Commit f56734fe authored by John Tsichritzis's avatar John Tsichritzis Committed by TrustedFirmware Code Review
Browse files

Merge "doc: Isolate security-related build options" into integration

parents 9dc24cbd 2e302371
......@@ -12,3 +12,4 @@ Processes & Policies
Security hardening
This page contains guidance on what to check for additional security measures,
including build options that can be modified to improve security or catch issues
early in development.
Build options
Several build options can be used to check for security issues. Refer to the
`user guide`_ for detailed information on the specific build options.
- The ``BRANCH_PROTECTION`` build flag can be used to enable Pointer
Authentication and Branch Target Identification.
- The ``ENABLE_STACK_PROTECTOR`` build flag can be used to identify buffer
- The ``W`` build flag can be used to enable a number of compiler warning
options to detect potentially incorrect code.
- W=0 (default value)
The ``Wunused`` with ``Wno-unused-parameter``, ``Wdisabled-optimization``
and ``Wvla`` flags are enabled.
The ``Wunused-but-set-variable``, ``Wmaybe-uninitialized`` and
``Wpacked-bitfield-compat`` are GCC specific flags that are also enabled.
- W=1
Adds ``Wextra``, ``Wmissing-declarations``, ``Wmissing-format-attribute``,
``Wmissing-prototypes``, ``Wold-style-definition`` and
- W=2
Adds ``Waggregate-return``, ``Wcast-align``, ``Wnested-externs``,
``Wshadow``, ``Wlogical-op``, ``Wmissing-field-initializers`` and
- W=3
Adds ``Wbad-function-cast``, ``Wcast-qual``, ``Wconversion``, ``Wpacked``,
``Wpadded``, ``Wpointer-arith``, ``Wredundant-decls`` and
Refer to the GCC or Clang documentation for more information on the individual
options: and
NB: The ``Werror`` flag is enabled by default in TF-A and can be disabled by
setting the ``E`` build flag to 0.
*Copyright (c) 2019, Arm Limited. All rights reserved.*
.. _user guide: ../getting_started/user-guide.rst
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment