mirror of
https://github.com/ARM-software/arm-trusted-firmware.git
synced 2025-04-16 09:34:18 +00:00
11a96e0ea0
-Wpadded warns whenever the C compiler automatically includes any padding in a structure. Because TF-A has a large number of structures, this occurs fairly frequently and is incredibly verbose, and as such is unlikely to ever be fixed. The utility of this warning is also extremely limited - knowing that a structure includes padding does not point to the existence of an error, and is probably quite unlikely to indicate actually buggy behaviour. Therefore, it's probably best to keep this warning off at all times. Change-Id: I0797cb75f06b4fea0d2fdc16fd5ad978a31d76ec Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
56 lines
1.8 KiB
ReStructuredText
56 lines
1.8 KiB
ReStructuredText
Security hardening
|
|
==================
|
|
|
|
This page contains guidance on what to check for additional security measures,
|
|
including build options that can be modified to improve security or catch issues
|
|
early in development.
|
|
|
|
Build options
|
|
-------------
|
|
|
|
Several build options can be used to check for security issues. Refer to the
|
|
:ref:`Build Options` for detailed information on these.
|
|
|
|
- The ``BRANCH_PROTECTION`` build flag can be used to enable Pointer
|
|
Authentication and Branch Target Identification.
|
|
|
|
- The ``ENABLE_STACK_PROTECTOR`` build flag can be used to identify buffer
|
|
overflows.
|
|
|
|
- The ``W`` build flag can be used to enable a number of compiler warning
|
|
options to detect potentially incorrect code.
|
|
|
|
- W=0 (default value)
|
|
|
|
The ``Wunused`` with ``Wno-unused-parameter``, ``Wdisabled-optimization``
|
|
and ``Wvla`` flags are enabled.
|
|
|
|
The ``Wunused-but-set-variable``, ``Wmaybe-uninitialized`` and
|
|
``Wpacked-bitfield-compat`` are GCC specific flags that are also enabled.
|
|
|
|
- W=1
|
|
|
|
Adds ``Wextra``, ``Wmissing-format-attribute``, ``Wmissing-prototypes``,
|
|
``Wold-style-definition`` and ``Wunused-const-variable``.
|
|
|
|
- W=2
|
|
|
|
Adds ``Waggregate-return``, ``Wcast-align``, ``Wnested-externs``,
|
|
``Wshadow``, ``Wlogical-op``.
|
|
|
|
- W=3
|
|
|
|
Adds ``Wbad-function-cast``, ``Wcast-qual``, ``Wconversion``, ``Wpacked``,
|
|
``Wpointer-arith``, ``Wredundant-decls`` and
|
|
``Wswitch-default``.
|
|
|
|
Refer to the GCC or Clang documentation for more information on the individual
|
|
options: https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html and
|
|
https://clang.llvm.org/docs/DiagnosticsReference.html.
|
|
|
|
NB: The ``Werror`` flag is enabled by default in TF-A and can be disabled by
|
|
setting the ``E`` build flag to 0.
|
|
|
|
--------------
|
|
|
|
*Copyright (c) 2019, Arm Limited. All rights reserved.*
|