Keil Logo
Products Download Events Support Videos

Technical Support

On-Line Manuals

Compiler Reference Guide

Preface Arm Compiler Tools Overview armclang Reference armlink Reference armlink Command-line Options --any_contingency --any_placement=algorithm --any_sort_order=order --api, --no_api --autoat, --no_autoat --bare_metal_pie --base_platform --be8 --be32 --bestdebug, --no_bestdebug --blx_arm_thumb, --no_blx_arm_thumb --blx_thumb_arm, --no_blx_thumb_arm --bpabi --branchnop, --no_branchnop --callgraph, --no_callgraph --callgraph_file=filename --callgraph_output=fmt --callgraph_subset=symbol[,symbol,...] --cgfile=type --cgsymbol=type --cgundefined=type --comment_section, --no_comment_section --cppinit, --no_cppinit --cpu=list (armlink) --cpu=name (armlink) --crosser_veneershare, --no_crosser_veneershare --dangling-debug-address=address --datacompressor=opt --debug, --no_debug --diag_error=tag[,tag,…] (armlink) --diag_remark=tag[,tag,…] (armlink) --diag_style={arm|ide|gnu} (armlink) --diag_suppress=tag[,tag,…] (armlink) --diag_warning=tag[,tag,…] (armlink) --dll --dynamic_linker=name --eager_load_debug, --no_eager_load_debug --eh_frame_hdr --edit=file_list --emit_debug_overlay_relocs --emit_debug_overlay_section --emit_non_debug_relocs --emit_relocs --entry=location --errors=filename --exceptions, --no_exceptions --export_all, --no_export_all --export_dynamic, --no_export_dynamic --filtercomment, --no_filtercomment --fini=symbol --first=section_id --force_explicit_attr --force_so_throw, --no_force_so_throw --fpic --fpu=list (armlink) --fpu=name (armlink) --got=type --gnu_linker_defined_syms --help (armlink) --import_cmse_lib_in=filename --import_cmse_lib_out=filename --import_unresolved, --no_import_unresolved --info=topic[,topic,…] (armlink) --info_lib_prefix=opt --init=symbol --inline, --no_inline --inline_type=type --inlineveneer, --no_inlineveneer input-file-list (armlink) --keep=section_id (armlink) --keep_intermediate --largeregions, --no_largeregions --last=section_id --legacyalign, --no_legacyalign --libpath=pathlist --library=name --library_security=protection --library_type=lib --list=filename --list_mapping_symbols, --no_list_mapping_symbols --load_addr_map_info, --no_load_addr_map_info --locals, --no_locals --lto, --no_lto --lto_keep_all_symbols, --no_lto_keep_all_symbols --lto_intermediate_filename --lto_level --lto_relocation_model --mangled, --unmangled --map, --no_map --max_er_extension=size --max_veneer_passes=value --max_visibility=type --merge, --no_merge --merge_litpools, --no_merge_litpools --muldefweak, --no_muldefweak -o filename, --output=filename (armlink) --output_float_abi=option --overlay_veneers --override_visibility -Omax (armlink) -Omin (armlink) --pad=num --paged --pagesize=pagesize --partial --pie --piveneer, --no_piveneer --pixolib --pltgot=type --pltgot_opts=mode --predefine="string" --preinit, --no_preinit --privacy (armlink) --ref_cpp_init, --no_ref_cpp_init --ref_pre_init, --no_ref_pre_init --reloc --remarks --remove, --no_remove --ro_base=address --ropi --rosplit --rw_base=address --rwpi --scanlib, --no_scanlib --scatter=filename --section_index_display=type --shared --show_cmdline (armlink) --show_full_path --show_parent_lib --show_sec_idx --soname=name --sort=algorithm --split --startup=symbol, --no_startup --stdlib --strict --strict_flags, --no_strict_flags --strict_ph, --no_strict_ph --strict_preserve8_require8 --strict_relocations, --no_strict_relocations --strict_symbols, --no_strict_symbols --strict_visibility, --no_strict_visibility --symbols, --no_symbols --symdefs=filename --symver_script=filename --symver_soname --sysv --tailreorder, --no_tailreorder --tiebreaker=option --unaligned_access, --no_unaligned_access --undefined=symbol --undefined_and_export=symbol --unresolved=symbol --use_definition_visibility --userlibpath=pathlist --veneerinject, --no_veneerinject --veneer_inject_type=type --veneer_pool_size=size --veneershare, --no_veneershare --verbose --version_number (armlink) --via=filename (armlink) --vsn (armlink) --xo_base=address --xref, --no_xref --xrefdbg, --no_xrefdbg --xref{from|to}=object(section) --zi_base=address Linking Models Supported by armlink Overview of linking models Bare-metal linking model overview Partial linking model overview Base Platform Application Binary Interface (BPABI) Base Platform linking model overview SysV linking model overview Concepts common to both BPABI and SysV linking mod Image Structure and Generation The structure of an Arm ELF image Views of the image at each link stage Input sections, output sections, regions, and prog Load view and execution view of an image Methods of specifying an image memory map with the Image entry points Restrictions on image structure Simple images Types of simple image Type 1 image structure, one load region and contig Type 2 image structure, one load region and non-co Type 3 image structure, multiple load regions and Section placement with the linker Default section placement Section placement with the FIRST and LAST attribut Section alignment with the linker Linker support for creating demand-paged files Linker reordering of execution regions containing Linker-generated veneers What is a veneer? Veneer sharing Veneer types Generation of position independent to absolute ven Reuse of veneers when scatter-loading Generation of secure gateway veneers Command-line options used to control the generatio Weak references and definitions How the linker performs library searching, selecti How the linker searches for the Arm standard libra Specifying user libraries when linking How the linker resolves references The strict family of linker options Linker Optimization Features Elimination of common section groups Elimination of unused sections Optimization with RW data compression How the linker chooses a compressor Options available to override the compression algo How compression is applied Considerations when working with RW data compressi Function inlining with the linker Factors that influence function inlining About branches that optimize to a NOP Linker reordering of tail calling sections Restrictions on reordering of tail calling section Linker merging of comment sections Merging identical constants