1*54fd6939SJiyong ParkSecure Development Guidelines 2*54fd6939SJiyong Park============================= 3*54fd6939SJiyong Park 4*54fd6939SJiyong ParkThis page contains guidance on what to check for additional security measures, 5*54fd6939SJiyong Parkincluding build options that can be modified to improve security or catch issues 6*54fd6939SJiyong Parkearly in development. 7*54fd6939SJiyong Park 8*54fd6939SJiyong ParkSecurity considerations 9*54fd6939SJiyong Park----------------------- 10*54fd6939SJiyong Park 11*54fd6939SJiyong ParkPart of the security of a platform is handling errors correctly, as described in 12*54fd6939SJiyong Parkthe previous section. There are several other security considerations covered in 13*54fd6939SJiyong Parkthis section. 14*54fd6939SJiyong Park 15*54fd6939SJiyong ParkDo not leak secrets to the normal world 16*54fd6939SJiyong Park^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 17*54fd6939SJiyong Park 18*54fd6939SJiyong ParkThe secure world **must not** leak secrets to the normal world, for example in 19*54fd6939SJiyong Parkresponse to an SMC. 20*54fd6939SJiyong Park 21*54fd6939SJiyong ParkHandling Denial of Service attacks 22*54fd6939SJiyong Park^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 23*54fd6939SJiyong Park 24*54fd6939SJiyong ParkThe secure world **should never** crash or become unusable due to receiving too 25*54fd6939SJiyong Parkmany normal world requests (a *Denial of Service* or *DoS* attack). It should 26*54fd6939SJiyong Parkhave a mechanism for throttling or ignoring normal world requests. 27*54fd6939SJiyong Park 28*54fd6939SJiyong ParkPreventing Secure-world timing information leakage via PMU counters 29*54fd6939SJiyong Park^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 30*54fd6939SJiyong Park 31*54fd6939SJiyong ParkThe Secure world needs to implement some defenses to prevent the Non-secure 32*54fd6939SJiyong Parkworld from making it leak timing information. In general, higher privilege 33*54fd6939SJiyong Parklevels must defend from those below when the PMU is treated as an attack 34*54fd6939SJiyong Parkvector. 35*54fd6939SJiyong Park 36*54fd6939SJiyong ParkRefer to the :ref:`Performance Monitoring Unit` guide for detailed information 37*54fd6939SJiyong Parkon the PMU registers. 38*54fd6939SJiyong Park 39*54fd6939SJiyong ParkTiming leakage attacks from the Non-secure world 40*54fd6939SJiyong Park~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 41*54fd6939SJiyong Park 42*54fd6939SJiyong ParkSince the Non-secure world has access to the ``PMCR`` register, it can 43*54fd6939SJiyong Parkconfigure the PMU to increment counters at any exception level and in both 44*54fd6939SJiyong ParkSecure and Non-secure state. Thus, it attempts to leak timing information from 45*54fd6939SJiyong Parkthe Secure world. 46*54fd6939SJiyong Park 47*54fd6939SJiyong ParkShown below is an example of such a configuration: 48*54fd6939SJiyong Park 49*54fd6939SJiyong Park- ``PMEVTYPER0_EL0`` and ``PMCCFILTR_EL0``: 50*54fd6939SJiyong Park 51*54fd6939SJiyong Park - Set ``P`` to ``0``. 52*54fd6939SJiyong Park - Set ``NSK`` to ``1``. 53*54fd6939SJiyong Park - Set ``M`` to ``0``. 54*54fd6939SJiyong Park - Set ``NSH`` to ``0``. 55*54fd6939SJiyong Park - Set ``SH`` to ``1``. 56*54fd6939SJiyong Park 57*54fd6939SJiyong Park- ``PMCNTENSET_EL0``: 58*54fd6939SJiyong Park 59*54fd6939SJiyong Park - Set ``P[0]`` to ``1``. 