Some near-term arm64 hardening patches
Some near-term arm64 hardening patches
Posted Nov 18, 2019 20:35 UTC (Mon) by MarkRutland (subscriber, #74197)Parent article: Some near-term arm64 hardening patches
The latest ARMv8-A manual describes E0PD in the section titled "Preventing EL0 access to halves of the address map", which summarises the feature:
If ARMv8.5-E0PD is implemented and enabled, the TCR_ELx.{E0PD0, E0PD1} fields can prevent unprivileged access to the addresses translated by TTBR0_ELx or TTBR1_ELx. If access is prevented, the fault is reported as a level 0 fault, and should take the same time to generate, whether the address is present in the TLB or not, to mitigate attacks that use fault timing.Setting TCR_ELx.E0PD0 should prevent userspace (EL0) accesses to the kernel half of the address space (which is mapped via TTBR1_ELx), speculative or otherwise. The constant-time faulting behaviour should prevent page table depth probing attacks that can be used against KASLR.
Posted Nov 18, 2019 23:58 UTC (Mon)
by nivedita76 (subscriber, #121790)
[Link] (1 responses)
Reading the commit message as it stands doesn't give any indication as to why E0PD would prevent Meltdown, as it only mentions constant-time faulting.
Posted Apr 6, 2020 17:50 UTC (Mon)
by mwsealey (subscriber, #71282)
[Link]
Some near-term arm64 hardening patches
Some near-term arm64 hardening patches