[Buildroot] [git commit] boot/arm-trusted-firmware: change ENABLE_STACK_PROTECTOR value when disabled

Thomas Petazzoni thomas.petazzoni at bootlin.com
Sun Aug 8 19:54:32 UTC 2021


commit: https://git.buildroot.net/buildroot/commit/?id=5f432df7e2d26d6d57d750cbee1a573c1f886e26
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master

Since commit
cf176128ec4ad60c29c8828cab1887f69edb9473 ("boot/arm-trusted-firmware:
add SSP option"), we are passing ENABLE_STACK_PROTECTOR=none when we
want to disable SSP usage in TF-A. While this works fine in recent
versions of TF-A, older versions such as TF-A will end up passing
-fstack-protector-none in this situation, which fails as this is not a
valid gcc option (the valid gcc option is -fno-stack-protector).

To solve this, we pass ENABLE_STACK_PROTECTOR=0 which was in older
TF-A versions used to say "don't do anything with SSP", and is also
still supported in newer versions of TF-A.

Fixes:

 https://gitlab.com/buildroot.org/buildroot/-/jobs/1478738580

Signed-off-by: Thomas Petazzoni <thomas.petazzoni at bootlin.com>
---
 boot/arm-trusted-firmware/Config.in | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/boot/arm-trusted-firmware/Config.in b/boot/arm-trusted-firmware/Config.in
index 7e46a10270..9e171f414f 100644
--- a/boot/arm-trusted-firmware/Config.in
+++ b/boot/arm-trusted-firmware/Config.in
@@ -204,7 +204,10 @@ config BR2_TARGET_ARM_TRUSTED_FIRMWARE_SSP
 
 config BR2_TARGET_ARM_TRUSTED_FIRMWARE_SSP_LEVEL
 	string
-	default "none"    if !BR2_TARGET_ARM_TRUSTED_FIRMWARE_SSP
+	# While newer versions of TF-A support "none" as
+	# ENABLE_STACK_PROTECTOR value, older versions (e.g 2.0) only
+	# supported "0" to disable SSP.
+	default "0"    	  if !BR2_TARGET_ARM_TRUSTED_FIRMWARE_SSP
 	default "default" if BR2_SSP_REGULAR
 	default "strong"  if BR2_SSP_STRONG
 	default "all"     if BR2_SSP_ALL


More information about the buildroot mailing list