Accessing and Managing Symbols with armlink About mapping symbols Linker-defined symbols Region-related symbols Types of region-related symbols Image$$ execution region symbols Load$$ execution region symbols Load$$LR$$ load region symbols Region name values when not scatter-loading Linker defined symbols and scatter files Methods of importing linker-defined symbols in C a Methods of importing linker-defined symbols in Arm Section-related symbols Types of section-related symbols Image symbols Input section symbols Access symbols in another image Creating a symdefs file Outputting a subset of the global symbols Reading a symdefs file Symdefs file format Edit the symbol tables with a steering file Specifying steering files on the linker command-li Steering file command summary Steering file format Hide and rename global symbols with a steering fil Use of $Super$$ and $Sub$$ to patch symbol definit Scatter-loading Features The scatter-loading mechanism Overview of scatter-loading When to use scatter-loading Linker-defined symbols that are not defined when s Placing the stack and heap with a scatter file Scatter-loading command-line options Scatter-loading images with a simple memory map Scatter-loading images with a complex memory map Root region and the initial entry point Effect of the ABSOLUTE attribute on a root region Effect of the FIXED attribute on a root region Methods of placing functions and data at specific Placing functions and data in a named section Placement of __at sections at a specific address Restrictions on placing __at sections Automatic placement of __at sections Manual placement of __at sections Place a key in flash memory with an __at section Example of how to explicitly place a named section Manual placement of unassigned sections Default rules for placing unassigned sections Command-line options for controlling the placement Prioritizing the placement of unassigned sections Specify the maximum region size permitted for plac Examples of using placement algorithms for .ANY se Example of next_fit algorithm showing behavior of Examples of using sorting algorithms for .ANY sect Behavior when .ANY sections overflow because of li Placing veneers with a scatter file Placement of CMSE veneer sections for a Secure ima Reserving an empty block of memory Characteristics of a reserved empty block of memor Example of reserving an empty block of memory Placement of Arm C and C++ library code Placement of code in a root region Placement of Arm C library code Placing Arm C++ library code Alignment of regions to page boundaries Alignment of execution regions and input sections Preprocessing a scatter file Default behavior for armclang -E in a scatter file Use of other preprocessors in a scatter file Example of using expression evaluation in a scatte Equivalent scatter-loading descriptions for simple Command-line options for creating simple images Type 1 image, one load region and contiguous execu Type 2 image, one load region and non-contiguous e Type 3 image, multiple load regions and non-contig How the linker resolves multiple matches when proc How the linker resolves path names when processing Scatter file to ELF mapping Scatter File Syntax BNF notation used in scatter-loading description s Syntax of a scatter file Load region descriptions Components of a load region description Syntax of a load region description Load region attributes Inheritance rules for load region address attribut Inheritance rules for the RELOC address attribute Considerations when using a relative address +offs Execution region descriptions Components of an execution region description Syntax of an execution region description Execution region attributes Inheritance rules for execution region address att Considerations when using a relative address +offs Input section descriptions Components of an input section description Syntax of an input section description Examples of module and input section specification Expression evaluation in scatter files Expression usage in scatter files Expression rules in scatter files Execution address built-in functions for use in sc ScatterAssert function and load address related fu Symbol related function in a scatter file AlignExpr(expr, align) function GetPageSize() function SizeOfHeaders() function Example of aligning a base address in execution sp Scatter files containing relative base address loa BPABI and SysV Shared Libraries and Executables About the Base Platform Application Binary Interfa Platforms supported by the BPABI Features common to all BPABI models About importing and exporting symbols for BPABI mo Symbol visibility for BPABI models Automatic import and export for BPABI models Manual import and export for BPABI models Symbol versioning for BPABI models RW compression for BPABI models SysV linking model SysV standard memory model Using the C and C++ libraries Using a dynamic Linker Automatic dynamic symbol table rules in the SysV l Symbol definitions defined for SysV compatibility Addressing modes in the SysV linking model Thread local storage in the SysV linking model Linker command-line options for the SysV linking m Bare metal and DLL-like memory models BPABI standard memory model Customization of the BPABI standard memory model Linker command-line options for bare metal and DLL Mandatory symbol versioning in the BPABI DLL-like Automatic dynamic symbol table rules in the BPABI Addressing modes in the BPABI DLL-like model C++ initialization in the BPABI DLL-like model Symbol versioning Overview of symbol versioning Embedded symbols The symbol versioning script file Example of creating versioned symbols Linker options for enabling implicit symbol versio Features of the Base Platform Linking Model Restrictions on the use of scatter files with the Scatter files for the Base Platform linking model Placement of PLT sequences with the Base Platform Linker Steering File Command Reference EXPORT steering file command HIDE steering file command IMPORT steering file command RENAME steering file command REQUIRE steering file command RESOLVE steering file command SHOW steering file command fromelf Reference armar Reference armasm Legacy Assembler Reference Appendixes
Home  /  Compiler Reference Guide

