security-hardening.rst - OpenGrok cross reference for /tf-a-ffa_el3

Lines Matching refs:to
4 This page contains guidance on what to check for additional security measures,
5 including build options that can be modified to improve security or catch issues
15 Do not leak secrets to the normal world
18 The secure world **must not** leak secrets to the normal world, for example in
19 response to an SMC.
24 The secure world **should never** crash or become unusable due to receiving too
31 The Secure world needs to implement some defenses to prevent the Non-secure
36 Refer to the :ref:`Performance Monitoring Unit` guide for detailed information
42 Since the Non-secure world has access to the ``PMCR`` register, it can
43 configure the PMU to increment counters at any exception level and in both
44 Secure and Non-secure state. Thus, it attempts to leak timing information from
51    -  Set ``P`` to ``0``.
52    -  Set ``NSK`` to ``1``.
53    -  Set ``M`` to ``0``.
54    -  Set ``NSH`` to ``0``.
55    -  Set ``SH`` to ``1``.
59    -  Set ``P[0]`` to ``1``.
60    -  Set ``C`` to ``1``.
64    -  Set ``DP`` to ``0``.
65    -  Set ``E`` to ``1``.
67 This configuration instructs ``PMEVCNTR0_EL0`` and ``PMCCNTR_EL0`` to increment
71 exception levels) it instructs counters to increment, obtaining event counts
72 would allow it to carry out side-channel timing attacks against the Secure
80 The ``MDCR_EL3`` register allows EL3 to configure the PMU (among other things).
95       -  ``MDCR_EL3.SPME`` resets to ``0``, so by default general events should
97       -  The ``PMCR_EL0.DP`` bit therefore needs to be set to ``1`` when EL3 is
98          entered and ``PMCR_EL0`` needs to be saved and restored in EL3.
103    -  The only other way is to disable the ``PMCR_EL0.E`` bit upon entering
110       ``PMCR_EL0`` therefore needs to be saved and restored in EL3.
124 Several build options can be used to check for security issues. Refer to the
127 - The ``BRANCH_PROTECTION`` build flag can be used to enable Pointer
130 - The ``ENABLE_STACK_PROTECTOR`` build flag can be used to identify buffer
133 - The ``W`` build flag can be used to enable a number of compiler warning
134   options to detect potentially incorrect code.
160   Refer to the GCC or Clang documentation for more information on the individual
165   setting the ``E`` build flag to 0.