fix(cpus): workaround for CVE-2024-5660 for Cortex-A77 Implements mitigation for CVE-2024-5660 that affects Cortex-A77 revisions r0p0, r1p0, r1p1. The workaround is to disable the hardware page aggregation at EL3 by setting CPUECTLR_EL1[46] = 1'b1. Public Documentation: https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660 Change-Id: Ic71b163883ea624e9f2f77deb8b30c69612938b9 Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com> (cherry picked from commit aed3e8b59a034ddcd073f2295cf0ae70a313ccf5)

commit: 0b2d22097c967b73b3b1044a6a9186d7899ae91c [log] [tgz]
author: Sona Mathew <sonarebecca.mathew@arm.com> Thu May 23 16:06:19 2024 -0500
committer: Yann Gautier <yann.gautier@st.com> Fri Feb 07 18:32:03 2025 +0100
tree: 816fbd75a655d75d47c91cd2ceef390c8bbfb3cb
parent: 193370e1c6a28382992d500b59f2bd05392ea897 [diff]
diff --git a/lib/cpus/aarch64/cortex_a77.S b/lib/cpus/aarch64/cortex_a77.S
index f53b646..766bdc0 100644
--- a/lib/cpus/aarch64/cortex_a77.S
+++ b/lib/cpus/aarch64/cortex_a77.S

@@ -26,6 +26,13 @@
 	wa_cve_2022_23960_bhb_vector_table CORTEX_A77_BHB_LOOP_COUNT, cortex_a77
 #endif /* WORKAROUND_CVE_2022_23960 */
 
+/* Disable hardware page aggregation. Enables mitigation for `CVE-2024-5660` */
+workaround_reset_start cortex_a77, CVE(2024, 5660), WORKAROUND_CVE_2024_5660
+	sysreg_bit_set CORTEX_A77_CPUECTLR_EL1, BIT(46)
+workaround_reset_end cortex_a77, CVE(2024, 5660)
+
+check_erratum_ls cortex_a77, CVE(2024, 5660), CPU_REV(1, 1)
+
 workaround_reset_start cortex_a77, ERRATUM(1508412), ERRATA_A77_1508412
 	/* move cpu revision in again and compare against r0p0 */
 	mov	x0, x7
commit	0b2d22097c967b73b3b1044a6a9186d7899ae91c	[log] [tgz]
author	Sona Mathew <sonarebecca.mathew@arm.com>	Thu May 23 16:06:19 2024 -0500
committer	Yann Gautier <yann.gautier@st.com>	Fri Feb 07 18:32:03 2025 +0100
tree	816fbd75a655d75d47c91cd2ceef390c8bbfb3cb
parent	193370e1c6a28382992d500b59f2bd05392ea897 [diff]