]> git.dujemihanovic.xyz Git - u-boot.git/commit
ARM: Introduce ability to enable ACR::IBE on Cortex-A8 for CVE-2017-5715
authorNishanth Menon <nm@ti.com>
Tue, 12 Jun 2018 20:24:08 +0000 (15:24 -0500)
committerTom Rini <trini@konsulko.com>
Fri, 29 Jun 2018 15:30:39 +0000 (11:30 -0400)
commit7b37a9c732bfec392b8f081eefa83427f794f937
treed8a4028443d814a1fa0181ef30445a271a3d7e3d
parentfb77a9e3537039664ad42992bef6688869eda7c1
ARM: Introduce ability to enable ACR::IBE on Cortex-A8 for CVE-2017-5715

As recommended by Arm in [1], IBE[2] has to be enabled unconditionally
for BPIALL to be functional on Cortex-A8 processors. Provide a config
option for platforms to enable this option based on impact analysis
for products.

NOTE: This patch in itself is NOT the final solution, this requires:
a) Implementation of v7_arch_cp15_set_acr on SoCs which may not
   provide direct access to ACR register.
b) Operating Systems such as Linux to provide adequate workaround in the right
   locations.
c) This workaround applies to only the boot processor. It is important
   to apply workaround as necessary (context-save-restore) around low
   power context loss OR additional processors as necessary in either
   firmware support OR elsewhere in OS.

[1] https://developer.arm.com/support/security-update
[2] http://infocenter.arm.com/help/topic/com.arm.doc.ddi0344k/Bgbffjhh.html

Cc: Marc Zyngier <marc.zyngier@arm.com>
Cc: Russell King <linux@arm.linux.org.uk>
Cc: Tony Lindgren <tony@atomide.com>
Cc: Robin Murphy <robin.murphy@arm.com>
Cc: Florian Fainelli <f.fainelli@gmail.com>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Will Deacon <will.deacon@arm.com>
Cc: Christoffer Dall <christoffer.dall@linaro.org>
Cc: Andre Przywara <Andre.Przywara@arm.com>
Cc: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Cc: Tom Rini <trini@konsulko.com>
Cc: Michael Nazzareno Trimarchi <michael@amarulasolutions.com>
Signed-off-by: Nishanth Menon <nm@ti.com>
Tested-by: Fabio Estevam <fabio.estevam@nxp.com>
arch/arm/Kconfig
arch/arm/cpu/armv7/start.S