1*2e302371SAmbroise VincentSecurity hardening 2*2e302371SAmbroise Vincent================== 3*2e302371SAmbroise Vincent 4*2e302371SAmbroise VincentThis page contains guidance on what to check for additional security measures, 5*2e302371SAmbroise Vincentincluding build options that can be modified to improve security or catch issues 6*2e302371SAmbroise Vincentearly in development. 7*2e302371SAmbroise Vincent 8*2e302371SAmbroise VincentBuild options 9*2e302371SAmbroise Vincent------------- 10*2e302371SAmbroise Vincent 11*2e302371SAmbroise VincentSeveral build options can be used to check for security issues. Refer to the 12*2e302371SAmbroise Vincent`user guide`_ for detailed information on the specific build options. 13*2e302371SAmbroise Vincent 14*2e302371SAmbroise Vincent- The ``BRANCH_PROTECTION`` build flag can be used to enable Pointer 15*2e302371SAmbroise Vincent Authentication and Branch Target Identification. 16*2e302371SAmbroise Vincent 17*2e302371SAmbroise Vincent- The ``ENABLE_STACK_PROTECTOR`` build flag can be used to identify buffer 18*2e302371SAmbroise Vincent overflows. 19*2e302371SAmbroise Vincent 20*2e302371SAmbroise Vincent- The ``W`` build flag can be used to enable a number of compiler warning 21*2e302371SAmbroise Vincent options to detect potentially incorrect code. 22*2e302371SAmbroise Vincent 23*2e302371SAmbroise Vincent - W=0 (default value) 24*2e302371SAmbroise Vincent 25*2e302371SAmbroise Vincent The ``Wunused`` with ``Wno-unused-parameter``, ``Wdisabled-optimization`` 26*2e302371SAmbroise Vincent and ``Wvla`` flags are enabled. 27*2e302371SAmbroise Vincent 28*2e302371SAmbroise Vincent The ``Wunused-but-set-variable``, ``Wmaybe-uninitialized`` and 29*2e302371SAmbroise Vincent ``Wpacked-bitfield-compat`` are GCC specific flags that are also enabled. 30*2e302371SAmbroise Vincent 31*2e302371SAmbroise Vincent - W=1 32*2e302371SAmbroise Vincent 33*2e302371SAmbroise Vincent Adds ``Wextra``, ``Wmissing-declarations``, ``Wmissing-format-attribute``, 34*2e302371SAmbroise Vincent ``Wmissing-prototypes``, ``Wold-style-definition`` and 35*2e302371SAmbroise Vincent ``Wunused-const-variable``. 36*2e302371SAmbroise Vincent 37*2e302371SAmbroise Vincent - W=2 38*2e302371SAmbroise Vincent 39*2e302371SAmbroise Vincent Adds ``Waggregate-return``, ``Wcast-align``, ``Wnested-externs``, 40*2e302371SAmbroise Vincent ``Wshadow``, ``Wlogical-op``, ``Wmissing-field-initializers`` and 41*2e302371SAmbroise Vincent ``Wsign-compare``. 42*2e302371SAmbroise Vincent 43*2e302371SAmbroise Vincent - W=3 44*2e302371SAmbroise Vincent 45*2e302371SAmbroise Vincent Adds ``Wbad-function-cast``, ``Wcast-qual``, ``Wconversion``, ``Wpacked``, 46*2e302371SAmbroise Vincent ``Wpadded``, ``Wpointer-arith``, ``Wredundant-decls`` and 47*2e302371SAmbroise Vincent ``Wswitch-default``. 48*2e302371SAmbroise Vincent 49*2e302371SAmbroise Vincent Refer to the GCC or Clang documentation for more information on the individual 50*2e302371SAmbroise Vincent options: https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html and 51*2e302371SAmbroise Vincent https://clang.llvm.org/docs/DiagnosticsReference.html. 52*2e302371SAmbroise Vincent 53*2e302371SAmbroise Vincent NB: The ``Werror`` flag is enabled by default in TF-A and can be disabled by 54*2e302371SAmbroise Vincent setting the ``E`` build flag to 0. 55*2e302371SAmbroise Vincent 56*2e302371SAmbroise Vincent*Copyright (c) 2019, Arm Limited. All rights reserved.* 57*2e302371SAmbroise Vincent 58*2e302371SAmbroise Vincent.. _user guide: ../getting_started/user-guide.rst 59