Djam/arm-trusted-firmware
1
0
Fork 0
mirror of https://github.com/ARM-software/arm-trusted-firmware.git synced 2025-04-24 05:54:08 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

doc: Isolate security-related build options

Browse source 
Reference security specific build options from the user guide.

Change-Id: I0e1efbf47d914cf3c473104175c702ff1a80eb67
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
This commit is contained in:
Ambroise Vincent 2019-06-05 15:40:29 +01:00
parent dc593ddc07
commit 2e30237173
2 changed files with 59 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
docs/process/index.rst
View file

@ -12,3 +12,4 @@ Processes & Policies
coding-guidelines
contributing
faq
security-hardening

58
docs/process/security-hardening.rst Normal file
View file

@ -0,0 +1,58 @@
Security hardening
==================
This page contains guidance on what to check for additional security measures,
including build options that can be modified to improve security or catch issues
early in development.
Build options
-------------
Several build options can be used to check for security issues. Refer to the
`user guide`_ for detailed information on the specific build options.
- The ``BRANCH_PROTECTION`` build flag can be used to enable Pointer
Authentication and Branch Target Identification.
- The ``ENABLE_STACK_PROTECTOR`` build flag can be used to identify buffer
overflows.
- The ``W`` build flag can be used to enable a number of compiler warning
options to detect potentially incorrect code.
- W=0 (default value)
The ``Wunused`` with ``Wno-unused-parameter``, ``Wdisabled-optimization``
and ``Wvla`` flags are enabled.
The ``Wunused-but-set-variable``, ``Wmaybe-uninitialized`` and
``Wpacked-bitfield-compat`` are GCC specific flags that are also enabled.
- W=1
Adds ``Wextra``, ``Wmissing-declarations``, ``Wmissing-format-attribute``,
``Wmissing-prototypes``, ``Wold-style-definition`` and
``Wunused-const-variable``.
- W=2
Adds ``Waggregate-return``, ``Wcast-align``, ``Wnested-externs``,
``Wshadow``, ``Wlogical-op``, ``Wmissing-field-initializers`` and
``Wsign-compare``.
- W=3
Adds ``Wbad-function-cast``, ``Wcast-qual``, ``Wconversion``, ``Wpacked``,
``Wpadded``, ``Wpointer-arith``, ``Wredundant-decls`` and
``Wswitch-default``.
Refer to the GCC or Clang documentation for more information on the individual
options: https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html and
https://clang.llvm.org/docs/DiagnosticsReference.html.
NB: The ``Werror`` flag is enabled by default in TF-A and can be disabled by
setting the ``E`` build flag to 0.
*Copyright (c) 2019, Arm Limited. All rights reserved.*
.. _user guide: ../getting_started/user-guide.rst