3.7 Building applications for execute-only memory

Placing code in execute-only memory prevents users from trivially reading that code.

Note:

Link Time Optimization does not honor the armclang -mexecute-only option. If you use the armclang -flto or -Omax options, then the compiler cannot generate execute-only code.

To build an application with code in execute-only memory:

Procedure

  1. Compile your C or C++ code using the -mexecute-only option.
    armclang --target=arm-arm-none-eabi -march=armv7-m -mexecute-only -c test.c -o test.o

    The -mexecute-only option prevents the compiler from generating any data accesses to the code sections.

    To keep code and data in separate sections, the compiler disables the placement of literal pools inline with code.

    Compiled execute-only code sections in the ELF object file are marked with the SHF_ARM_NOREAD flag.

  2. Specify the memory map to the linker using either of the following:
    • The +XO selector in a scatter file.
    • The armlink --xo-base option on the command-line.
    armlink --xo-base=0x8000 test.o -o test.axf

    The XO execution region is placed in a separate load region from the RO, RW, and ZI execution regions.

    Note:

    If you do not specify --xo-base, then by default:
    • The XO execution region is placed immediately before the RO execution region, at address 0x8000.
    • All execution regions are in the same load region.
Non-ConfidentialPDF file icon PDF versionARM 100066_0608_00_en
Copyright © 2014–2017 ARM Limited or its affiliates. All rights reserved.