Hi Varun,

 

The Arm security support pages provides official responses to questions related to security vulnerabilities. [https://developer.arm.com/support/arm-security-updates]

Trustedfirmware.org provides Security Centre pages covering the security incident handling and vulnerability disclosure process for hosted projects. [https://developer.trustedfirmware.org/w/collaboration/security_center/]

 

You can find information regarding Nailgun on the following Arm security support FAQ page [https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/frequently-asked-questions]. 

 

If you have further questions then please email arm-security@arm.com as mentioned in the Arm security support pages.

 

Joanna

 

 

From: TF-A <tf-a-bounces@lists.trustedfirmware.org> on behalf of Varun Wadekar via TF-A <tf-a@lists.trustedfirmware.org>
Reply to: Varun Wadekar <vwadekar@nvidia.com>
Date: Monday, 28 September 2020 at 21:53
To: "tf-a@lists.trustedfirmware.org" <tf-a@lists.trustedfirmware.org>
Subject: [TF-A] Nailgun

 

Hi,

 

Recently, I learned about Nailgun [1] – leak information by snooping across privilege boundaries with the help of CoreSight. The proof of concept uses Raspberry Pi3 (uses Cortex A-53 CPUs) platform to demonstrate the exploit.

 

Has anyone reviewed this attack and does it affect other Arm v8 CPUs too? Do we have support in TF-A to disable CoreSight to mitigate against such attacks? Are there any other mitigations against this attack?

 

-Varun

 

[1] https://github.com/ningzhenyu/nailgun