lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <w725lby34vpavm3knq3ikz2wb4tzlfr4elbgf25mjbvgamtq5t@zgc52dc2wvsy>
Date: Tue, 10 Dec 2024 01:52:43 +0200
From: Dmitry Baryshkov <dmitry.baryshkov@...aro.org>
To: Julius Werner <jwerner@...omium.org>
Cc: Douglas Anderson <dianders@...omium.org>, 
	Catalin Marinas <catalin.marinas@....com>, Will Deacon <will@...nel.org>, 
	Mark Rutland <mark.rutland@....com>, Jeffrey Hugo <quic_jhugo@...cinc.com>, 
	Roxana Bradescu <roxabee@...gle.com>, bjorn.andersson@....qualcomm.com, 
	linux-arm-kernel@...ts.infradead.org, Trilok Soni <quic_tsoni@...cinc.com>, 
	linux-arm-msm@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/6] arm64: errata: Add QCOM_KRYO_2XX_GOLD to the
 spectre_bhb_firmware_mitigated_list

On Mon, Dec 09, 2024 at 03:34:59PM -0800, Julius Werner wrote:
> > > NOTE: presumably this patch won't actually do much on its own because
> > > (I believe) it requires a firmware update to go with it.
> >
> > Why? is_spectre_bhb_fw_affected() returns true if (cpu in list OR fw
> > mitigated)
> 
> That affects reporting, but the mitigation works by making an
> ARM_SMCCC_ARCH_WORKAROUND_3 Secure Monitor Call to firmware, and that
> only works if that call is implemented in firmware. Trusted-Firmware-A
> is currently the only open source firmware I'm aware of that
> implements this call, and it only supports Kryo 4 and 6 upstream (not
> 2 or 3).
> 
> So in order for this patch to actually be able to do anything other
> than report that the mitigation is missing, it would need to run on
> devices that either use a downstream fork of TF-A with added Kryo 2/3
> support (I doubt this exists because AFAIK Kryo 4 was Qualcomm's first
> attempt to use TF-A) or use some other proprietary kind of Secure
> Monitor firmware that has this SMC and mitigation implemented
> separately. (It seems unlikely that Qualcomm did this in their QTEE
> firmware, since if they had they would have probably also added the
> MIDRs here to Linux to activate it.)

Ack, thanks for the detailed explanation.

-- 
With best wishes
Dmitry

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