In the affected Arm cores (Cortex-A57, Cortex-A72, Cortex-A73 and Cortex-A75) who all are Armv8 based there are configuration control registers available at EL3 that when enabled effectively mitigate a potential Spectre v4 attack. This means that the mitigation for this is not being implemented at S-EL1 where the TEE resides. For more information about the EL-3 mitigations, please see the link to the Trusted Firmware A Security Advisory TFV 7 in the "references" section below. In all officially supported Armv8-A OP-TEE setups we are using TF-A as the firmware and therefore we consider that the TF-A mitigations at EL-3 effectively stop Spectre v4 attacks in a system running OP-TEE and TF-A.
As mentioned in the whitepaper from Arm about these types of attacks, there are new barriers (SSBB and PSSBB) being introduced also. These could also be used as a mitigation directly at lower exception levels. But just as for Spectre v1, this involves manual inspection of code and placement of barriers until tooling has become better to figure this out on its own. This manual work is error prone and very time consuming and has to be done over and over again. We have been doing some manual inspection of the OP-TEE code and so far have not been able to identify and vulnerable areas. But just as for Spectre v1, we continuously discuss tooling etc with members of Linaro.
Patches
trusted-firmware-a.git
- PR#1392: Implement workaround for CVE-2018-3639 on Cortex A57/A72/A73 and A75
- PR#1397: Add support for Cortex-A76 and Cortex-Ares
Workarounds
N/A
References
Trusted Firmware A security advisory for TFV-7 (CVE-2018-3639) contains the necessary information to know about it.
All details about the attacks has been thoroughly described in the whitepapers that can found at the Meltdown and Spectre page. A blog post (Implications of Meltdown and Spectre : Part 1) is also available on the Linaro website.
OP-TEE ID
N/A (EL-3 in TF-A implements the mitigation)
Reported by
Google Project Zero
For more information
For more information regarding the security incident process in OP-TEE, please read the information that can be found when going to the "Security" page at https://www.trustedfirmware.org.
In the affected Arm cores (Cortex-A57, Cortex-A72, Cortex-A73 and Cortex-A75) who all are Armv8 based there are configuration control registers available at EL3 that when enabled effectively mitigate a potential Spectre v4 attack. This means that the mitigation for this is not being implemented at S-EL1 where the TEE resides. For more information about the EL-3 mitigations, please see the link to the Trusted Firmware A Security Advisory TFV 7 in the "references" section below. In all officially supported Armv8-A OP-TEE setups we are using TF-A as the firmware and therefore we consider that the TF-A mitigations at EL-3 effectively stop Spectre v4 attacks in a system running OP-TEE and TF-A.
As mentioned in the whitepaper from Arm about these types of attacks, there are new barriers (
SSBBandPSSBB) being introduced also. These could also be used as a mitigation directly at lower exception levels. But just as for Spectre v1, this involves manual inspection of code and placement of barriers until tooling has become better to figure this out on its own. This manual work is error prone and very time consuming and has to be done over and over again. We have been doing some manual inspection of the OP-TEE code and so far have not been able to identify and vulnerable areas. But just as for Spectre v1, we continuously discuss tooling etc with members of Linaro.Patches
trusted-firmware-a.git
Workarounds
N/A
References
Trusted Firmware A security advisory for TFV-7 (CVE-2018-3639) contains the necessary information to know about it.
All details about the attacks has been thoroughly described in the whitepapers that can found at the Meltdown and Spectre page. A blog post (Implications of Meltdown and Spectre : Part 1) is also available on the Linaro website.
OP-TEE ID
N/A (
EL-3in TF-A implements the mitigation)Reported by
Google Project Zero
For more information
For more information regarding the security incident process in OP-TEE, please read the information that can be found when going to the "Security" page at https://www.trustedfirmware.org.