subject:"\[edk2\] \[PATCH edk2\-non\-osi v3 7\/7\] Hisilicon\/D05\: Update binary of trusted\-firmware"

Re: [edk2] [PATCH edk2-non-osi v3 7/7] Hisilicon/D05: Update binary of trusted-firmware

2018-02-23 Thread Guo Heyi

On Fri, Feb 23, 2018 at 09:02:46AM +, Ard Biesheuvel wrote:
> On 23 February 2018 at 03:17, Guo Heyi  wrote:
> > Hi Jeremy,
> >
> > This TF binaries have not been patched the latest SMCCC workaround; it is 
> > based
> > on v1.4 release and was only
> > patched with "disable/enable MMU in PSCI SMC call", as the commit in 
> > upstream TF
> > code:
> > f62ad322695d16178db464dc062fe0af592c6780
> >
> > When we generated these binaries, SMCCC patches had not come out so they 
> > are not
> > contained in these binaries.
> >
> > Do you recommend using the latest smccc patches?
> >
> 
> Yes.
> 
> The Spectre v2 mitigations that landed in v4.16 and were backported to
> v4.15 and v4.14 LTS do not use the PSCI_VERSION call anymore to
> perform branch predictor invalidation. Instead, it checks for
> SMCCCv1.1, and uses the ARCH_WORKAROUND_1 SMC call if supported. If
> not, no BP maintenance is performed.

Thanks, we'll try to apply the smccc patch to TF.

Heyi
___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Re: [edk2] [PATCH edk2-non-osi v3 7/7] Hisilicon/D05: Update binary of trusted-firmware

2018-02-23 Thread Ard Biesheuvel

On 23 February 2018 at 03:17, Guo Heyi  wrote:
> Hi Jeremy,
>
> This TF binaries have not been patched the latest SMCCC workaround; it is 
> based
> on v1.4 release and was only
> patched with "disable/enable MMU in PSCI SMC call", as the commit in upstream 
> TF
> code:
> f62ad322695d16178db464dc062fe0af592c6780
>
> When we generated these binaries, SMCCC patches had not come out so they are 
> not
> contained in these binaries.
>
> Do you recommend using the latest smccc patches?
>

Yes.

The Spectre v2 mitigations that landed in v4.16 and were backported to
v4.15 and v4.14 LTS do not use the PSCI_VERSION call anymore to
perform branch predictor invalidation. Instead, it checks for
SMCCCv1.1, and uses the ARCH_WORKAROUND_1 SMC call if supported. If
not, no BP maintenance is performed.
___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Re: [edk2] [PATCH edk2-non-osi v3 7/7] Hisilicon/D05: Update binary of trusted-firmware

2018-02-22 Thread Guo Heyi

Hi Jeremy,

This TF binaries have not been patched the latest SMCCC workaround; it is based
on v1.4 release and was only
patched with "disable/enable MMU in PSCI SMC call", as the commit in upstream TF
code:
f62ad322695d16178db464dc062fe0af592c6780 

When we generated these binaries, SMCCC patches had not come out so they are not
contained in these binaries.

Do you recommend using the latest smccc patches?

Thanks and regards,

Heyi

On Thu, Feb 22, 2018 at 08:37:11PM -0600, Jeremy Linton wrote:
> Hi,
> 
> On 02/02/2018 05:57 AM, Heyi Guo wrote:
> >1 Workarounds for CVE-2017-5715 on Cortex A57/A72/A73 and A75 #1214.
> 
> I've been trying to verify spectre fixes, and I don't get a smccc version
> from this firmware (see this kernel branch
> https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git/log/?h=kpti)
> image.
> 
> This means that the spectre BP hardening isn't activating on the D05. So,
> unless i'm doing something wrong (quite possible) it appears that this image
> isn't utilizing the correct ATF patches.
> 
> Can someone please verify/check this image with a SMCCC enabled kernel?
> 
> Thanks,
> 
> 
> >2 Upgrade trusted firmware to 1.4
> >
> >Contributed-under: TianoCore Contribution Agreement 1.1
> >Signed-off-by: Ming Huang 
> >Signed-off-by: Heyi Guo 
> >Reviewed-by: Leif Lindholm 
> >Reviewed-by: Ard Biesheuvel 
> >---
> >  Platform/Hisilicon/D05/bl1.bin | Bin 14344 -> 12424 bytes
> >  Platform/Hisilicon/D05/fip.bin | Bin 41493 -> 37546 bytes
> >  2 files changed, 0 insertions(+), 0 deletions(-)
> >
> >diff --git a/Platform/Hisilicon/D05/bl1.bin b/Platform/Hisilicon/D05/bl1.bin
> >index 7341476..b95257c 100644
> >Binary files a/Platform/Hisilicon/D05/bl1.bin and 
> >b/Platform/Hisilicon/D05/bl1.bin differ
> >diff --git a/Platform/Hisilicon/D05/fip.bin b/Platform/Hisilicon/D05/fip.bin
> >index 496a9b8..5958293 100644
> >Binary files a/Platform/Hisilicon/D05/fip.bin and 
> >b/Platform/Hisilicon/D05/fip.bin differ
> >
> 
___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Re: [edk2] [PATCH edk2-non-osi v3 7/7] Hisilicon/D05: Update binary of trusted-firmware

