mirror of https://github.com/acidanthera/audk.git
8035edbe12
Supervisor Call instruction (SVC) is used by the Arm Standalone MM environment to request services from the privileged software (such as ARM Trusted Firmware running in EL3) and also return back to the non-secure caller via EL3. Some Arm CPUs speculatively executes the instructions after the SVC instruction without crossing the privilege level (S-EL0). Although the results of this execution are architecturally discarded, adversary running on the non-secure side can manipulate the contents of the general purpose registers to leak the secure work memory through spectre like micro-architectural side channel attacks. This behavior is demonstrated by the SafeSide project [1] and [2]. Add barrier instructions after SVC to prevent speculative execution to mitigate such attacks. [1]: https://github.com/google/safeside/blob/master/demos/eret_hvc_smc_wrapper.cc [2]: https://github.com/google/safeside/blob/master/kernel_modules/kmod_eret_hvc_smc/eret_hvc_smc_module.c Signed-off-by: Vijayenthiran Subramaniam <vijayenthiran.subramaniam@arm.com> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@arm.com> |
||
|---|---|---|
| .. | ||
| AArch64 | ||
| Arm | ||
| ArmSvcLib.inf | ||