@@ -100,6 +100,14 @@ ARM_TRUSTED_FIRMWARE_MAKE_OPTS += MV_DDR_PATH=$(MV_DDR_MARVELL_DIR)
ARM_TRUSTED_FIRMWARE_DEPENDENCIES += mv-ddr-marvell
endif
+ifeq ($(BR2_SSP_REGULAR),y)
+ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ENABLE_STACK_PROTECTOR=default
+else ifeq ($(BR2_SSP_STRONG),y)
+ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ENABLE_STACK_PROTECTOR=strong
+else ifeq ($(BR2_SSP_ALL),y)
+ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ENABLE_STACK_PROTECTOR=all
+endif
+
ARM_TRUSTED_FIRMWARE_MAKE_TARGETS = all
ifeq ($(BR2_TARGET_ARM_TRUSTED_FIRMWARE_FIP),y)
TF-A supports stack smashing protection (-fstack-protector-*). However it currenlty fails to build when built with BR2_SSP_* enabled, because stack protection needs to be enabled for the TF-A build process itself as well to generate the required symbols (e.g. __stack_chk_guard). So in case we see that BR2_SSP_* is enabled, let's enable the corresponding build flag for TF-A as documented in the TF-A user guide. Tested on a Rockchip PX30 based system. Signed-off-by: Christoph Müllner <christoph.muellner@theobroma-systems.com> --- boot/arm-trusted-firmware/arm-trusted-firmware.mk | 8 ++++++++ 1 file changed, 8 insertions(+)