Hi Varun,
The Arm security support pages provides official responses to questions related to security vulnerabilities. [https://developer.arm.com/support/arm-security-updates] Trustedfirmware.org provides Security Centre pages covering the security incident handling and vulnerability disclosure process for hosted projects. [https://developer.trustedfirmware.org/w/collaboration/security_center/]
You can find information regarding Nailgun on the following Arm security support FAQ page [https://developer.arm.com/support/arm-security-updates/speculative-processor...].
If you have further questions then please email arm-security@arm.commailto:arm-security@arm.com as mentioned in the Arm security support pages.
Joanna
From: TF-A tf-a-bounces@lists.trustedfirmware.org on behalf of Varun Wadekar via TF-A tf-a@lists.trustedfirmware.org Reply to: Varun Wadekar vwadekar@nvidia.com Date: Monday, 28 September 2020 at 21:53 To: "tf-a@lists.trustedfirmware.org" tf-a@lists.trustedfirmware.org Subject: [TF-A] Nailgun
Hi,
Recently, I learned about Nailgun [1] – leak information by snooping across privilege boundaries with the help of CoreSight. The proof of concept uses Raspberry Pi3 (uses Cortex A-53 CPUs) platform to demonstrate the exploit.
Has anyone reviewed this attack and does it affect other Arm v8 CPUs too? Do we have support in TF-A to disable CoreSight to mitigate against such attacks? Are there any other mitigations against this attack?
-Varun