security-hardening.rst 1.93 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58
Security hardening
==================

This page contains guidance on what to check for additional security measures,
including build options that can be modified to improve security or catch issues
early in development.

Build options
-------------

Several build options can be used to check for security issues. Refer to the
`user guide`_ for detailed information on the specific build options.

- The ``BRANCH_PROTECTION`` build flag can be used to enable Pointer
  Authentication and Branch Target Identification.

- The ``ENABLE_STACK_PROTECTOR`` build flag can be used to identify buffer
  overflows.

- The ``W`` build flag can be used to enable a number of compiler warning
  options to detect potentially incorrect code.

  - W=0 (default value)

    The ``Wunused`` with ``Wno-unused-parameter``, ``Wdisabled-optimization``
    and ``Wvla`` flags are enabled.

    The ``Wunused-but-set-variable``, ``Wmaybe-uninitialized`` and
    ``Wpacked-bitfield-compat`` are GCC specific flags that are also enabled.

  - W=1

    Adds ``Wextra``, ``Wmissing-declarations``, ``Wmissing-format-attribute``,
    ``Wmissing-prototypes``, ``Wold-style-definition`` and
    ``Wunused-const-variable``.

  - W=2

    Adds ``Waggregate-return``, ``Wcast-align``, ``Wnested-externs``,
    ``Wshadow``, ``Wlogical-op``, ``Wmissing-field-initializers`` and
    ``Wsign-compare``.

  - W=3

    Adds ``Wbad-function-cast``, ``Wcast-qual``, ``Wconversion``, ``Wpacked``,
    ``Wpadded``, ``Wpointer-arith``, ``Wredundant-decls`` and
    ``Wswitch-default``.

  Refer to the GCC or Clang documentation for more information on the individual
  options: https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html and
  https://clang.llvm.org/docs/DiagnosticsReference.html.

  NB: The ``Werror`` flag is enabled by default in TF-A and can be disabled by
  setting the ``E`` build flag to 0.

*Copyright (c) 2019, Arm Limited. All rights reserved.*

.. _user guide: ../getting_started/user-guide.rst