diff mbox series

[5/8] UBUNTU: SAUCE: ubuntu/sgx: hardening compiler options

Message ID 20210812120913.9316-6-tim.gardner@canonical.com
State New
Headers show
Series Sync to SGX 1.33.2 | expand

Commit Message

Tim Gardner Aug. 12, 2021, 12:09 p.m. UTC 
BugLink: https://bugs.launchpad.net/bugs/1936240

https://github.com/intel/SGXDataCenterAttestationPrimitives
9086b3ef9b0760292cd2ffd70253a45bfcb37f26 Linux Driver: hardening compiler options

Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
---
 ubuntu/sgx/Makefile | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/ubuntu/sgx/Makefile b/ubuntu/sgx/Makefile
index 763fd841cb209..4f7f513b8b7e1 100644
--- a/ubuntu/sgx/Makefile
+++ b/ubuntu/sgx/Makefile
@@ -29,8 +29,11 @@  default:
 else
 
 PWD  := $(shell pwd)
+EXTRA_CFLAGS += -I$(PWD) -I$(PWD)/include -D_FORTIFY_SOURCE=2 -Wl,-z,relro,-z,now
+EXTRA_LDFLAGS := -z noexecstack
+
 default:
-	$(MAKE) -C $(KDIR) M=$(PWD) CFLAGS_MODULE="-I$(PWD) -I$(PWD)/include $(EXTRA_CFLAGS)" modules
+	$(MAKE) -C $(KDIR) M=$(PWD) LDFLAGS_MODULE="$(EXTRA_LDFLAGS)" CFLAGS_MODULE="$(EXTRA_CFLAGS)" modules
 
 endif
 endif