xref: /rk3399_ARM-atf/docs/process/security-hardening.rst (revision f893160690725fe79c8eb63fd90a945cc0374d90) 
1Secure Development Guidelines
2=============================
3
4This page contains guidance on what to check for additional security measures,
5including build options that can be modified to improve security or catch issues
6early in development.
7
8Security considerations
9-----------------------
10
11Part of the security of a platform is handling errors correctly, as described in
12the previous section. There are several other security considerations covered in
13this section.
14
15Do not leak secrets to the normal world
16^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
17
18The secure world **must not** leak secrets to the normal world, for example in
19response to an SMC.
20
21Handling Denial of Service attacks
22^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
23
24The secure world **should never** crash or become unusable due to receiving too
25many normal world requests (a *Denial of Service* or *DoS* attack). It should
26have a mechanism for throttling or ignoring normal world requests.
27
28Build options
29-------------
30
31Several build options can be used to check for security issues. Refer to the
32:ref:`Build Options` for detailed information on these.
33
34- The ``BRANCH_PROTECTION`` build flag can be used to enable Pointer
35  Authentication and Branch Target Identification.
36
37- The ``ENABLE_STACK_PROTECTOR`` build flag can be used to identify buffer
38  overflows.
39
40- The ``W`` build flag can be used to enable a number of compiler warning
41  options to detect potentially incorrect code.
42
43  - W=0 (default value)
44
45    The ``Wunused`` with ``Wno-unused-parameter``, ``Wdisabled-optimization``
46    and ``Wvla`` flags are enabled.
47
48    The ``Wunused-but-set-variable``, ``Wmaybe-uninitialized`` and
49    ``Wpacked-bitfield-compat`` are GCC specific flags that are also enabled.
50
51  - W=1
52
53    Adds ``Wextra``, ``Wmissing-format-attribute``, ``Wmissing-prototypes``,
54    ``Wold-style-definition`` and ``Wunused-const-variable``.
55
56  - W=2
57
58    Adds ``Waggregate-return``, ``Wcast-align``, ``Wnested-externs``,
59    ``Wshadow``, ``Wlogical-op``.
60
61  - W=3
62
63    Adds ``Wbad-function-cast``, ``Wcast-qual``, ``Wconversion``, ``Wpacked``,
64    ``Wpointer-arith``, ``Wredundant-decls`` and
65    ``Wswitch-default``.
66
67  Refer to the GCC or Clang documentation for more information on the individual
68  options: https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html and
69  https://clang.llvm.org/docs/DiagnosticsReference.html.
70
71  NB: The ``Werror`` flag is enabled by default in TF-A and can be disabled by
72  setting the ``E`` build flag to 0.
73
74--------------
75
76*Copyright (c) 2019-2020, Arm Limited. All rights reserved.*
77