Hi Folks,
This is a follow through on the discussion we have had in [1]. This itself is'nt a complete solution and is based on recommendation This from Arm[2] for variant 2 CVE-2017-5715
The Linux kernel discussions are spread out in [3], ATF and OPTEE status are available in [4].
This is just an RFC series (build tested at this point) to check if the direction is fine and should follow the final solution once kernel patches get to upstream, IMHO.
NOTE: As per ARM recommendations[2], and discussions in list[1] ARM Cortex-A9/12/17 do not need additional steps in u-boot to enable the OS level workarounds.
Nishanth Menon (2): ARM: Introduce ability to enable ACR::IBE on Cortex-A8 for CVE-2017-5715 ARM: Introduce ability to enable invalidate of BTB on Cortex-A15 for CVE-2017-5715
arch/arm/Kconfig | 9 +++++++++ arch/arm/cpu/armv7/start.S | 15 +++++++++++++-- 2 files changed, 22 insertions(+), 2 deletions(-)
[1] https://marc.info/?t=151639906500002&r=1&w=2 [2] https://developer.arm.com/support/security-update [3] https://marc.info/?t=151543790400007&r=1&w=2 and the latest in https://marc.info/?l=linux-arm-kernel&m=151689379521082&w=2 [4] https://github.com/ARM-software/arm-trusted-firmware/wiki/ARM-Trusted-Firmwa... https://www.op-tee.org/security-advisories/ https://www.linaro.org/blog/meltdown-spectre/