60*54fd6939SJiyong Park - Set ``C`` to ``1``. 61*54fd6939SJiyong Park 62*54fd6939SJiyong Park- ``PMCR_EL0``: 63*54fd6939SJiyong Park 64*54fd6939SJiyong Park - Set ``DP`` to ``0``. 65*54fd6939SJiyong Park - Set ``E`` to ``1``. 66*54fd6939SJiyong Park 67*54fd6939SJiyong ParkThis configuration instructs ``PMEVCNTR0_EL0`` and ``PMCCNTR_EL0`` to increment 68*54fd6939SJiyong Parkat Secure EL1, Secure EL2 (if implemented) and EL3. 69*54fd6939SJiyong Park 70*54fd6939SJiyong ParkSince the Non-secure world has fine-grained control over where (at which 71*54fd6939SJiyong Parkexception levels) it instructs counters to increment, obtaining event counts 72*54fd6939SJiyong Parkwould allow it to carry out side-channel timing attacks against the Secure 73*54fd6939SJiyong Parkworld. Examples include Spectre, Meltdown, as well as extracting secrets from 74*54fd6939SJiyong Parkcryptographic algorithms with data-dependent variations in their execution 75*54fd6939SJiyong Parktime. 76*54fd6939SJiyong Park 77*54fd6939SJiyong ParkSecure world mitigation strategies 78*54fd6939SJiyong Park~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 79*54fd6939SJiyong Park 80*54fd6939SJiyong ParkThe ``MDCR_EL3`` register allows EL3 to configure the PMU (among other things). 81*54fd6939SJiyong ParkThe `Arm ARM`_ details all of the bit fields in this register, but for the PMU 82*54fd6939SJiyong Parkthere are two bits which determine the permissions of the counters: 83*54fd6939SJiyong Park 84*54fd6939SJiyong Park- ``SPME`` for the programmable counters. 85*54fd6939SJiyong Park- ``SCCD`` for the cycle counter. 86*54fd6939SJiyong Park 87*54fd6939SJiyong ParkDepending on the implemented features, the Secure world can prohibit counting 88*54fd6939SJiyong Parkin AArch64 state via the following: 89*54fd6939SJiyong Park 90*54fd6939SJiyong Park- ARMv8.2-Debug not implemented: 91*54fd6939SJiyong Park 92*54fd6939SJiyong Park - Prohibit general event counters and the cycle counter: 93*54fd6939SJiyong Park ``MDCR_EL3.SPME == 0 && PMCR_EL0.DP == 1 && !ExternalSecureNoninvasiveDebugEnabled()``. 94*54fd6939SJiyong Park 95*54fd6939SJiyong Park - ``MDCR_EL3.SPME`` resets to ``0``, so by default general events should 96*54fd6939SJiyong Park not be counted in the Secure world. 97*54fd6939SJiyong Park - The ``PMCR_EL0.DP`` bit therefore needs to be set to ``1`` when EL3 is 98*54fd6939SJiyong Park entered and ``PMCR_EL0`` needs to be saved and restored in EL3. 99*54fd6939SJiyong Park - ``ExternalSecureNoninvasiveDebugEnabled()`` is an authentication 100*54fd6939SJiyong Park interface which is implementation-defined unless ARMv8.4-Debug is 101*54fd6939SJiyong Park implemented. The `Arm ARM`_ has detailed information on this topic. 102*54fd6939SJiyong Park 103*54fd6939SJiyong Park - The only other way is to disable the ``PMCR_EL0.E`` bit upon entering 104*54fd6939SJiyong Park EL3, which disables counting altogether. 105*54fd6939SJiyong Park 106*54fd6939SJiyong Park- ARMv8.2-Debug implemented: 107*54fd6939SJiyong Park 108*54fd6939SJiyong Park - Prohibit general event counters: ``MDCR_EL3.SPME == 0``. 109*54fd6939SJiyong Park - Prohibit cycle counter: ``MDCR_EL3.SPME == 0 && PMCR_EL0.DP == 1``. 110*54fd6939SJiyong Park ``PMCR_EL0`` therefore needs to be saved and restored in EL3. 111*54fd6939SJiyong Park 112*54fd6939SJiyong Park- ARMv8.5-PMU implemented: 113*54fd6939SJiyong Park 114*54fd6939SJiyong Park - Prohibit general event counters: as in ARMv8.2-Debug. 