Version 6.16

--library_security=protection

Non-ConfidentialPDF file icon PDF version101754_0616_01_en
Arm® Compiler Reference GuideVersion 6.16
Home > armlink Reference > armlink Command-line Options > --library_security=protection

C1.77 --library_security=protection

Selects one of the security hardened libraries with varying levels of protection, which include branch protection and memory tagging.

Note:

This topic includes descriptions of [ALPHA] features. See Support level definitions.

Default

The default is --library_security=auto.

Syntax

--library_security=protection

Parameters

protection specifies the level of protection in the library.

v8.3a
Selects the v8.3a library, which provides branch protection using Branch Target Identification and Pointer Authentication on function returns.
v8.5a [ALPHA]
Selects the v8.5a library, which provides memory tagging protection of the stack used by the library code. This library also includes all the protection in the v8.3a library. Use of the v8.5a library is an [ALPHA] feature.
none
Selects the standard C library that does not provide protection using Branch Target Identification and Pointer Authentication, and does not provide memory tagging stack protection.
auto

The linker automatically selects either the standard C library, or the v8.3a, or the v8.5a library. If at least one input object file has been compiled with -mmemtag-stack and at least one input object file has return address signing with pointer authentication, then the linker selects the v8.5a library. Otherwise, if at least one input object file has been compiled for Arm®v8.3-A or later, and has return address signing with pointer authentication, then the linker selects the v8.3a library. Otherwise, the behavior is the same as --library_security=none.

Note:

  • The presence of BTI instructions in the compiled objects does not affect automatic library selection.
  • The presence of memory tagging instructions in the compiled objects does not affect automatic library selection.

Usage

Use --library_security to override the automatic selection of protected libraries for branch protection and memory tagging stack protection (stack tagging).

Branch protection protects your code from Return Oriented Programming (ROP) and Jump Oriented Programming (JOP) attacks. Branch protection using pointer authentication and branch target identification are only available in AArch64 state.

Memory tagging stack protection protects accesses to variables on the stack whose addresses are taken. Memory tagging protection is available for the AArch64 state for architectures with the memory tagging extension.

Note:

  • Selecting the v8.5a library does not automatically imply memory tagging protection of the heap. To enable memory tagging protection of the heap, you must define the symbol __use_memtag_heap. You can define this symbol irrespective of the level of protection you use for --library_security=protection. For more information, see Choosing a heap implementation for memory allocation functions.
  • Code that is compiled with stack tagging can be safely linked together with code that is compiled without stack tagging. However, if any object file is compiled with -fsanitize=memtag, and if setjmp, longjmp, or C++ exceptions are present anywhere in the image, then you must use the v8.5a library to avoid stack tagging related memory fault at runtime.

Examples

This uses the v8.3a library with branch protection using Branch Target Identification and Pointer Authentication:

armlink --cpu=8.3-A.64 --library_security=v8.3a foo.o

This uses the standard C library without any branch protection using Branch Target Identification and Pointer Authentication:

armlink --cpu=8.3-A.64 --library_security=none foo.o

This uses the v8.5a library with memory tagging stack protection, and branch protection using Branch Target Identification and Pointer Authentication:

armlink --library_security=v8.5a foo.o
Related references
Non-ConfidentialPDF file icon PDF version101754_0616_01_en
Copyright © 2019–2021 Arm Limited or its affiliates. All rights reserved. 
Home > armlink Reference > armlink Command-line Options > --library_security=protection

Products

Development Tools

 

Hardware & Collateral

Downloads

Support

Contact
 

Cookie Settings | Terms of Use | Privacy | Accessibility | Trademarks | Contact Us | Feedback

Copyright © 2005-2019 Arm Limited (or its affiliates). All rights reserved.

 Arm logo
Important information

This site uses cookies to store information on your computer. By continuing to use our site, you consent to our cookies.

Change Settings

Privacy Policy Update

Arm’s Privacy Policy has been updated. By continuing to use our site, you consent to Arm’s Privacy Policy. Please review our Privacy Policy to learn more about our collection, use and transfers
of your data.