Enables the generation of code for the Secure state of the Armv8‑M Security Extension. This option is required when creating a Secure image.
NoteThe Armv8‑M Security Extension is not supported when building Read-Only Position-Independent (ROPI) and Read-Write Position-Independent (RWPI) images.
-mcmse targets the Secure state of
the Armv8‑M Security Extension.
When compiling with
-mcmse, the following are available:
- The Test Target,
- Non-secure function pointer intrinsics.
- The value of the
__ARM_FEATURE_CMSEpredefined macro indicates what Armv8‑M Security Extension features are supported.
Secure code with the maximum capabilities for the target. For
example, if you compile with no FPU then the Secure functions do not
clear floating-point registers when returning from functions
__attribute__((cmse_nonsecure_entry)). Therefore, the functions could potentially leak sensitive data.
- Structs with undefined bits caused by padding and half-precision floating-point members are currently unsupported as arguments and return values for Secure functions. Using such structs might leak sensitive information. Structs that are large enough to be passed by reference are also unsupported and produce an error.
The following cases are not supported when compiling with
-mcmseand produce an error:
- Variadic entry functions.
- Entry functions with arguments that do not fit in registers, because there are either many arguments or the arguments have large values.
- Non-secure function calls with arguments that do not fit in registers, because there are either many arguments or the arguments have large values.
This example shows how to create a Secure image using an input import
oldimportlib.o, and a scatter file,
armclang --target=arm-arm-none-eabi -march=armv8m.main -mcmse secure.c -o secure.o armlink secure.o -o secure.axf
armlink also generates the Secure
code import library,
importlib.o that is required
for a Non-secure image to call the Secure image.