You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
62 lines
4.0 KiB
62 lines
4.0 KiB
Advisory TFV-2 (CVE-2017-7564)
|
|
==============================
|
|
|
|
+----------------+-------------------------------------------------------------+
|
|
| Title | Enabled secure self-hosted invasive debug interface can |
|
|
| | allow normal world to panic secure world |
|
|
+================+=============================================================+
|
|
| CVE ID | `CVE-2017-7564`_ |
|
|
+----------------+-------------------------------------------------------------+
|
|
| Date | 02 Feb 2017 |
|
|
+----------------+-------------------------------------------------------------+
|
|
| Versions | All versions up to v1.3 |
|
|
| Affected | |
|
|
+----------------+-------------------------------------------------------------+
|
|
| Configurations | All |
|
|
| Affected | |
|
|
+----------------+-------------------------------------------------------------+
|
|
| Impact | Denial of Service (secure world panic) |
|
|
+----------------+-------------------------------------------------------------+
|
|
| Fix Version | 15 Feb 2017 `Pull Request #841`_ |
|
|
+----------------+-------------------------------------------------------------+
|
|
| Credit | ARM |
|
|
+----------------+-------------------------------------------------------------+
|
|
|
|
The ``MDCR_EL3.SDD`` bit controls AArch64 secure self-hosted invasive debug
|
|
enablement. By default, the BL1 and BL31 images of the current version of ARM
|
|
Trusted Firmware (TF) unconditionally assign this bit to ``0`` in the early
|
|
entrypoint code, which enables debug exceptions from the secure world. This can
|
|
be seen in the implementation of the ``el3_arch_init_common`` `AArch64 macro`_ .
|
|
Given that TF does not currently contain support for this feature (for example,
|
|
by saving and restoring the appropriate debug registers), this may allow a
|
|
normal world attacker to induce a panic in the secure world.
|
|
|
|
The ``MDCR_EL3.SDD`` bit should be assigned to ``1`` to disable debug exceptions
|
|
from the secure world.
|
|
|
|
Earlier versions of TF (prior to `commit 495f3d3`_) did not assign this bit.
|
|
Since the bit has an architecturally ``UNKNOWN`` reset value, earlier versions
|
|
may or may not have the same problem, depending on the platform.
|
|
|
|
A similar issue applies to the ``MDCR_EL3.SPD32`` bits, which control AArch32
|
|
secure self-hosted invasive debug enablement. TF assigns these bits to ``00``
|
|
meaning that debug exceptions from Secure EL1 are enabled by the authentication
|
|
interface. Therefore this issue only exists for AArch32 Secure EL1 code when
|
|
secure privileged invasive debug is enabled by the authentication interface, at
|
|
which point the device is vulnerable to other, more serious attacks anyway.
|
|
|
|
However, given that TF contains no support for handling debug exceptions, the
|
|
``MDCR_EL3.SPD32`` bits should be assigned to ``10`` to disable debug exceptions
|
|
from AArch32 Secure EL1.
|
|
|
|
Finally, this also issue applies to AArch32 platforms that use the TF SP_MIN
|
|
image or integrate the `AArch32 equivalent`_ of the ``el3_arch_init_common``
|
|
macro. Here the affected bits are ``SDCR.SPD``, which should also be assigned to
|
|
``10`` instead of ``00``
|
|
|
|
.. _CVE-2017-7564: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7564
|
|
.. _commit 495f3d3: https://github.com/ARM-software/arm-trusted-firmware/commit/495f3d3
|
|
.. _AArch64 macro: https://github.com/ARM-software/arm-trusted-firmware/blob/bcc2bf0/include/common/aarch64/el3_common_macros.S#L85
|
|
.. _AArch32 equivalent: https://github.com/ARM-software/arm-trusted-firmware/blob/bcc2bf0/include/common/aarch32/el3_common_macros.S#L41
|
|
.. _Pull Request #841: https://github.com/ARM-software/arm-trusted-firmware/pull/841
|