path: root/bl31/bl31.mk
diff options
authorDimitris Papastamos <dimitris.papastamos@arm.com>2017-11-30 14:53:53 +0000
committerDimitris Papastamos <dimitris.papastamos@arm.com>2018-01-11 10:26:15 +0000
commitf62ad322695d16178db464dc062fe0af592c6780 (patch)
treef814211090c6e75550c908a47a45fcad022a186f /bl31/bl31.mk
parent08e06be81946de2701429e72840bb76ee3f9a48e (diff)
Workaround for CVE-2017-5715 on Cortex A57 and A72
Invalidate the Branch Target Buffer (BTB) on entry to EL3 by disabling and enabling the MMU. To achieve this without performing any branch instruction, a per-cpu vbar is installed which executes the workaround and then branches off to the corresponding vector entry in the main vector table. A side effect of this change is that the main vbar is configured before any reset handling. This is to allow the per-cpu reset function to override the vbar setting. This workaround is enabled by default on the affected CPUs. Change-Id: I97788d38463a5840a410e3cea85ed297a1678265 Signed-off-by: Dimitris Papastamos <dimitris.papastamos@arm.com>
Diffstat (limited to 'bl31/bl31.mk')
1 files changed, 4 insertions, 0 deletions
diff --git a/bl31/bl31.mk b/bl31/bl31.mk
index fdcc93139a..0732e05215 100644
--- a/bl31/bl31.mk
+++ b/bl31/bl31.mk
@@ -58,6 +58,10 @@ ifeq (${ENABLE_SVE_FOR_NS},1)
BL31_SOURCES += lib/extensions/sve/sve.c
+ifeq (${WORKAROUND_CVE_2017_5715},1)
+BL31_SOURCES += lib/cpus/aarch64/workaround_cve_2017_5715_mmu.S
BL31_LINKERFILE := bl31/bl31.ld.S
# Flag used to indicate if Crash reporting via console should be included