diff --git a/docs/security_advisories/security-advisory-tfv-1.rst b/docs/security_advisories/security-advisory-tfv-1.rst index e3d1984b0..9d58d083c 100644 --- a/docs/security_advisories/security-advisory-tfv-1.rst +++ b/docs/security_advisories/security-advisory-tfv-1.rst @@ -1,3 +1,6 @@ +Advisory TFV-1 (CVE-2016-10319) +=============================== + +----------------+-------------------------------------------------------------+ | Title | Malformed Firmware Update SMC can result in copy of | | | unexpectedly large data into secure memory | diff --git a/docs/security_advisories/security-advisory-tfv-2.rst b/docs/security_advisories/security-advisory-tfv-2.rst index db4745854..0ed2a7fb7 100644 --- a/docs/security_advisories/security-advisory-tfv-2.rst +++ b/docs/security_advisories/security-advisory-tfv-2.rst @@ -1,3 +1,6 @@ +Advisory TFV-2 (CVE-2017-7564) +============================== + +----------------+-------------------------------------------------------------+ | Title | Enabled secure self-hosted invasive debug interface can | | | allow normal world to panic secure world | diff --git a/docs/security_advisories/security-advisory-tfv-3.rst b/docs/security_advisories/security-advisory-tfv-3.rst index 28e10bff2..f74ef1712 100644 --- a/docs/security_advisories/security-advisory-tfv-3.rst +++ b/docs/security_advisories/security-advisory-tfv-3.rst @@ -1,3 +1,6 @@ +Advisory TFV-3 (CVE-2017-7563) +============================== + +----------------+-------------------------------------------------------------+ | Title | RO memory is always executable at AArch64 Secure EL1 | +================+=============================================================+ diff --git a/docs/security_advisories/security-advisory-tfv-4.rst b/docs/security_advisories/security-advisory-tfv-4.rst index 386d0da07..66dd54258 100644 --- a/docs/security_advisories/security-advisory-tfv-4.rst +++ b/docs/security_advisories/security-advisory-tfv-4.rst @@ -1,3 +1,6 @@ +Advisory TFV-4 (CVE-2017-9607) +============================== + +----------------+-------------------------------------------------------------+ | Title | Malformed Firmware Update SMC can result in copy or | | | authentication of unexpected data in secure memory in | diff --git a/docs/security_advisories/security-advisory-tfv-5.rst b/docs/security_advisories/security-advisory-tfv-5.rst index 4479bf027..2214f2d50 100644 --- a/docs/security_advisories/security-advisory-tfv-5.rst +++ b/docs/security_advisories/security-advisory-tfv-5.rst @@ -1,3 +1,6 @@ +Advisory TFV-5 (CVE-2017-15031) +=============================== + +----------------+-------------------------------------------------------------+ | Title | Not initializing or saving/restoring ``PMCR_EL0`` can leak | | | secure world timing information | diff --git a/docs/security_advisories/security-advisory-tfv-6.rst b/docs/security_advisories/security-advisory-tfv-6.rst index 7b556d8e8..f968262c2 100644 --- a/docs/security_advisories/security-advisory-tfv-6.rst +++ b/docs/security_advisories/security-advisory-tfv-6.rst @@ -1,3 +1,6 @@ +Advisory TFV-6 (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754) +============================================================ + +----------------+-------------------------------------------------------------+ | Title | Arm Trusted Firmware exposure to speculative processor | | | vulnerabilities using cache timing side-channels | @@ -28,13 +31,13 @@ these vulnerabilities on Arm systems, please refer to the `Arm Processor Security Update`_. Variant 1 (`CVE-2017-5753`_) -~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +---------------------------- At the time of writing, no vulnerable patterns have been observed in upstream TF code, therefore no workarounds have been applied or are planned. Variant 2 (`CVE-2017-5715`_) -~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +---------------------------- Where possible on vulnerable CPUs, Arm recommends invalidating the branch predictor as early as possible on entry into the secure world, before any branch @@ -122,7 +125,7 @@ Cortex-A76, Cortex-A53, Cortex-A55, Cortex-A32, Cortex-A7 and Cortex-A5. For more information about non-Arm CPUs, please contact the CPU vendor. Variant 3 (`CVE-2017-5754`_) -~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +---------------------------- This variant is only exploitable between Exception Levels within the same translation regime, for example between EL0 and EL1, therefore this variant diff --git a/docs/security_advisories/security-advisory-tfv-7.rst b/docs/security_advisories/security-advisory-tfv-7.rst index 572268aae..8e06762c7 100644 --- a/docs/security_advisories/security-advisory-tfv-7.rst +++ b/docs/security_advisories/security-advisory-tfv-7.rst @@ -1,3 +1,6 @@ +Advisory TFV-7 (CVE-2018-3639) +============================== + +----------------+-------------------------------------------------------------+ | Title | Trusted Firmware-A exposure to cache speculation | | | vulnerability Variant 4 | @@ -46,7 +49,7 @@ for platforms that are unaffected or where the risk is deemed low enough. Arm CPUs not mentioned below are unaffected. Static mitigation -~~~~~~~~~~~~~~~~~ +----------------- For affected CPUs, this approach enables the mitigation during EL3 initialization, following every PE reset. No mechanism is provided to disable @@ -67,7 +70,7 @@ TF-A implements this approach for the following affected CPUs: (``S3_0_C15_C1_0``). Dynamic mitigation -~~~~~~~~~~~~~~~~~~ +------------------ For affected CPUs, this approach also enables the mitigation during EL3 initialization, following every PE reset. In addition, this approach implements diff --git a/docs/security_advisories/security-advisory-tfv-8.rst b/docs/security_advisories/security-advisory-tfv-8.rst index eacdc7bcd..5a5ef7cb1 100644 --- a/docs/security_advisories/security-advisory-tfv-8.rst +++ b/docs/security_advisories/security-advisory-tfv-8.rst @@ -1,3 +1,6 @@ +Advisory TFV-8 (CVE-2018-19440) +=============================== + +----------------+-------------------------------------------------------------+ | Title | Not saving x0 to x3 registers can leak information from one | | | Normal World SMC client to another |