diff options
| author | Soby Mathew <soby.mathew@arm.com> | 2019-04-30 15:43:21 +0000 |
|---|---|---|
| committer | TrustedFirmware Code Review <review@review.trustedfirmware.org> | 2019-04-30 15:43:21 +0000 |
| commit | 29162843779552d3d28878cd8031bc032cba421e (patch) | |
| tree | e04b0eec7789b7d7ac718202752ca393ff46f191 | |
| parent | 19b4f689c6f58cb2da9377bcec32c79a97d3fb73 (diff) | |
| parent | 2a3c645b40ebb5149f6e043babccd95469867030 (diff) | |
Merge changes from topic "lm/stack_protector" into integration
* changes:
juno: Add security sources for tsp-juno
Add support for default stack-protector flag
| -rw-r--r-- | docs/user-guide.rst | 12 | ||||
| -rw-r--r-- | lib/stack_protector/stack_protector.mk | 19 | ||||
| -rw-r--r-- | plat/arm/board/juno/tsp/tsp-juno.mk | 5 |
3 files changed, 22 insertions, 14 deletions
diff --git a/docs/user-guide.rst b/docs/user-guide.rst index b9f08716a..01cf17a23 100644 --- a/docs/user-guide.rst +++ b/docs/user-guide.rst @@ -460,12 +460,12 @@ Common build options architecture is AArch32. - ``ENABLE_STACK_PROTECTOR``: String option to enable the stack protection - checks in GCC. Allowed values are "all", "strong" and "0" (default). - "strong" is the recommended stack protection level if this feature is - desired. 0 disables the stack protection. For all values other than 0, the - ``plat_get_stack_protector_canary()`` platform hook needs to be implemented. - The value is passed as the last component of the option - ``-fstack-protector-$ENABLE_STACK_PROTECTOR``. + checks in GCC. Allowed values are "all", "strong", "default" and "none". The + default value is set to "none". "strong" is the recommended stack protection + level if this feature is desired. "none" disables the stack protection. For + all values other than "none", the ``plat_get_stack_protector_canary()`` + platform hook needs to be implemented. The value is passed as the last + component of the option ``-fstack-protector-$ENABLE_STACK_PROTECTOR``. - ``ERROR_DEPRECATED``: This option decides whether to treat the usage of deprecated platform APIs, helper functions or drivers within Trusted diff --git a/lib/stack_protector/stack_protector.mk b/lib/stack_protector/stack_protector.mk index 0f0d90fb8..94e804be9 100644 --- a/lib/stack_protector/stack_protector.mk +++ b/lib/stack_protector/stack_protector.mk @@ -1,5 +1,5 @@ # -# Copyright (c) 2017, ARM Limited and Contributors. All rights reserved. +# Copyright (c) 2017-2019, ARM Limited and Contributors. All rights reserved. # # SPDX-License-Identifier: BSD-3-Clause # @@ -7,13 +7,20 @@ # Boolean macro to be used in C code STACK_PROTECTOR_ENABLED := 0 -ifneq (${ENABLE_STACK_PROTECTOR},0) -STACK_PROTECTOR_ENABLED := 1 -BL_COMMON_SOURCES += lib/stack_protector/stack_protector.c \ +ifeq (${ENABLE_STACK_PROTECTOR},0) + ENABLE_STACK_PROTECTOR := none +endif + +ifneq (${ENABLE_STACK_PROTECTOR},none) + STACK_PROTECTOR_ENABLED := 1 + BL_COMMON_SOURCES += lib/stack_protector/stack_protector.c \ lib/stack_protector/${ARCH}/asm_stack_protector.S -TF_CFLAGS += -fstack-protector-${ENABLE_STACK_PROTECTOR} + ifeq (${ENABLE_STACK_PROTECTOR},default) + TF_CFLAGS += -fstack-protector + else + TF_CFLAGS += -fstack-protector-${ENABLE_STACK_PROTECTOR} + endif endif $(eval $(call add_define,STACK_PROTECTOR_ENABLED)) - diff --git a/plat/arm/board/juno/tsp/tsp-juno.mk b/plat/arm/board/juno/tsp/tsp-juno.mk index 52461cf8b..be75c4d76 100644 --- a/plat/arm/board/juno/tsp/tsp-juno.mk +++ b/plat/arm/board/juno/tsp/tsp-juno.mk @@ -1,11 +1,12 @@ # -# Copyright (c) 2014-2016, ARM Limited and Contributors. All rights reserved. +# Copyright (c) 2014-2019, ARM Limited and Contributors. All rights reserved. # # SPDX-License-Identifier: BSD-3-Clause # BL32_SOURCES += plat/arm/board/juno/juno_topology.c \ plat/arm/css/common/css_topology.c \ - ${JUNO_GIC_SOURCES} + ${JUNO_GIC_SOURCES} \ + ${JUNO_SECURITY_SOURCES} include plat/arm/common/tsp/arm_tsp.mk |