On Mon, May 17, 2021 at 10:55 AM Sudeep Holla <sudeep.holla@xxxxxxx> wrote: > > The CLKSCREW attack [0] exposed security vulnerabilities in energy management > implementations where untrusted software had direct access to clock and > voltage hardware controls. In this attack, the malicious software was able to > place the platform into unsafe overclocked or undervolted configurations. Such > configurations then enabled the injection of predictable faults to reveal > secrets. > > Many Arm-based systems used to or still use voltage regulator and clock > frameworks in the kernel. These frameworks allow callers to independently > manipulate frequency and voltage settings. Such implementations can render > systems susceptible to this form of attack. > > Attacks such as CLKSCREW are now being mitigated by not having direct and > independent control of clock and voltage in the kernel and moving that > control to a trusted entity, such as the SCP firmware or secure world > firmware/software which are to perform sanity checking on the requested > performance levels, thereby preventing any attempted malicious programming. > > With the advent of such an abstraction, there is a need to replace the > generic clock and regulator bindings used by such devices with a generic > performance domains bindings. > > [0] https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/tang > > Link: https://lore.kernel.org/r/20201116181356.804590-1-sudeep.holla@xxxxxxx > Cc: Rob Herring <robh+dt@xxxxxxxxxx> > Acked-by: Viresh Kumar <viresh.kumar@xxxxxxxxxx> > Signed-off-by: Sudeep Holla <sudeep.holla@xxxxxxx> Reviewed-by: Rob Herring <robh@xxxxxxxxxx>
