Merge "doc: Isolate security-related build options" into integration

f56734fe · John Tsichritzis · TrustedFirmware Code Review · 9dc24cbd · 2e302371 · f56734fe
Commit f56734fe authored Jun 20, 2019 by John Tsichritzis Committed by TrustedFirmware Code Review Jun 20, 2019
--- a/docs/process/index.rst
+++ b/docs/process/index.rst
@@ -12,3 +12,4 @@ Processes & Policies
   coding-guidelines
   contributing
   faq
+   security-hardening
--- a/docs/process/security-hardening.rst
+++ b/docs/process/security-hardening.rst
+Security hardening
+==================
+
+This page contains guidance on what to check for additional security measures,
+including build options that can be modified to improve security or catch issues
+early in development.
+
+Build options
+-------------
+
+Several build options can be used to check for security issues. Refer to the
+`user guide`_ for detailed information on the specific build options.
+
+- The ``BRANCH_PROTECTION`` build flag can be used to enable Pointer
+  Authentication and Branch Target Identification.
+
+- The ``ENABLE_STACK_PROTECTOR`` build flag can be used to identify buffer
+  overflows.
+
+- The ``W`` build flag can be used to enable a number of compiler warning
+  options to detect potentially incorrect code.
+
+  - W=0 (default value)
+
+    The ``Wunused`` with ``Wno-unused-parameter``, ``Wdisabled-optimization``
+    and ``Wvla`` flags are enabled.
+
+    The ``Wunused-but-set-variable``, ``Wmaybe-uninitialized`` and
+    ``Wpacked-bitfield-compat`` are GCC specific flags that are also enabled.
+
+  - W=1
+
+    Adds ``Wextra``, ``Wmissing-declarations``, ``Wmissing-format-attribute``,
+    ``Wmissing-prototypes``, ``Wold-style-definition`` and
+    ``Wunused-const-variable``.
+
+  - W=2
+
+    Adds ``Waggregate-return``, ``Wcast-align``, ``Wnested-externs``,
+    ``Wshadow``, ``Wlogical-op``, ``Wmissing-field-initializers`` and
+    ``Wsign-compare``.
+
+  - W=3
+
+    Adds ``Wbad-function-cast``, ``Wcast-qual``, ``Wconversion``, ``Wpacked``,
+    ``Wpadded``, ``Wpointer-arith``, ``Wredundant-decls`` and
+    ``Wswitch-default``.
+
+  Refer to the GCC or Clang documentation for more information on the individual
+  options: https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html and
+  https://clang.llvm.org/docs/DiagnosticsReference.html.
+
+  NB: The ``Werror`` flag is enabled by default in TF-A and can be disabled by
+  setting the ``E`` build flag to 0.
+
+*Copyright (c) 2019, Arm Limited. All rights reserved.*
+
+.. _user guide: ../getting_started/user-guide.rst