Consider using stack canaries via -fstack-protector* flags

[invd]

From what I can see in the Solo V1 source code, the firmware currently does not use or support the ARM GCC provided standard functionality to mitigate certain stack buffer overflows. Having suitable mitigations in place can be essential to prevent attackers from achieving code execution on the device.

I recommend adding -fstack-protector-all or -fstack-protector-strong flags and doing the relevant canary initialization in main() with random values from the TRNG.

Please note that several ARM GCC versions have broken stack canary support, as I (re-)discovered and documented recently. To my knowledge, the currently used gcc-arm-none-eabi-8-2019-q3 is not affected by this, but some later versions are, so this is something to take into consideration for the toolchain.