This latest update introduces advances in code security with the integration of the pointer Authentication and Branch Target Identification (PACBTI) extension for Armv8.1-M.
With PACBTI, user applications will be able to gain protection through the implementation of cryptographic signatures, effectively preventing attackers from taking control of the entire system. The release also features enhanced smart IDE Build Actions, elevating the development experience for software engineers.
IAR's latest release addresses the critical need for enhanced code security and is a response to the growing demands for safety products due to legislation and regulation.
Highlights include the new compiler functions within the IAR Embedded Workbench for Arm complemented by the PACBTI extension, that provide a robust defence against two prevalent security exploits: Return-Oriented Programming (ROP) and Jump-Oriented Programming (JOP).
Both of these techniques involve leveraging existing code segments within the user application. By gaining control of the call stack through methods like stack smashing, attackers overwrite crucial pointers stored in the stack to point, redirecting them towards identified vulnerable code snippets that serve the attacker’s purposes.
With the inclusion of these new functions, IAR Embedded Workbench establishes significant barriers, making it significantly more challenging for attackers to exploit code and compromise system integrity.
While PACBTI is designed to identify and mitigate common exploitable software errors, its effectiveness relies on sound software development practices, including the utilisation of code analysis tools.
"Security has emerged as a top priority for embedded software developers," said Anders Holmberg, CTO at IAR. "The latest version of IAR Embedded Workbench for Arm, coupled with well-established software development practices, form the foundation for truly secure embedded applications. IAR now delivers one of the most comprehensive end-to-end solutions ensuring enhanced security every step of the way, from product development to mass production.”
IAR Embedded Workbench for Arm is a comprehensive development toolchain, encompassing a highly optimised compiler and advanced debugging functionalities.
It employs code analysis tools such as IAR C-STAT and IAR C-RUN, so developers can proactively identify potential code issues, improve code quality and minimize potential attack surfaces. Both static and runtime analysis play pivotal roles during the development process, guaranteeing the discovery and elimination of vulnerabilities.
The latest release also showcases smart IDE Build Actions, which replace pre- and post-build actions, empowering developers to execute multiple commands before compilation and linking.
IAR Embedded Workbench for Arm 9.40 also includes support for Armv8-A AARCH32, enabling 64-bit processors to execute in 32-bit mode. Additionally, the release extends its compatibility to the Renesas E2/E2 lite emulator, offering seamless programming and debugging functionalities for Arm Cortex-M MCUs and Cortex-A MPUs.
Furthermore, the latest version adds support for over 275 new devices from major semiconductor partners.
Lastly, in extended language mode, the IAR C/C++ Compiler embraces additional GCC-style function attributes, promoting enhanced interoperability within the vast embedded ecosystem of RTOS/middleware.