From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=2607:f8b0:400e:c01::242; helo=mail-pl0-x242.google.com; envelope-from=heyi.guo@linaro.org; receiver=edk2-devel@lists.01.org Received: from mail-pl0-x242.google.com (mail-pl0-x242.google.com [IPv6:2607:f8b0:400e:c01::242]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 83CAF20954CB8 for ; Thu, 22 Feb 2018 19:11:39 -0800 (PST) Received: by mail-pl0-x242.google.com with SMTP id v9-v6so2136444plp.12 for ; Thu, 22 Feb 2018 19:17:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:date:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to:user-agent; bh=2n/Z+gFw3QKm4lAqMBvU9KBku2cCmtOo2KG5VFdeXhs=; b=Ml+UMhOvzi868EZbn0c/x0ZzVttN9Mtt2xTi5Mch37xUVmE5kMMZ5oUvDMzzELTD5H P7iMHbLB0hYSIKi+m6IlG+3G9sJNDWRN1RE8juFOC6SaKEXODNiqKzYW8RTu9X76g0XB T8N/6CkmUl3JzMSVVAOhItmqTTfIGld9lrHTc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:date:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to:user-agent; bh=2n/Z+gFw3QKm4lAqMBvU9KBku2cCmtOo2KG5VFdeXhs=; b=j5NzIjYPQ/UnrohUqMATghH7/fUbpgKM5nkZ7XonWbbPWu1Qg/eBWEnNzcUBEgG54h zG14Y+/v6JehOwYjxWO274TrmNXThPb46fRBaZNeWJhZMSA9keu3MQTzxf/Ml+dl4W/H O11Y4dCWrDj2mT8Hn+kytWqHz6wvWEmFr/x7JW9aIxWuyb/QtQ3OBy8fn4w8eLnXJYSS td2l8xp40AFZ3VNClZZZo8cYcwqp/KI1l7ZNbuoyISaYBjJW4xtBm1bUE1TtbgEpi6IG UbEQN28mm2QkBtuXwni7habbYbdZMtgXGEDQ5QQqab0ja7/rBuNmz8kwYcBIecSNnsVi n29A== X-Gm-Message-State: APf1xPBkJq7VK4kvTh0UW8MADwb7oFnuCM1kc4DZA06ZbKQY+RqNo0AV jqlsRcvkxJowB90wO3EEAttVWA== X-Google-Smtp-Source: AH8x227cH1arfqNoxH3qOCviRpIyapsB+x3znc1bpXiHxINtcmpCfX4OVdAQvvJXgB+u3zXctjBoQw== X-Received: by 2002:a17:902:4643:: with SMTP id o61-v6mr272071pld.103.1519355861055; Thu, 22 Feb 2018 19:17:41 -0800 (PST) Received: from SZX1000114654 ([45.56.152.187]) by smtp.gmail.com with ESMTPSA id p9sm1769945pgs.35.2018.02.22.19.17.37 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 22 Feb 2018 19:17:40 -0800 (PST) From: Guo Heyi X-Google-Original-From: Guo Heyi Date: Fri, 23 Feb 2018 11:17:35 +0800 To: Jeremy Linton Cc: Heyi Guo , leif.lindholm@linaro.org, linaro-uefi@lists.linaro.org, edk2-devel@lists.01.org, graeme.gregory@linaro.org, huangming23@huawei.com, ard.biesheuvel@linaro.org, john.garry@huawei.com, zhangjinsong2@huawei.com, wanghuiqiang@huawei.com, guoheyi@huawei.com, waip23@126.com, mengfanrong@huawei.com, huangdaode@hisilicon.com Message-ID: <20180223031735.GE95440@SZX1000114654> References: <1517572648-11343-1-git-send-email-heyi.guo@linaro.org> <1517572648-11343-8-git-send-email-heyi.guo@linaro.org> MIME-Version: 1.0 In-Reply-To: User-Agent: Mutt/1.5.24 (2015-08-30) Subject: Re: [PATCH edk2-non-osi v3 7/7] Hisilicon/D05: Update binary of trusted-firmware X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Feb 2018 03:11:40 -0000 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Hi Jeremy, This TF binaries have not been patched the latest SMCCC workaround; it is based on v1.4 release and was only patched with "disable/enable MMU in PSCI SMC call", as the commit in upstream TF code: f62ad322695d16178db464dc062fe0af592c6780 When we generated these binaries, SMCCC patches had not come out so they are not contained in these binaries. Do you recommend using the latest smccc patches? Thanks and regards, Heyi On Thu, Feb 22, 2018 at 08:37:11PM -0600, Jeremy Linton wrote: > Hi, > > On 02/02/2018 05:57 AM, Heyi Guo wrote: > >1 Workarounds for CVE-2017-5715 on Cortex A57/A72/A73 and A75 #1214. > > I've been trying to verify spectre fixes, and I don't get a smccc version > from this firmware (see this kernel branch > https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git/log/?h=kpti) > image. > > This means that the spectre BP hardening isn't activating on the D05. So, > unless i'm doing something wrong (quite possible) it appears that this image > isn't utilizing the correct ATF patches. > > Can someone please verify/check this image with a SMCCC enabled kernel? > > Thanks, > > > >2 Upgrade trusted firmware to 1.4 > > > >Contributed-under: TianoCore Contribution Agreement 1.1 > >Signed-off-by: Ming Huang > >Signed-off-by: Heyi Guo > >Reviewed-by: Leif Lindholm > >Reviewed-by: Ard Biesheuvel > >--- > > Platform/Hisilicon/D05/bl1.bin | Bin 14344 -> 12424 bytes > > Platform/Hisilicon/D05/fip.bin | Bin 41493 -> 37546 bytes > > 2 files changed, 0 insertions(+), 0 deletions(-) > > > >diff --git a/Platform/Hisilicon/D05/bl1.bin b/Platform/Hisilicon/D05/bl1.bin > >index 7341476..b95257c 100644 > >Binary files a/Platform/Hisilicon/D05/bl1.bin and b/Platform/Hisilicon/D05/bl1.bin differ > >diff --git a/Platform/Hisilicon/D05/fip.bin b/Platform/Hisilicon/D05/fip.bin > >index 496a9b8..5958293 100644 > >Binary files a/Platform/Hisilicon/D05/fip.bin and b/Platform/Hisilicon/D05/fip.bin differ > > >