Hi,
Is the question strictly related to this platform not implementing the mentioned errata (for which a platform change can be emitted)? Or is it more generally that those "missing errata warnings" are not printed in release mode? Assuming the latter, it looks to me it is the integrator mistake to not include the appropriate mitigations at development phase (hence while using debug mode for building TF-A). Then when the device is deployed (hence most often built for release mode), if this message is printed it is an indication for a malicious agent that such attack vector through mis-implemented errata is possible. So the consequence is possibly even worst than just "missing" to include the errata.
Other TF-Aers (Bipin?) may have other opinions?
Regards, Olivier.
________________________________________ From: TF-A tf-a-bounces@lists.trustedfirmware.org on behalf of Pali Rohár via TF-A tf-a@lists.trustedfirmware.org Sent: 28 June 2021 15:36 To: tf-a@lists.trustedfirmware.org Cc: Konstantin Porotchkin; Marek Behún Subject: [TF-A] Missing CPU workaround warning message
Hello! If TF-A for Marvell Armada 3720 platform is compiled in debug mode then at runtime it prints following warning messages:
WARNING: BL1: cortex_a53: CPU workaround for 855873 was missing! WARNING: BL1: cortex_a53: CPU workaround for 1530924 was missing!
These lines are not printed in non-debug mode. It is an issue? -- TF-A mailing list TF-A@lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/tf-a
On Monday 28 June 2021 14:03:06 Olivier Deprez wrote:
Hi,
Is the question strictly related to this platform not implementing the mentioned errata (for which a platform change can be emitted)?
Hello! The first question is if this is an issue that CPU workaround is missing. And if yes (which seems to be) how big issue it is? And how to resolve it?
Or is it more generally that those "missing errata warnings" are not printed in release mode? Assuming the latter, it looks to me it is the integrator mistake to not include the appropriate mitigations at development phase (hence while using debug mode for building TF-A). Then when the device is deployed (hence most often built for release mode), if this message is printed it is an indication for a malicious agent that such attack vector through mis-implemented errata is possible. So the consequence is possibly even worst than just "missing" to include the errata.
Other TF-Aers (Bipin?) may have other opinions?
And this is a second question. If missing CPU workaround is an issue, should not be it printed also in release build?
Also I see that in release builds are omitted not only messages about missing CPU workarounds, but basically _all_ warning messages. But notice messages are _not_ omitted. Which seems strange as in most cases notice message has lower priority than warning message.
Regards, Olivier.
From: TF-A tf-a-bounces@lists.trustedfirmware.org on behalf of Pali Rohár via TF-A tf-a@lists.trustedfirmware.org Sent: 28 June 2021 15:36 To: tf-a@lists.trustedfirmware.org Cc: Konstantin Porotchkin; Marek Behún Subject: [TF-A] Missing CPU workaround warning message
Hello! If TF-A for Marvell Armada 3720 platform is compiled in debug mode then at runtime it prints following warning messages:
WARNING: BL1: cortex_a53: CPU workaround for 855873 was missing! WARNING: BL1: cortex_a53: CPU workaround for 1530924 was missing!
These lines are not printed in non-debug mode. It is an issue?
TF-A mailing list TF-A@lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/tf-a
Hello! Could somebody from TF-A helps with these two topics? I would really need to know if "missing errata warnings" debug message is some critical and needs to be fixed (and how?) or it is just a debug message and therefore should not be a warning...
On Monday 28 June 2021 17:11:18 Pali Rohár wrote:
On Monday 28 June 2021 14:03:06 Olivier Deprez wrote:
Hi,
Is the question strictly related to this platform not implementing the mentioned errata (for which a platform change can be emitted)?
Hello! The first question is if this is an issue that CPU workaround is missing. And if yes (which seems to be) how big issue it is? And how to resolve it?
Or is it more generally that those "missing errata warnings" are not printed in release mode? Assuming the latter, it looks to me it is the integrator mistake to not include the appropriate mitigations at development phase (hence while using debug mode for building TF-A). Then when the device is deployed (hence most often built for release mode), if this message is printed it is an indication for a malicious agent that such attack vector through mis-implemented errata is possible. So the consequence is possibly even worst than just "missing" to include the errata.
Other TF-Aers (Bipin?) may have other opinions?
And this is a second question. If missing CPU workaround is an issue, should not be it printed also in release build?
Also I see that in release builds are omitted not only messages about missing CPU workarounds, but basically _all_ warning messages. But notice messages are _not_ omitted. Which seems strange as in most cases notice message has lower priority than warning message.
Regards, Olivier.
From: TF-A tf-a-bounces@lists.trustedfirmware.org on behalf of Pali Rohár via TF-A tf-a@lists.trustedfirmware.org Sent: 28 June 2021 15:36 To: tf-a@lists.trustedfirmware.org Cc: Konstantin Porotchkin; Marek Behún Subject: [TF-A] Missing CPU workaround warning message
Hello! If TF-A for Marvell Armada 3720 platform is compiled in debug mode then at runtime it prints following warning messages:
WARNING: BL1: cortex_a53: CPU workaround for 855873 was missing! WARNING: BL1: cortex_a53: CPU workaround for 1530924 was missing!
These lines are not printed in non-debug mode. It is an issue?
TF-A mailing list TF-A@lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/tf-a
tf-a@lists.trustedfirmware.org
-
Olivier Deprez -
Pali Rohár