test: add config that tests DYNAMIC_WORKAROUND_CVE_2018_3639
Cortex-A76 is affected by CVE_2018_3639 but the issue has been
fixed on newer revisions through inclusion of FEAT_SSBS.
We check if FEAT_SSBS is implemented and apply the mitigation
only if it's not implemented. This feature check has been true
since r3p0 and we don't test the case where mitigation
is required in CI.
This patch allows us to test the alternate case for
improving coverage.
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I53a5c81dc1e1ebd6eaca9f3bce5b81d9c6569b99
diff --git a/group/tf-l2-boot-tests-misc/fvp-dynamiq-aarch64-only,fvp-default:fvp-dtb.dyn-tftf-fip.tftf-cortexa76x4-smc_dynamic_wa_2-debug b/group/tf-l2-boot-tests-misc/fvp-dynamiq-aarch64-only,fvp-default:fvp-dtb.dyn-tftf-fip.tftf-cortexa76x4-smc_dynamic_wa_2-debug
new file mode 100644
index 0000000..1727d9c
--- /dev/null
+++ b/group/tf-l2-boot-tests-misc/fvp-dynamiq-aarch64-only,fvp-default:fvp-dtb.dyn-tftf-fip.tftf-cortexa76x4-smc_dynamic_wa_2-debug
@@ -0,0 +1,6 @@
+#
+# Copyright (c) 2019-2025 Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+
diff --git a/patch/workaround_smc/cve_2018_3639_dynamic_mitigation b/patch/workaround_smc/cve_2018_3639_dynamic_mitigation
new file mode 100644
index 0000000..1f4aaaa
--- /dev/null
+++ b/patch/workaround_smc/cve_2018_3639_dynamic_mitigation
@@ -0,0 +1,28 @@
+diff --git a/services/arm_arch_svc/arm_arch_svc_setup.c b/services/arm_arch_svc/arm_arch_svc_setup.c
+index 46333af2d5..4704d3942d 100644
+--- a/services/arm_arch_svc/arm_arch_svc_setup.c
++++ b/services/arm_arch_svc/arm_arch_svc_setup.c
+@@ -43,23 +43,6 @@ static int32_t smccc_arch_features(u_register_t arg1)
+ #if WORKAROUND_CVE_2018_3639
+ case SMCCC_ARCH_WORKAROUND_2: {
+ #if DYNAMIC_WORKAROUND_CVE_2018_3639
+- unsigned long long ssbs;
+-
+- /*
+- * Firmware doesn't have to carry out dynamic workaround if the
+- * PE implements architectural Speculation Store Bypass Safe
+- * (SSBS) feature.
+- */
+- ssbs = (read_id_aa64pfr1_el1() >> ID_AA64PFR1_EL1_SSBS_SHIFT) &
+- ID_AA64PFR1_EL1_SSBS_MASK;
+-
+- /*
+- * If architectural SSBS is available on this PE, no firmware
+- * mitigation via SMCCC_ARCH_WORKAROUND_2 is required.
+- */
+- if (ssbs != SSBS_NOT_IMPLEMENTED)
+- return 1;
+-
+ /*
+ * On a platform where at least one CPU requires
+ * dynamic mitigation but others are either unaffected
diff --git a/run_config/fvp-smc_dynamic_wa_2 b/run_config/fvp-smc_dynamic_wa_2
new file mode 100644
index 0000000..1c93039
--- /dev/null
+++ b/run_config/fvp-smc_dynamic_wa_2
@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+#
+# Copyright (c) 2025, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+
+pre_tf_build() {
+ # This patch removes the FEAT_SSBS feature check so that workaround
+ # is tested on CI.
+ apply_tf_patch "workaround_smc/cve_2018_3639_dynamic_mitigation"
+}