feat(security): add support for SLS mitigation This patch enables support for the gcc compiler option "-mharden-sls", the default is not to use this option. Setting HARDEN_SLS=1 sets "-mharden-sls=all" that enables all hardening against straight line speculation. Signed-off-by: Bipin Ravi <bipin.ravi@arm.com> Change-Id: I59f5963c22431571f5aebe7e0c5642b32362f4c9

commit: e53e6ae56923e1f15e0a1fb212e4137dc1df5cbc [log] [tgz]
author: Bipin Ravi <bipin.ravi@arm.com> Thu Sep 28 13:17:24 2023 -0500
committer: Bipin Ravi <bipin.ravi@arm.com> Tue Nov 21 15:27:00 2023 -0600
tree: 8a92eff20b463b40a07ae435fcb1c0a6762b54e0
parent: e052a53caeedaf635fa31a2b2284f3f77a52c773 [diff] [blame]
diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst
index cd70a22..f0f1cac 100644
--- a/docs/getting_started/build-options.rst
+++ b/docs/getting_started/build-options.rst

@@ -748,6 +748,19 @@
 
       MARCH_DIRECTIVE := -march=armv8.5-a
 
+-  ``HARDEN_SLS``: used to pass -mharden-sls=all from the TF-A build
+   options to the compiler currently supporting only of the options.
+   GCC documentation:
+   https://gcc.gnu.org/onlinedocs/gcc/AArch64-Options.html#index-mharden-sls
+
+   An example usage:
+
+   .. code:: make
+
+      HARDEN_SLS := 1
+
+   This option defaults to 0.
+
 -  ``NON_TRUSTED_WORLD_KEY``: This option is used when ``GENERATE_COT=1``. It
    specifies a file that contains the Non-Trusted World private key in PEM
    format or a PKCS11 URI. If ``SAVE_KEYS=1``, only a file is accepted and it
commit	e53e6ae56923e1f15e0a1fb212e4137dc1df5cbc	[log] [tgz]
author	Bipin Ravi <bipin.ravi@arm.com>	Thu Sep 28 13:17:24 2023 -0500
committer	Bipin Ravi <bipin.ravi@arm.com>	Tue Nov 21 15:27:00 2023 -0600
tree	8a92eff20b463b40a07ae435fcb1c0a6762b54e0
parent	e052a53caeedaf635fa31a2b2284f3f77a52c773 [diff] [blame]