-
Notifications
You must be signed in to change notification settings - Fork 2
ARM Trusted Firmware Security Advisory TFV 5
| Title | Not initializing or saving/restoring PMCR_EL0 can leak secure world timing information |
|---|---|
| CVE ID | TBC |
| Date | 02 Oct 2017 |
| Versions Affected | All, up to and including v1.4 |
| Configurations Affected | All |
| Impact | Leakage of sensitive secure world timing information |
| Fix Version | Pull Request 1127 (merged on 18 October 2017) |
| Credit | Arm |
The PMCR_EL0 (Performance Monitors Control Register) provides details of the
Performance Monitors implementation, including the number of counters
implemented, and configures and controls the counters. If the PMCR_EL0.DP bit
is set to zero, the cycle counter (when enabled) counts during secure world
execution, even when prohibited by the debug signals.
Since Arm TF does not save and restore PMCR_EL0 when switching between the
normal and secure worlds, normal world code can set PMCR_EL0.DP to zero to
cause leakage of secure world timing information. This register should be added
to the list of saved/restored registers.
Furthermore, PMCR_EL0.DP has an architecturally UNKNOWN reset value. Since
Arm TF does not initialize this register, it's possible that on at least some
implementations, PMCR_EL0.DP is set to zero by default. This and other bits
with an architecturally UNKNOWN reset value should be initialized to sensible
default values in the secure context.
The same issue exists for the equivalent AArch32 register, PMCR, except that
here PMCR_EL0.DP architecturally resets to zero.