@@ -100,6 +100,14 @@ ARM_TRUSTED_FIRMWARE_MAKE_OPTS += MV_DDR_PATH=$(MV_DDR_MARVELL_DIR)
ARM_TRUSTED_FIRMWARE_DEPENDENCIES += mv-ddr-marvell
endif
+ifeq ($(BR2_SSP_REGULAR),y)
+ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ENABLE_STACK_PROTECTOR=default
+else ifeq ($(BR2_SSP_STRONG),y)
+ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ENABLE_STACK_PROTECTOR=strong
+else ifeq ($(BR2_SSP_ALL),y)
+ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ENABLE_STACK_PROTECTOR=all
+endif
+
ARM_TRUSTED_FIRMWARE_MAKE_TARGETS = all
ifeq ($(BR2_TARGET_ARM_TRUSTED_FIRMWARE_FIP),y)
TF-A supports stack smashing protection (-fstack-protector-*). However, it currenlty silently disables that feature with -fno-stack-protector in case ENABLE_STACK_PROTECTOR is not set during build time. As documented in the TF-A user guide, the flag ENABLE_STACK_PROTECTOR is required to enable stack protection support. When enabled the symbols for the stack protector (e.g. __stack_chk_guard) are built. So in case we see that BR2_SSP_* is enabled, let's enable the corresponding build flag for TF-A as documented in the TF-A user guide. Tested on a Rockchip PX30 based system (TF-A v2.2 and upstream/master). Signed-off-by: Christoph Müllner <christoph.muellner@theobroma-systems.com> --- boot/arm-trusted-firmware/arm-trusted-firmware.mk | 8 ++++++++ 1 file changed, 8 insertions(+)