115*54fd6939SJiyong Park - Prohibit cycle counter: ``MDCR_EL3.SCCD == 1`` 116*54fd6939SJiyong Park 117*54fd6939SJiyong ParkIn Aarch32 execution state the ``MDCR_EL3`` alias is the ``SDCR`` register, 118*54fd6939SJiyong Parkwhich has some of the bit fields of ``MDCR_EL3``, most importantly the ``SPME`` 119*54fd6939SJiyong Parkand ``SCCD`` bits. 120*54fd6939SJiyong Park 121*54fd6939SJiyong ParkBuild options 122*54fd6939SJiyong Park------------- 123*54fd6939SJiyong Park 124*54fd6939SJiyong ParkSeveral build options can be used to check for security issues. Refer to the 125*54fd6939SJiyong Park:ref:`Build Options` for detailed information on these. 126*54fd6939SJiyong Park 127*54fd6939SJiyong Park- The ``BRANCH_PROTECTION`` build flag can be used to enable Pointer 128*54fd6939SJiyong Park Authentication and Branch Target Identification. 129*54fd6939SJiyong Park 130*54fd6939SJiyong Park- The ``ENABLE_STACK_PROTECTOR`` build flag can be used to identify buffer 131*54fd6939SJiyong Park overflows. 132*54fd6939SJiyong Park 133*54fd6939SJiyong Park- The ``W`` build flag can be used to enable a number of compiler warning 134*54fd6939SJiyong Park options to detect potentially incorrect code. 135*54fd6939SJiyong Park 136*54fd6939SJiyong Park - W=0 (default value) 137*54fd6939SJiyong Park 138*54fd6939SJiyong Park The ``Wunused`` with ``Wno-unused-parameter``, ``Wdisabled-optimization`` 139*54fd6939SJiyong Park and ``Wvla`` flags are enabled. 140*54fd6939SJiyong Park 141*54fd6939SJiyong Park The ``Wunused-but-set-variable``, ``Wmaybe-uninitialized`` and 142*54fd6939SJiyong Park ``Wpacked-bitfield-compat`` are GCC specific flags that are also enabled. 143*54fd6939SJiyong Park 144*54fd6939SJiyong Park - W=1 145*54fd6939SJiyong Park 146*54fd6939SJiyong Park Adds ``Wextra``, ``Wmissing-format-attribute``, ``Wmissing-prototypes``, 147*54fd6939SJiyong Park ``Wold-style-definition`` and ``Wunused-const-variable``. 148*54fd6939SJiyong Park 149*54fd6939SJiyong Park - W=2 150*54fd6939SJiyong Park 151*54fd6939SJiyong Park Adds ``Waggregate-return``, ``Wcast-align``, ``Wnested-externs``, 152*54fd6939SJiyong Park ``Wshadow``, ``Wlogical-op``. 153*54fd6939SJiyong Park 154*54fd6939SJiyong Park - W=3 155*54fd6939SJiyong Park 156*54fd6939SJiyong Park Adds ``Wbad-function-cast``, ``Wcast-qual``, ``Wconversion``, ``Wpacked``, 157*54fd6939SJiyong Park ``Wpointer-arith``, ``Wredundant-decls`` and 158*54fd6939SJiyong Park ``Wswitch-default``. 159*54fd6939SJiyong Park 160*54fd6939SJiyong Park Refer to the GCC or Clang documentation for more information on the individual 161*54fd6939SJiyong Park options: https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html and 162*54fd6939SJiyong Park https://clang.llvm.org/docs/DiagnosticsReference.html. 163*54fd6939SJiyong Park 164*54fd6939SJiyong Park NB: The ``Werror`` flag is enabled by default in TF-A and can be disabled by 165*54fd6939SJiyong Park setting the ``E`` build flag to 0. 166*54fd6939SJiyong Park 167*54fd6939SJiyong Park.. rubric:: References 168*54fd6939SJiyong Park 169*54fd6939SJiyong Park- `Arm ARM`_ 170*54fd6939SJiyong Park 171*54fd6939SJiyong Park-------------- 172*54fd6939SJiyong Park 173*54fd6939SJiyong Park*Copyright (c) 2019-2020, Arm Limited. All rights reserved.* 174*54fd6939SJiyong Park 175*54fd6939SJiyong Park.. _Arm ARM: https://developer.arm.com/docs/ddi0487/latest 176