Security hardening
==================
This page contains guidance on what to check for additional security measures,
including build options that can be modified to improve security or catch issues
early in development.
Build options
-------------
Several build options can be used to check for security issues. Refer to the
:ref:`User Guide` for detailed information on the specific build options.
- The ``BRANCH_PROTECTION`` build flag can be used to enable Pointer
Authentication and Branch Target Identification.
- The ``ENABLE_STACK_PROTECTOR`` build flag can be used to identify buffer
overflows.
- The ``W`` build flag can be used to enable a number of compiler warning
options to detect potentially incorrect code.
- W=0 (default value)
The ``Wunused`` with ``Wno-unused-parameter``, ``Wdisabled-optimization``
and ``Wvla`` flags are enabled.
The ``Wunused-but-set-variable``, ``Wmaybe-uninitialized`` and
``Wpacked-bitfield-compat`` are GCC specific flags that are also enabled.
- W=1
Adds ``Wextra``, ``Wmissing-declarations``, ``Wmissing-format-attribute``,
``Wmissing-prototypes``, ``Wold-style-definition`` and
``Wunused-const-variable``.
- W=2
Adds ``Waggregate-return``, ``Wcast-align``, ``Wnested-externs``,
``Wshadow``, ``Wlogical-op``, ``Wmissing-field-initializers`` and
``Wsign-compare``.
- W=3
Adds ``Wbad-function-cast``, ``Wcast-qual``, ``Wconversion``, ``Wpacked``,
``Wpadded``, ``Wpointer-arith``, ``Wredundant-decls`` and
``Wswitch-default``.
Refer to the GCC or Clang documentation for more information on the individual
options: https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html and
https://clang.llvm.org/docs/DiagnosticsReference.html.
NB: The ``Werror`` flag is enabled by default in TF-A and can be disabled by
setting the ``E`` build flag to 0.
--------------
*Copyright (c) 2019, Arm Limited. All rights reserved.*
