diff mbox series

[1/1] boot/arm-trusted-firmware: Forward stack protection configuration

Message ID 20201122143731.3374802-1-christoph.muellner@theobroma-systems.com
State Changes Requested
Headers show
Series [1/1] boot/arm-trusted-firmware: Forward stack protection configuration | expand

Commit Message

Christoph Müllner Nov. 22, 2020, 2:37 p.m. UTC
TF-A supports stack smashing protection (-fstack-protector-*).
However it currenlty fails to build when built with BR2_SSP_*
enabled, because stack protection needs to be enabled for the
TF-A build process itself as well to generate the required
symbols (e.g. __stack_chk_guard).

So in case we see that BR2_SSP_* is enabled, let's enable
the corresponding build flag for TF-A as documented in
the TF-A user guide.

Tested on a Rockchip PX30 based system.

Signed-off-by: Christoph Müllner <christoph.muellner@theobroma-systems.com>
---
 boot/arm-trusted-firmware/arm-trusted-firmware.mk | 8 ++++++++
 1 file changed, 8 insertions(+)
diff mbox series

Patch

diff --git a/boot/arm-trusted-firmware/arm-trusted-firmware.mk b/boot/arm-trusted-firmware/arm-trusted-firmware.mk
index a3553e36cf..0597cecf71 100644
--- a/boot/arm-trusted-firmware/arm-trusted-firmware.mk
+++ b/boot/arm-trusted-firmware/arm-trusted-firmware.mk
@@ -100,6 +100,14 @@  ARM_TRUSTED_FIRMWARE_MAKE_OPTS += MV_DDR_PATH=$(MV_DDR_MARVELL_DIR)
 ARM_TRUSTED_FIRMWARE_DEPENDENCIES += mv-ddr-marvell
 endif
 
+ifeq ($(BR2_SSP_REGULAR),y)
+ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ENABLE_STACK_PROTECTOR=default
+else ifeq ($(BR2_SSP_STRONG),y)
+ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ENABLE_STACK_PROTECTOR=strong
+else ifeq ($(BR2_SSP_ALL),y)
+ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ENABLE_STACK_PROTECTOR=all
+endif
+
 ARM_TRUSTED_FIRMWARE_MAKE_TARGETS = all
 
 ifeq ($(BR2_TARGET_ARM_TRUSTED_FIRMWARE_FIP),y)