1 files changed, 9 insertions, 1 deletions

diff --git a/docs/user-guide.md b/docs/user-guide.md
index 2770b2cd..a1df9652 100644
--- a/docs/user-guide.md
+++ b/docs/user-guide.md
@@ -301,6 +301,14 @@ performed.
     Currently, only PSCI is instrumented. Enabling this option enables
     the `ENABLE_PMF` build option as well. Default is 0.
 
+*   `ENABLE_STACK_PROTECTOR`: String option to enable the stack protection
+    checks in GCC. Allowed values are "all", "strong" and "0" (default).
+    "strong" is the recommended stack protection level if this feature is
+    desired. 0 disables the stack protection. For all values other than 0, the
+    `plat_get_stack_protector_canary()` platform hook needs to be implemented.
+    The value is passed as the last component of the option
+    `-fstack-protector-$ENABLE_STACK_PROTECTOR`.
+
 *   `ERROR_DEPRECATED`: This option decides whether to treat the usage of
     deprecated platform APIs, helper functions or drivers within Trusted
     Firmware as error. It can take the value 1 (flag the use of deprecated
@@ -799,7 +807,7 @@ images with support for these features:
     modules by checking out a recent version of the [mbed TLS Repository]. It
     is important to use a version that is compatible with TF and fixes any
     known security vulnerabilities. See [mbed TLS Security Center] for more
-    information. This version of TF is tested with tag `mbedtls-2.2.1`.
+    information. The latest version of TF is tested with tag `mbedtls-2.4.2`.
 
     The `drivers/auth/mbedtls/mbedtls_*.mk` files contain the list of mbed TLS
     source files the modules depend upon.