6. Security hardening

This page contains guidance on what to check for additional security measures, including build options that can be modified to improve security or catch issues early in development.

6.1. Build options

Several build options can be used to check for security issues. Refer to the User Guide for detailed information on the specific build options.

  • The BRANCH_PROTECTION build flag can be used to enable Pointer Authentication and Branch Target Identification.

  • The ENABLE_STACK_PROTECTOR build flag can be used to identify buffer overflows.

  • The W build flag can be used to enable a number of compiler warning options to detect potentially incorrect code.

    • W=0 (default value)

      The Wunused with Wno-unused-parameter, Wdisabled-optimization and Wvla flags are enabled.

      The Wunused-but-set-variable, Wmaybe-uninitialized and Wpacked-bitfield-compat are GCC specific flags that are also enabled.

    • W=1

      Adds Wextra, Wmissing-declarations, Wmissing-format-attribute, Wmissing-prototypes, Wold-style-definition and Wunused-const-variable.

    • W=2

      Adds Waggregate-return, Wcast-align, Wnested-externs, Wshadow, Wlogical-op, Wmissing-field-initializers and Wsign-compare.

    • W=3

      Adds Wbad-function-cast, Wcast-qual, Wconversion, Wpacked, Wpadded, Wpointer-arith, Wredundant-decls and Wswitch-default.

    Refer to the GCC or Clang documentation for more information on the individual options: https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html and https://clang.llvm.org/docs/DiagnosticsReference.html.

    NB: The Werror flag is enabled by default in TF-A and can be disabled by setting the E build flag to 0.

Copyright (c) 2019, Arm Limited. All rights reserved.