3.7 Building applications for execute-only memory

Placing code in execute-only memory prevents users from trivially reading that code.

Note:

Link Time Optimization does not honor the armclang -mexecute-only option. If you use the armclang -flto or -Omax options, then the compiler cannot generate execute-only code and produces a warning.

To build an application with code in execute-only memory:

Procedure

  1. Compile your C or C++ code using the -mexecute-only option.
    Example: armclang --target=arm-arm-none-eabi -march=armv7-m -mexecute-only -c test.c -o test.o

    The -mexecute-only option prevents the compiler from generating any data accesses to the code sections.

    To keep code and data in separate sections, the compiler disables the placement of literal pools inline with code.

    Compiled execute-only code sections in the ELF object file are marked with the SHF_ARM_NOREAD flag.

  2. Specify the memory map to the linker using either of the following:
    • The +XO selector in a scatter file.
    • The armlink --xo-base option on the command-line.
    Example: armlink --xo-base=0x8000 test.o -o test.axf
    Results:

    The XO execution region is placed in a separate load region from the RO, RW, and ZI execution regions.

    Note:

    If you do not specify --xo-base, then by default:
    • The XO execution region is placed immediately before the RO execution region, at address 0x8000.
    • All execution regions are in the same load region.
Non-ConfidentialPDF file icon PDF versionDUI0773J
Copyright © 2014–2017, 2019 Arm Limited or its affiliates. All rights reserved.