DLEE105.ent.ti.com (dlee105.ent.ti.com [157.170.170.35]) by dflxv15.itg.ti.com (8.14.3/8.13.8) with ESMTP id w0PLk0gH022903; Thu, 25 Jan 2018 15:46:00 -0600 Received: from DLEE100.ent.ti.com (157.170.170.30) by DLEE105.ent.ti.com (157.170.170.35) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1261.35; Thu, 25 Jan 2018 15:45:59 -0600 Received: from dflp32.itg.ti.com (10.64.6.15) by DLEE100.ent.ti.com (157.170.170.30) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_RSA_WITH_AES_256_CBC_SHA) id 15.1.1261.35 via Frontend Transport; Thu, 25 Jan 2018 15:45:59 -0600 Received: from localhost (ileax41-snat.itg.ti.com [10.172.224.153]) by dflp32.itg.ti.com (8.14.3/8.13.8) with ESMTP id w0PLjxn8032382; Thu, 25 Jan 2018 15:45:59 -0600 From: Nishanth Menon To: Tom Rini Date: Thu, 25 Jan 2018 15:45:57 -0600 Message-ID: <20180125214559.27570-1-nm@ti.com> X-Mailer: git-send-email 2.15.1 MIME-Version: 1.0 X-EXCLAIMER-MD-CONFIG: e1e8a2fd-e40a-4ac6-ac9b-f7e9cc9ee180 Cc: Russell King , u-boot@lists.denx.de, Ard Biesheuvel , Marc Zyngier , Catalin Marinas , Will Deacon , Tony Lindgren , Andre Przywara , Robin Murphy Subject: [U-Boot] [RFC PATCH 0/2] ARM: v7: Enable basic framework for supporting bits for CVE-2017-5715 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.18 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" Hi Folks, This is a follow through on the discussion we have had in [1]. This itself is'nt a complete solution and is based on recommendation This from Arm[2] for variant 2 CVE-2017-5715 The Linux kernel discussions are spread out in [3], ATF and OPTEE status are available in [4]. This is just an RFC series (build tested at this point) to check if the direction is fine and should follow the final solution once kernel patches get to upstream, IMHO. NOTE: As per ARM recommendations[2], and discussions in list[1] ARM Cortex-A9/12/17 do not need additional steps in u-boot to enable the OS level workarounds. Nishanth Menon (2): ARM: Introduce ability to enable ACR::IBE on Cortex-A8 for CVE-2017-5715 ARM: Introduce ability to enable invalidate of BTB on Cortex-A15 for CVE-2017-5715 arch/arm/Kconfig | 9 +++++++++ arch/arm/cpu/armv7/start.S | 15 +++++++++++++-- 2 files changed, 22 insertions(+), 2 deletions(-) [1] https://marc.info/?t=151639906500002&r=1&w=2 [2] https://developer.arm.com/support/security-update [3] https://marc.info/?t=151543790400007&r=1&w=2 and the latest in https://marc.info/?l=linux-arm-kernel&m=151689379521082&w=2 [4] https://github.com/ARM-software/arm-trusted-firmware/wiki/ARM-Trusted-Firmware-Security-Advisory-TFV-6 https://www.op-tee.org/security-advisories/ https://www.linaro.org/blog/meltdown-spectre/