feat(security): add support for SLS mitigation This patch enables support for the gcc compiler option "-mharden-sls", the default is not to use this option. Setting HARDEN_SLS=1 sets "-mharden-sls=all" that enables all hardening against straight line speculation. Signed-off-by: Bipin Ravi <bipin.ravi@arm.com> Change-Id: I59f5963c22431571f5aebe7e0c5642b32362f4c9 (cherry picked from commit 538516f5d3db6e2c30dfa9f0b82859389f529e78)

commit: 7ecb8add5ba4d810623169e19490bb9d8b1eb3f0 [log] [tgz]
author: Yann Gautier <yann.gautier@st.com> Mon Dec 04 09:59:23 2023 +0100
committer: Yann Gautier <yann.gautier@st.com> Mon Dec 04 11:16:43 2023 +0100
tree: 6aa390809c10d60285a8a277dfd75c80ffb09c55
parent: 8c1c54e70612ca751f2de88d5ece2c046be3a276 [diff] [blame]
diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst
index 3ebdbcc..d80a97f 100644
--- a/docs/getting_started/build-options.rst
+++ b/docs/getting_started/build-options.rst

@@ -671,6 +671,19 @@
 
    This option defaults to 0.
 
+-  ``HARDEN_SLS``: used to pass -mharden-sls=all from the TF-A build
+   options to the compiler currently supporting only of the options.
+   GCC documentation:
+   https://gcc.gnu.org/onlinedocs/gcc/AArch64-Options.html#index-mharden-sls
+
+   An example usage:
+
+   .. code:: make
+
+      HARDEN_SLS := 1
+
+   This option defaults to 0.
+
 -  ``NON_TRUSTED_WORLD_KEY``: This option is used when ``GENERATE_COT=1``. It
    specifies the file that contains the Non-Trusted World private key in PEM
    format. If ``SAVE_KEYS=1``, this file name will be used to save the key.
commit	7ecb8add5ba4d810623169e19490bb9d8b1eb3f0	[log] [tgz]
author	Yann Gautier <yann.gautier@st.com>	Mon Dec 04 09:59:23 2023 +0100
committer	Yann Gautier <yann.gautier@st.com>	Mon Dec 04 11:16:43 2023 +0100
tree	6aa390809c10d60285a8a277dfd75c80ffb09c55
parent	8c1c54e70612ca751f2de88d5ece2c046be3a276 [diff] [blame]