docs/process/security-hardening.rst - tf-a-mtk - Git at Google

 Security hardening
 ==================

 This page contains guidance on what to check for additional security measures,
 including build options that can be modified to improve security or catch issues
 early in development.

 Build options
 -------------

 Several build options can be used to check for security issues. Refer to the
 :ref:`User Guide` for detailed information on the specific build options.

 - The ``BRANCH_PROTECTION`` build flag can be used to enable Pointer
   Authentication and Branch Target Identification.

 - The ``ENABLE_STACK_PROTECTOR`` build flag can be used to identify buffer
   overflows.

 - The ``W`` build flag can be used to enable a number of compiler warning
   options to detect potentially incorrect code.

   - W=0 (default value)

     The ``Wunused`` with ``Wno-unused-parameter``, ``Wdisabled-optimization``
     and ``Wvla`` flags are enabled.

     The ``Wunused-but-set-variable``, ``Wmaybe-uninitialized`` and
     ``Wpacked-bitfield-compat`` are GCC specific flags that are also enabled.

   - W=1

     Adds ``Wextra``, ``Wmissing-declarations``, ``Wmissing-format-attribute``,
     ``Wmissing-prototypes``, ``Wold-style-definition`` and
     ``Wunused-const-variable``.

   - W=2

     Adds ``Waggregate-return``, ``Wcast-align``, ``Wnested-externs``,
     ``Wshadow``, ``Wlogical-op``, ``Wmissing-field-initializers`` and
     ``Wsign-compare``.

   - W=3

     Adds ``Wbad-function-cast``, ``Wcast-qual``, ``Wconversion``, ``Wpacked``,
     ``Wpadded``, ``Wpointer-arith``, ``Wredundant-decls`` and
     ``Wswitch-default``.

   Refer to the GCC or Clang documentation for more information on the individual
   options: https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html and
   https://clang.llvm.org/docs/DiagnosticsReference.html.

   NB: The ``Werror`` flag is enabled by default in TF-A and can be disabled by
   setting the ``E`` build flag to 0.

 --------------

 *Copyright (c) 2019, Arm Limited. All rights reserved.*
	Security hardening
	==================

	This page contains guidance on what to check for additional security measures,
	including build options that can be modified to improve security or catch issues
	early in development.

	Build options
	-------------

	Several build options can be used to check for security issues. Refer to the
	:ref:`User Guide` for detailed information on the specific build options.

	- The ``BRANCH_PROTECTION`` build flag can be used to enable Pointer
	Authentication and Branch Target Identification.

	- The ``ENABLE_STACK_PROTECTOR`` build flag can be used to identify buffer
	overflows.

	- The ``W`` build flag can be used to enable a number of compiler warning
	options to detect potentially incorrect code.

	- W=0 (default value)

	The ``Wunused`` with ``Wno-unused-parameter``, ``Wdisabled-optimization``
	and ``Wvla`` flags are enabled.

	The ``Wunused-but-set-variable``, ``Wmaybe-uninitialized`` and
	``Wpacked-bitfield-compat`` are GCC specific flags that are also enabled.

	- W=1

	Adds ``Wextra``, ``Wmissing-declarations``, ``Wmissing-format-attribute``,
	``Wmissing-prototypes``, ``Wold-style-definition`` and
	``Wunused-const-variable``.

	- W=2

	Adds ``Waggregate-return``, ``Wcast-align``, ``Wnested-externs``,
	``Wshadow``, ``Wlogical-op``, ``Wmissing-field-initializers`` and
	``Wsign-compare``.

	- W=3

	Adds ``Wbad-function-cast``, ``Wcast-qual``, ``Wconversion``, ``Wpacked``,
	``Wpadded``, ``Wpointer-arith``, ``Wredundant-decls`` and
	``Wswitch-default``.

	Refer to the GCC or Clang documentation for more information on the individual
	options: https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html and
	https://clang.llvm.org/docs/DiagnosticsReference.html.

	NB: The ``Werror`` flag is enabled by default in TF-A and can be disabled by
	setting the ``E`` build flag to 0.

	--------------

	Copyright (c) 2019, Arm Limited. All rights reserved.