andrius
/
arm-trusted-firmware
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
arm-trusted-firmware/docs/process/security-hardening.rst

2.5 KiB
Raw Blame History

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> </head>

Secure Development Guidelines

This page contains guidance on what to check for additional security measures, including build options that can be modified to improve security or catch issues early in development.

Security considerations

Part of the security of a platform is handling errors correctly, as described in the previous section. There are several other security considerations covered in this section.

Do not leak secrets to the normal world

The secure world must not leak secrets to the normal world, for example in response to an SMC.

Handling Denial of Service attacks

The secure world should never crash or become unusable due to receiving too many normal world requests (a Denial of Service or DoS attack). It should have a mechanism for throttling or ignoring normal world requests.

Build options

Several build options can be used to check for security issues. Refer to the :ref:`Build Options` for detailed information on these.

System Message: ERROR/3 (<stdin>, line 31); backlink

Unknown interpreted text role "ref".

  • The BRANCH_PROTECTION build flag can be used to enable Pointer Authentication and Branch Target Identification.

  • The ENABLE_STACK_PROTECTOR build flag can be used to identify buffer overflows.

  • The W build flag can be used to enable a number of compiler warning options to detect potentially incorrect code.

    • W=0 (default value)

      The Wunused with Wno-unused-parameter, Wdisabled-optimization and Wvla flags are enabled.

      The Wunused-but-set-variable, Wmaybe-uninitialized and Wpacked-bitfield-compat are GCC specific flags that are also enabled.

    • W=1

      Adds Wextra, Wmissing-format-attribute, Wmissing-prototypes, Wold-style-definition and Wunused-const-variable.

    • W=2

      Adds Waggregate-return, Wcast-align, Wnested-externs, Wshadow, Wlogical-op.

    • W=3

      Adds Wbad-function-cast, Wcast-qual, Wconversion, Wpacked, Wpointer-arith, Wredundant-decls and Wswitch-default.

    Refer to the GCC or Clang documentation for more information on the individual options: https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html and https://clang.llvm.org/docs/DiagnosticsReference.html.

    NB: The Werror flag is enabled by default in TF-A and can be disabled by setting the E build flag to 0.

Copyright (c) 2019-2020, Arm Limited. All rights reserved.

</html>