Hi Varun,
The Arm security support pages provides official responses to questions related to security vulnerabilities. [https://developer.arm.com/support/arm-security-updates]
Trustedfirmware.org provides Security Centre pages covering the
security incident handling and vulnerability disclosure process
for hosted projects. [https://developer.trustedfirmware.org/w/collaboration/security_center/]
You can find information regarding Nailgun on the following Arm security support FAQ page [https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/frequently-asked-questions].
If you have further questions then please email arm-security@arm.com as mentioned in the
Arm security support pages.
Joanna
From: TF-A <tf-a-bounces@lists.trustedfirmware.org> on behalf of Varun Wadekar via TF-A <tf-a@lists.trustedfirmware.org>
Reply to: Varun Wadekar <vwadekar@nvidia.com>
Date: Monday, 28 September 2020 at 21:53
To: "tf-a@lists.trustedfirmware.org" <tf-a@lists.trustedfirmware.org>
Subject: [TF-A] Nailgun
Hi,
Recently, I learned about Nailgun [1] – leak information by snooping across privilege boundaries with the help of CoreSight. The proof of concept uses Raspberry Pi3 (uses Cortex A-53 CPUs) platform to demonstrate the exploit.
Has anyone reviewed this attack and does it affect other Arm v8 CPUs too? Do we have support in TF-A to disable CoreSight to mitigate against such attacks? Are there any other mitigations against this attack?
-Varun