From 2372179484741aa81d5451b20748520677205c71 Mon Sep 17 00:00:00 2001 From: Arvind Ram Prakash Date: Fri, 6 Sep 2024 11:35:56 -0500 Subject: [PATCH] fix(security): enable WORKAROUND_CVE_2024_7881 build option This patch enables build option needed to include support for CVE_2024_7881 [1] migitation. [1]: https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-7881 Signed-off-by: Arvind Ram Prakash Change-Id: Id77f82a4dfaa4422729f7e3f2429f47cc90d9782 --- docs/design/cpu-specific-build-macros.rst | 6 +++++- lib/cpus/cpu-ops.mk | 4 +++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/docs/design/cpu-specific-build-macros.rst b/docs/design/cpu-specific-build-macros.rst index 369ec6ff5..17b295451 100644 --- a/docs/design/cpu-specific-build-macros.rst +++ b/docs/design/cpu-specific-build-macros.rst @@ -38,6 +38,10 @@ vulnerability workarounds should be applied at runtime. in EL3 FW. This build option should be set to 1 if the target platform contains at least 1 CPU that requires this mitigation. Defaults to 1. +- ``WORKAROUND_CVE_2024_7881``: Enables mitigation for `CVE-2024-7881`. + This build option should be set to 1 if the target platform contains at + least 1 CPU that requires this mitigation. Defaults to 1. + .. _arm_cpu_macros_errata_workarounds: CPU Errata Workarounds @@ -1055,7 +1059,7 @@ GIC Errata Workarounds -------------- -*Copyright (c) 2014-2024, Arm Limited and Contributors. All rights reserved.* +*Copyright (c) 2014-2025, Arm Limited and Contributors. All rights reserved.* .. _CVE-2017-5715: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715 .. _CVE-2018-3639: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3639 diff --git a/lib/cpus/cpu-ops.mk b/lib/cpus/cpu-ops.mk index d5324606b..19846890d 100644 --- a/lib/cpus/cpu-ops.mk +++ b/lib/cpus/cpu-ops.mk @@ -1,5 +1,5 @@ # -# Copyright (c) 2014-2024, Arm Limited and Contributors. All rights reserved. +# Copyright (c) 2014-2025, Arm Limited and Contributors. All rights reserved. # Copyright (c) 2020-2022, NVIDIA Corporation. All rights reserved. # # SPDX-License-Identifier: BSD-3-Clause @@ -32,6 +32,8 @@ CPU_FLAG_LIST += WORKAROUND_CVE_2018_3639 CPU_FLAG_LIST += DYNAMIC_WORKAROUND_CVE_2018_3639 WORKAROUND_CVE_2022_23960 ?=1 CPU_FLAG_LIST += WORKAROUND_CVE_2022_23960 +WORKAROUND_CVE_2024_7881 ?=1 +CPU_FLAG_LIST += WORKAROUND_CVE_2024_7881 # Flag to disable Hardware page aggregation(HPA). # This flag is enabled by default.