Hi,
See inline [OD]
Regards, Olivier.
________________________________________ From: Pali Rohár pali@kernel.org Sent: 09 July 2021 14:53 To: Olivier Deprez Cc: Varun Wadekar; Bipin Ravi; Konstantin Porotchkin; Marek Behún; tf-a@lists.trustedfirmware.org Subject: Re: [TF-A] Missing CPU workaround warning message
Hello!
On Friday 09 July 2021 12:43:33 Olivier Deprez wrote:
Hi Pali
See inline [OD]
Regards, Olivier.
From: Pali Rohár pali@kernel.org Sent: 09 July 2021 14:28 To: Varun Wadekar Cc: Olivier Deprez; Bipin Ravi; Konstantin Porotchkin; Marek Behún; tf-a@lists.trustedfirmware.org Subject: Re: [TF-A] Missing CPU workaround warning message
Hello!
It seems that ARM erratas 855873 and 1530924 affect all revisions of A53 CPU, which is in Marvell Armada 3720 platform.
So setting compile time macros
ERRATA_A53_855873 := 1 ERRATA_A53_1530924 := 1in plat/marvell/armada/a3k/common/a3700_common.mk should be enough?
[OD] In general it's a platform maintainer duty to analyse applicable errata from the software developer notice (SDEN) and judge. Yes it looks reasonable to enable those but make sure it doesn't affect other SW stacks (e.g. kernel) by enabling those in the firmware, for any platform which uses this chipset. You can poll through the ML when doing this change.
Konstantin (already in email loop) is platform maintainer.
And why this warning is printed only in debug builds? Does it mean that it affects only when TF-A is build in debug mode? Or warning reporting in currently TF-A is broken and it should be reported also in release build?
[OD] (see earlier answer in this thread, I'm re-formulating here) It's the way it is designed and expected. Errata affect both debug and release builds. It's not printed in release builds as this is considered sensitive information and a possible flaw/attack vector for a product in the field. A maintainer spots the missing errata during development cycle while building in debug mode. When a product is released it is hopefully delivered using release builds and hence the warning not reported for the above reason (even if the errata misses).
Ok, thanks for explanation, now I understood it. For me it looks quite strange that it is masked in this way as I have not seen other software to mask similar information but seems that you expect this development cycle... so I have just to accept it.
Anyway, it means that existing end users are not aware of this issue as they do not read this list...
[OD] see https://trustedfirmware-a.readthedocs.io/en/latest/design/firmware-design.ht...
"In a debug build of TF-A, on a CPU that comes out of reset, both BL1 and the runtime firmware (BL31 in AArch64, and BL32 in AArch32) will invoke errata status reporting function, if one exists, for that type of CPU."
On Wednesday 07 July 2021 21:59:25 Varun Wadekar wrote:
Hi Pali,
My understanding of the errata reporting mechanism is that some erratas are always checked during CPU boot. If the corresponding MACRO (ERRATA_A53_*) is disabled, then the ERRATA_MISSING code is reported.
I would be concerned if the CPU is affected by the errata. If the errata needs to be enabled, the fix would be to enable the ERRATA_A53_* from the platform makefile.
Hope this helps.
-Varun
-----Original Message----- From: TF-A tf-a-bounces@lists.trustedfirmware.org On Behalf Of Pali Rohár via TF-A Sent: Wednesday, July 7, 2021 9:11 PM To: Olivier Deprez Olivier.Deprez@arm.com; Bipin Ravi Bipin.Ravi@arm.com; tf-a@lists.trustedfirmware.org Cc: Konstantin Porotchkin kostap@marvell.com; Marek Behún marek.behun@nic.cz Subject: Re: [TF-A] Missing CPU workaround warning message
External email: Use caution opening links or attachments
Hello! Could somebody from TF-A helps with these two topics? I would really need to know if "missing errata warnings" debug message is some critical and needs to be fixed (and how?) or it is just a debug message and therefore should not be a warning...
On Monday 28 June 2021 17:11:18 Pali Rohár wrote:
On Monday 28 June 2021 14:03:06 Olivier Deprez wrote:
Hi,
Is the question strictly related to this platform not implementing the mentioned errata (for which a platform change can be emitted)?
Hello! The first question is if this is an issue that CPU workaround is missing. And if yes (which seems to be) how big issue it is? And how to resolve it?
Or is it more generally that those "missing errata warnings" are not printed in release mode? Assuming the latter, it looks to me it is the integrator mistake to not include the appropriate mitigations at development phase (hence while using debug mode for building TF-A). Then when the device is deployed (hence most often built for release mode), if this message is printed it is an indication for a malicious agent that such attack vector through mis-implemented errata is possible. So the consequence is possibly even worst than just "missing" to include the errata.
Other TF-Aers (Bipin?) may have other opinions?
And this is a second question. If missing CPU workaround is an issue, should not be it printed also in release build?
Also I see that in release builds are omitted not only messages about missing CPU workarounds, but basically _all_ warning messages. But notice messages are _not_ omitted. Which seems strange as in most cases notice message has lower priority than warning message.
Regards, Olivier.
From: TF-A tf-a-bounces@lists.trustedfirmware.org on behalf of Pali Rohár via TF-A tf-a@lists.trustedfirmware.org Sent: 28 June 2021 15:36 To: tf-a@lists.trustedfirmware.org Cc: Konstantin Porotchkin; Marek Behún Subject: [TF-A] Missing CPU workaround warning message
Hello! If TF-A for Marvell Armada 3720 platform is compiled in debug mode then at runtime it prints following warning messages:
WARNING: BL1: cortex_a53: CPU workaround for 855873 was missing! WARNING: BL1: cortex_a53: CPU workaround for 1530924 was missing!
These lines are not printed in non-debug mode. It is an issue?
TF-A mailing list TF-A@lists.trustedfirmware.org https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fli sts.trustedfirmware.org%2Fmailman%2Flistinfo%2Ftf-a&data=04%7C01 %7Cvwadekar%40nvidia.com%7Cb3605175f552468740e708d941836783%7C43083d 15727340c1b7db39efd9ccc17a%7C0%7C0%7C637612854914595696%7CUnknown%7C TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJX VCI6Mn0%3D%7C1000&sdata=%2FW6HuFPYQCD5ECIA%2FZZxhm5ti5HYILNlsWTz moJ7L8E%3D&reserved=0
-- TF-A mailing list TF-A@lists.trustedfirmware.org https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.trus...