2018-02-22 Thread Jeremy Linton


Hi,

On 02/02/2018 05:57 AM, Heyi Guo wrote:

1 Workarounds for CVE-2017-5715 on Cortex A57/A72/A73 and A75 #1214.


I've been trying to verify spectre fixes, and I don't get a smccc 
version from this firmware (see this kernel branch 
https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git/log/?h=kpti) 
image.


This means that the spectre BP hardening isn't activating on the D05. 
So, unless i'm doing something wrong (quite possible) it appears that 
this image isn't utilizing the correct ATF patches.


Can someone please verify/check this image with a SMCCC enabled kernel?

Thanks,



2 Upgrade trusted firmware to 1.4

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ming Huang 
Signed-off-by: Heyi Guo 
Reviewed-by: Leif Lindholm 
Reviewed-by: Ard Biesheuvel 
---
  Platform/Hisilicon/D05/bl1.bin | Bin 14344 -> 12424 bytes
  Platform/Hisilicon/D05/fip.bin | Bin 41493 -> 37546 bytes
  2 files changed, 0 insertions(+), 0 deletions(-)

diff --git a/Platform/Hisilicon/D05/bl1.bin b/Platform/Hisilicon/D05/bl1.bin
index 7341476..b95257c 100644
Binary files a/Platform/Hisilicon/D05/bl1.bin and 
b/Platform/Hisilicon/D05/bl1.bin differ
diff --git a/Platform/Hisilicon/D05/fip.bin b/Platform/Hisilicon/D05/fip.bin
index 496a9b8..5958293 100644
Binary files a/Platform/Hisilicon/D05/fip.bin and 
b/Platform/Hisilicon/D05/fip.bin differ



___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

[edk2] [PATCH edk2-non-osi v3 7/7] Hisilicon/D05: Update binary of trusted-firmware

2018-02-02 Thread Heyi Guo

1 Workarounds for CVE-2017-5715 on Cortex A57/A72/A73 and A75 #1214.
2 Upgrade trusted firmware to 1.4

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Ming Huang 
Signed-off-by: Heyi Guo 
Reviewed-by: Leif Lindholm 
Reviewed-by: Ard Biesheuvel 
---
 Platform/Hisilicon/D05/bl1.bin | Bin 14344 -> 12424 bytes
 Platform/Hisilicon/D05/fip.bin | Bin 41493 -> 37546 bytes
 2 files changed, 0 insertions(+), 0 deletions(-)

diff --git a/Platform/Hisilicon/D05/bl1.bin b/Platform/Hisilicon/D05/bl1.bin
index 7341476..b95257c 100644
Binary files a/Platform/Hisilicon/D05/bl1.bin and 
b/Platform/Hisilicon/D05/bl1.bin differ
diff --git a/Platform/Hisilicon/D05/fip.bin b/Platform/Hisilicon/D05/fip.bin
index 496a9b8..5958293 100644
Binary files a/Platform/Hisilicon/D05/fip.bin and 
b/Platform/Hisilicon/D05/fip.bin differ
-- 
1.9.1

___
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Re: [edk2] [PATCH edk2-non-osi v3 7/7] Hisilicon/D05: Update binary of trusted-firmware

Re: [edk2] [PATCH edk2-non-osi v3 7/7] Hisilicon/D05: Update binary of trusted-firmware

Re: [edk2] [PATCH edk2-non-osi v3 7/7] Hisilicon/D05: Update binary of trusted-firmware

Re: [edk2] [PATCH edk2-non-osi v3 7/7] Hisilicon/D05: Update binary of trusted-firmware

[edk2] [PATCH edk2-non-osi v3 7/7] Hisilicon/D05: Update binary of trusted-firmware

5 matches

Site Navigation

Mail list logo

Footer information