add Cortex-A72 Spectre v4 (CVE-2018-3639) mitigation#115
add Cortex-A72 Spectre v4 (CVE-2018-3639) mitigation#115lilyanatia wants to merge 1 commit intoraspberrypi:masterfrom
Conversation
- The bootstub has been completely rewritten taking advantage of the Thumb-2 instruction set, which results in major space gains - Res0 bits of NSACR are no longer set (supersedes #85) - CNTVOFF is set to zero, now consistent with armstub8 (supersedes #113) - SMC instructions are now disabled, now consistent with armstub8 - ACTLR is now configured to allow Non-secure access to several CPU configuration registers (CPUACTLR/CPUECTLR/L2CTLR/L2ECTLR/L2ACTLR), which makes it possible to e.g. enable Spectre v4 mitigations directly in the kernel without needing a separate bootstub variant (potentially supersedes #115) Free space in each affected bootstub after this commit: armstub7.bin: 108 bytes armstub8-32.bin: 104 bytes armstub8-32-gic.bin: 44 bytes (!)
|
Is there any info available on how to enable this mitigation for the Raspberry Pi 4 & 5? A config.txt option would be nice if it's not enabled by default, which was suggested here it won't be. |
|
Build the stubs in this PR copy armstub8-gic-spectrev4.bin to boot directory of sdcard. Note: this will only affect Pi4. The Pi5 stub comes from arm's TFA which should already support this. |
So is the Raspberry Pi 5 using all mitigations after all? Some contributors seemed to believe that's not the case. I'm saddened to hear there might never be a config option to make this more accessible for interested users. Perhaps the prebuilt stubs could be offered somewhere with a short guide, at least? |
|
This is the stub file if you want to try it. |
|
I would love to help! However, I only have a Raspberry Pi 5 at the moment. I'm guessing this is for RPI4? |
Yes. |
mitigate Spectre v4: