6. Security hardening

This page contains guidance on what to check for additional security measures, including build options that can be modified to improve security or catch issues early in development.

6.1. Build options

Several build options can be used to check for security issues. Refer to the Build Options for detailed information on these.

  • The BRANCH_PROTECTION build flag can be used to enable Pointer Authentication and Branch Target Identification.

  • The ENABLE_STACK_PROTECTOR build flag can be used to identify buffer overflows.

  • The W build flag can be used to enable a number of compiler warning options to detect potentially incorrect code.

    • W=0 (default value)

      The Wunused with Wno-unused-parameter, Wdisabled-optimization and Wvla flags are enabled.

      The Wunused-but-set-variable, Wmaybe-uninitialized and Wpacked-bitfield-compat are GCC specific flags that are also enabled.

    • W=1

      Adds Wextra, Wmissing-format-attribute, Wmissing-prototypes, Wold-style-definition and Wunused-const-variable.

    • W=2

      Adds Waggregate-return, Wcast-align, Wnested-externs, Wshadow, Wlogical-op.

    • W=3

      Adds Wbad-function-cast, Wcast-qual, Wconversion, Wpacked, Wpointer-arith, Wredundant-decls and Wswitch-default.

    Refer to the GCC or Clang documentation for more information on the individual options: https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html and https://clang.llvm.org/docs/DiagnosticsReference.html.

    NB: The Werror flag is enabled by default in TF-A and can be disabled by setting the E build flag to 0.

Copyright (c) 2019, Arm Limited. All rights reserved.