fix(cpus): workaround for CVE-2024-5660 for Cortex-X4 Implements mitigation for CVE-2024-5660 that affects Cortex-X4 revisions r0p0, r0p1, r0p2. The workaround is to disable the hardware page aggregation at EL3 by setting CPUECTLR_EL1[46] = 1'b1. Public Documentation: https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-5660 Change-Id: I378cb4978919cced03e7febc2ad431c572eac72d Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>

commit: e42abf298321043e09ac756adf8d1c9470a53bb0 [log] [tgz]
author: Sona Mathew <sonarebecca.mathew@arm.com> Mon May 20 13:48:19 2024 -0500
committer: Sona Mathew <sonarebecca.mathew@arm.com> Mon Dec 16 10:59:51 2024 -0600
tree: 1d8d9ec8b1729bf63189131dff2fee674a8ab6e8
parent: 698e68fe1fe935492588fd7ab9d6d7c3148a7c3b [diff] [blame]
diff --git a/lib/cpus/cpu-ops.mk b/lib/cpus/cpu-ops.mk
index 4c20785..e1e0f47 100644
--- a/lib/cpus/cpu-ops.mk
+++ b/lib/cpus/cpu-ops.mk

@@ -7,6 +7,11 @@
 
 include ${MAKE_HELPERS_DIRECTORY}$/build_macros.mk
 
+# Flag to disable Hardware page aggregation(HPA).
+# This flag is enabled by default.
+WORKAROUND_CVE_2024_5660		?=1
+CPU_FLAG_LIST += WORKAROUND_CVE_2024_5660
+
 # Cortex A57 specific optimisation to skip L1 cache flush when
 # cluster is powered down.
 CPU_FLAG_LIST += SKIP_A57_L1_FLUSH_PWR_DWN
commit	e42abf298321043e09ac756adf8d1c9470a53bb0	[log] [tgz]
author	Sona Mathew <sonarebecca.mathew@arm.com>	Mon May 20 13:48:19 2024 -0500
committer	Sona Mathew <sonarebecca.mathew@arm.com>	Mon Dec 16 10:59:51 2024 -0600
tree	1d8d9ec8b1729bf63189131dff2fee674a8ab6e8
parent	698e68fe1fe935492588fd7ab9d6d7c3148a7c3b [diff] [blame]