diff options
Diffstat (limited to 'docs')
-rw-r--r-- | docs/getting_started/build-options.rst | 6 | ||||
-rw-r--r-- | docs/process/security-hardening.rst | 10 |
2 files changed, 16 insertions, 0 deletions
diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst index 34d83f255..c045a6aa2 100644 --- a/docs/getting_started/build-options.rst +++ b/docs/getting_started/build-options.rst @@ -1191,6 +1191,12 @@ Common build options per the `PSA Crypto API specification`_. This feature is only supported if using MbedTLS 3.x version. By default it is disabled (``0``). +- ``ENABLE_CONSOLE_GETC``: Boolean option to enable `getc()` feature in console + driver(s). By default it is disabled (``0``) because it constitutes an attack + vector into TF-A by potentially allowing an attacker to inject arbitrary data. + This option should only be enabled on a need basis if there is a use case for + reading characters from the console. + GICv3 driver options -------------------- diff --git a/docs/process/security-hardening.rst b/docs/process/security-hardening.rst index f9618db08..eace467d4 100644 --- a/docs/process/security-hardening.rst +++ b/docs/process/security-hardening.rst @@ -135,6 +135,16 @@ Several build options can be used to check for security issues. Refer to the it is recommended to develop against ``W=2`` (which will eventually become the default). +Additional guidelines are provided below for some security-related build +options: + +- The ``ENABLE_CONSOLE_GETC`` build flag should be set to 0 to disable the + `getc()` feature, which allows the firmware to read characters from the + console. Keeping this feature enabled is considered dangerous from a security + point of view because it potentially allows an attacker to inject arbitrary + data into the firmware. It should only be enabled on a need basis if there is + a use case for it, for example in a testing or factory environment. + .. rubric:: References - `Arm ARM`_ |