Commit 2e302371 authored by Ambroise Vincent's avatar Ambroise Vincent
Browse files

doc: Isolate security-related build options

Reference security specific build options from the user guide.

Change-Id: I0e1efbf47d914cf3c473104175c702ff1a80eb67
Signed-off-by: default avatarAmbroise Vincent <>
parent dc593ddc
......@@ -12,3 +12,4 @@ Processes & Policies
Security hardening
This page contains guidance on what to check for additional security measures,
including build options that can be modified to improve security or catch issues
early in development.
Build options
Several build options can be used to check for security issues. Refer to the
`user guide`_ for detailed information on the specific build options.
- The ``BRANCH_PROTECTION`` build flag can be used to enable Pointer
Authentication and Branch Target Identification.
- The ``ENABLE_STACK_PROTECTOR`` build flag can be used to identify buffer
- The ``W`` build flag can be used to enable a number of compiler warning
options to detect potentially incorrect code.
- W=0 (default value)
The ``Wunused`` with ``Wno-unused-parameter``, ``Wdisabled-optimization``
and ``Wvla`` flags are enabled.
The ``Wunused-but-set-variable``, ``Wmaybe-uninitialized`` and
``Wpacked-bitfield-compat`` are GCC specific flags that are also enabled.
- W=1
Adds ``Wextra``, ``Wmissing-declarations``, ``Wmissing-format-attribute``,
``Wmissing-prototypes``, ``Wold-style-definition`` and
- W=2
Adds ``Waggregate-return``, ``Wcast-align``, ``Wnested-externs``,
``Wshadow``, ``Wlogical-op``, ``Wmissing-field-initializers`` and
- W=3
Adds ``Wbad-function-cast``, ``Wcast-qual``, ``Wconversion``, ``Wpacked``,
``Wpadded``, ``Wpointer-arith``, ``Wredundant-decls`` and
Refer to the GCC or Clang documentation for more information on the individual
options: and
NB: The ``Werror`` flag is enabled by default in TF-A and can be disabled by
setting the ``E`` build flag to 0.
*Copyright (c) 2019, Arm Limited. All rights reserved.*
.. _user guide: ../getting_started/user-guide.rst
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment