[U-Boot] U-Boot, cache speculation side channel attacks and ARM

Michael Nazzareno Trimarchi michael at amarulasolutions.com
Sat Jan 20 12:13:13 UTC 2018 

Hi

On Sat, Jan 20, 2018 at 12:31 PM, Marc Zyngier <marc.zyngier at arm.com> wrote:
> On Sat, 20 Jan 2018 11:45:08 +0100
> Michael Nazzareno Trimarchi <michael at amarulasolutions.com> wrote:
>
>> Hi Marc
>>
>> On Sat, Jan 20, 2018 at 11:42 AM, Marc Zyngier <marc.zyngier at arm.com> wrote:
>> > On Fri, 19 Jan 2018 16:56:14 -0500
>> > Tom Rini <trini at konsulko.com> wrote:
>> >
>> >> Hey all,
>> >>
>> >> So, now that things have quieted down a little bit in this area, I've
>> >> been wondering about something.  Over on the U-Boot side of things, are
>> >> there changes we need to make in order to support the kernel side of the
>> >> various mitigations properly?  I know that for example currently
>> >> https://developer.arm.com/support/security-update talks about ATF
>> >> patches, in the context of AArch64 however.  But on the other hand for
>> >> variant 2, there's nothing listed on the Linux side for 32bit ARM, but
>> >> there is for non-Linux OSes.
>> >>
>> >> And, in the event I'm also missing something else entirely that we need
>> >> to do here, is there something that we need to be doing?  Or is it still
>> >> too early at this point in time to know?
>> >
>> > I've so far posted two revisions of a small patch series that deals
>> > with variant-2 on the affected 32bit Cortex-A cores. These patches are
>> > currently stashed on the branch[1] pointed at by the web page you
>> > mentioned.
>> >
>> > A prerequisite for Cortex-A8 and A15 is that ACTLR[0] (IBE) is set from
>> > secure mode. Cortex-A12/A17 do not need this.
>>
>> So IBE is not a pre-requisite for Cortex A9 family. Is this correct?
>
> Indeed. I'm not even sure A9 has that bit at all (ACTLR is
> implementation specific). BPIALL works on A9 without any other setting.
>
>> I have already back--ported those patches on kernel 3.4. Is those enough?
>
> Define enough. These patches allow these CPUs to cope with variant-2,
> and only variant-2. Variant-1 is still work in progress across all
> architectures, variant-3 (aka Meltdown) doesn't concern 32bit ARM
> implementations, and only A15 is susceptible to variant-3a.
>

Just talking on variant-2 . If I understand for the variant 1 people
are working on
compiler side. Problem is that sometime It's not possible to
re-compile userspace for the pre-build
userspace library provide by the vendor.

Michael

> Thanks,
>
>         M.
> --
> Without deviation from the norm, progress is not possible.



-- 
| Michael Nazzareno Trimarchi                     Amarula Solutions BV |
| COO  -  Founder                                      Cruquiuskade 47 |
| +31(0)851119172                                 Amsterdam 1018 AM NL |
|                  [`as] http://www.amarulasolutions.com               |

More information about the U-Boot mailing list