[Buildroot] [PATCH 1/1] boot/arm-trusted-firmware: Forward stack protection configuration

Baruch Siach baruch at tkos.co.il
Sat Nov 21 16:59:55 UTC 2020


Hi Christoph,

On Fri, Nov 20 2020, Christoph Müllner wrote:
> TF-A supports stack smashing protection (-fstack-protector-*).
> Since we already forward the required compiler flag, let's
> also tell TF-A that we actually want the required symbols
> (e.g. __stack_chk_guard) to be available.
>
> Signed-off-by: Christoph Müllner <christoph.muellner at theobroma-systems.com>
> ---
>  boot/arm-trusted-firmware/arm-trusted-firmware.mk | 12 ++++++++++++
>  1 file changed, 12 insertions(+)
>
> diff --git a/boot/arm-trusted-firmware/arm-trusted-firmware.mk b/boot/arm-trusted-firmware/arm-trusted-firmware.mk
> index a3553e36cf..f5be39100e 100644
> --- a/boot/arm-trusted-firmware/arm-trusted-firmware.mk
> +++ b/boot/arm-trusted-firmware/arm-trusted-firmware.mk
> @@ -100,6 +100,18 @@ ARM_TRUSTED_FIRMWARE_MAKE_OPTS += MV_DDR_PATH=$(MV_DDR_MARVELL_DIR)
>  ARM_TRUSTED_FIRMWARE_DEPENDENCIES += mv-ddr-marvell
>  endif
>  
> +ifeq ($(BR2_SSP_REGULAR),y)
> +ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ENABLE_STACK_PROTECTOR=default
> +endif
> +
> +ifeq ($(BR2_SSP_STRONG),y)
> +ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ENABLE_STACK_PROTECTOR=strong
> +endif
> +
> +ifeq ($(BR2_SSP_ALL),y)
> +ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ENABLE_STACK_PROTECTOR=all
> +endif

It looks like the toolchain wrapper does that already. See
toolchain/toolchain-wrapper.mk. Are you sure this is needed?

baruch

-- 
                                                     ~. .~   Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
   - baruch at tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -


More information about the buildroot mailing list