security-advisory-tfv-5.rst 3.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657
  1. Advisory TFV-5 (CVE-2017-15031)
  2. ===============================
  3. +----------------+-------------------------------------------------------------+
  4. | Title | Not initializing or saving/restoring ``PMCR_EL0`` can leak |
  5. | | secure world timing information |
  6. +================+=============================================================+
  7. | CVE ID | `CVE-2017-15031`_ |
  8. +----------------+-------------------------------------------------------------+
  9. | Date | 02 Oct 2017, updated on 04 Nov 2019 |
  10. +----------------+-------------------------------------------------------------+
  11. | Versions | All, up to and including v2.1 |
  12. | Affected | |
  13. +----------------+-------------------------------------------------------------+
  14. | Configurations | All |
  15. | Affected | |
  16. +----------------+-------------------------------------------------------------+
  17. | Impact | Leakage of sensitive secure world timing information |
  18. +----------------+-------------------------------------------------------------+
  19. | Fix Version | `Pull Request #1127`_ (merged on 18 October 2017) |
  20. | | |
  21. | | `Commit e290a8fcbc`_ (merged on 23 August 2019) |
  22. | | |
  23. | | `Commit c3e8b0be9b`_ (merged on 27 September 2019) |
  24. +----------------+-------------------------------------------------------------+
  25. | Credit | Arm, Marek Bykowski |
  26. +----------------+-------------------------------------------------------------+
  27. The ``PMCR_EL0`` (Performance Monitors Control Register) provides details of the
  28. Performance Monitors implementation, including the number of counters
  29. implemented, and configures and controls the counters. If the ``PMCR_EL0.DP``
  30. bit is set to zero, the cycle counter (when enabled) counts during secure world
  31. execution, even when prohibited by the debug signals.
  32. Since TF-A does not save and restore ``PMCR_EL0`` when switching between the
  33. normal and secure worlds, normal world code can set ``PMCR_EL0.DP`` to zero to
  34. cause leakage of secure world timing information. This register should be added
  35. to the list of saved/restored registers both when entering EL3 and also
  36. transitioning to S-EL1.
  37. Furthermore, ``PMCR_EL0.DP`` has an architecturally ``UNKNOWN`` reset value.
  38. Since Arm TF does not initialize this register, it's possible that on at least
  39. some implementations, ``PMCR_EL0.DP`` is set to zero by default. This and other
  40. bits with an architecturally UNKNOWN reset value should be initialized to
  41. sensible default values in the secure context.
  42. The same issue exists for the equivalent AArch32 register, ``PMCR``, except that
  43. here ``PMCR_EL0.DP`` architecturally resets to zero.
  44. NOTE: The original pull request referenced above only fixed the issue for S-EL1
  45. whereas the EL3 was fixed in the later commits.
  46. .. _CVE-2017-15031: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15031
  47. .. _Pull Request #1127: https://github.com/ARM-software/arm-trusted-firmware/pull/1127
  48. .. _Commit e290a8fcbc: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=e290a8fcbc
  49. .. _Commit c3e8b0be9b: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=c3e8b0be9b