From: Sergey Matyukevich <geomatsi@gmail.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH v2 01/28] boot/arm-trusted-firmware: option to disable stack protection
Date: Wed, 9 Jun 2021 22:59:36 +0300 [thread overview]
Message-ID: <20210609200003.2866122-2-geomatsi@gmail.com> (raw)
In-Reply-To: <20210609200003.2866122-1-geomatsi@gmail.com>
Default value for ATF build flag ENABLE_STACK_PROTECTOR is "none".
Buildroot sets appropriate ENABLE_STACK_PROTECTOR build flag value
based on the enabled BR2_SSP_* options. For any values other than
"none", ATF platform specific hook 'plat_get_stack_protector_canary'
should be implemented. However this hook is not implemented by all
the platforms supported by ATF. For instance, allwinner does not
provide such a hook.
Add new option BR2_TARGET_ARM_TRUSTED_FIRMWARE_DISABLE_SSP to disable
GCC stack protecton when selected ATF platform does not provide
support for this feature.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
---
boot/arm-trusted-firmware/Config.in | 7 +++++++
boot/arm-trusted-firmware/arm-trusted-firmware.mk | 4 ++++
2 files changed, 11 insertions(+)
diff --git a/boot/arm-trusted-firmware/Config.in b/boot/arm-trusted-firmware/Config.in
index a5a8c5bfc3..ba371986d8 100644
--- a/boot/arm-trusted-firmware/Config.in
+++ b/boot/arm-trusted-firmware/Config.in
@@ -188,4 +188,11 @@ config BR2_TARGET_ARM_TRUSTED_FIRMWARE_NEEDS_ARM32_TOOLCHAIN
Select this option if your ATF board configuration requires
an ARM32 bare metal toolchain to be available.
+config BR2_TARGET_ARM_TRUSTED_FIRMWARE_DISABLE_SSP
+ bool "Disable stack protection"
+ help
+ Select this option to explicitly disable stack protection checks in GCC.
+ Such checks need to be disabled if ATF platform port does not implement
+ plat_get_stack_protector_canary() hook.
+
endif
diff --git a/boot/arm-trusted-firmware/arm-trusted-firmware.mk b/boot/arm-trusted-firmware/arm-trusted-firmware.mk
index 279658712b..00d20aac94 100644
--- a/boot/arm-trusted-firmware/arm-trusted-firmware.mk
+++ b/boot/arm-trusted-firmware/arm-trusted-firmware.mk
@@ -109,6 +109,9 @@ ARM_TRUSTED_FIRMWARE_MAKE_OPTS += MV_DDR_PATH=$(MV_DDR_MARVELL_DIR)
ARM_TRUSTED_FIRMWARE_DEPENDENCIES += mv-ddr-marvell
endif
+ifeq ($(BR2_TARGET_ARM_TRUSTED_FIRMWARE_DISABLE_SSP),y)
+ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ENABLE_STACK_PROTECTOR=none
+else
ifeq ($(BR2_SSP_REGULAR),y)
ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ENABLE_STACK_PROTECTOR=default
else ifeq ($(BR2_SSP_STRONG),y)
@@ -116,6 +119,7 @@ ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ENABLE_STACK_PROTECTOR=strong
else ifeq ($(BR2_SSP_ALL),y)
ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ENABLE_STACK_PROTECTOR=all
endif
+endif
ARM_TRUSTED_FIRMWARE_MAKE_TARGETS = all
--
2.31.1
next prev parent reply other threads:[~2021-06-09 19:59 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-09 19:59 [Buildroot] [PATCH v2 00/28] sunxi: use mainline arm-trusted-firmware Sergey Matyukevich
2021-06-09 19:59 ` Sergey Matyukevich [this message]
2021-06-09 21:40 ` [Buildroot] [PATCH v2 01/28] boot/arm-trusted-firmware: option to disable stack protection Thomas Petazzoni
2021-06-09 22:03 ` Sergey Matyukevich
2021-06-10 6:36 ` Heiko Thiery
2021-06-10 19:26 ` Sergey Matyukevich
2021-06-10 14:10 ` Thomas Petazzoni
2021-06-09 19:59 ` [Buildroot] [PATCH v2 02/28] support/testing: switch TestATFAllwinner to mainline ATF Sergey Matyukevich
2021-06-09 19:59 ` [Buildroot] [PATCH v2 03/28] support/testing/tests/boot/test_atf: update U-Boot in TestATFAllwinner Sergey Matyukevich
2021-06-09 19:59 ` [Buildroot] [PATCH v2 04/28] configs/orangepi_zero_plus2_defconfig: switch to mainline ATF Sergey Matyukevich
2021-06-09 19:59 ` [Buildroot] [PATCH v2 05/28] configs/bananapi_m64_defconfig: " Sergey Matyukevich
2021-06-09 19:59 ` [Buildroot] [PATCH v2 06/28] configs/orangepi_zero_plus_defconfig: " Sergey Matyukevich
2021-06-09 19:59 ` [Buildroot] [PATCH v2 07/28] configs/orangepi_pc2_defconfig: " Sergey Matyukevich
2021-06-09 19:59 ` [Buildroot] [PATCH v2 08/28] configs/orangepi_prime_defconfig: " Sergey Matyukevich
2021-06-09 19:59 ` [Buildroot] [PATCH v2 09/28] configs/orangepi_win_defconfig: " Sergey Matyukevich
2021-06-09 19:59 ` [Buildroot] [PATCH v2 10/28] configs/friendlyarm_nanopi_a64_defconfig: " Sergey Matyukevich
2021-06-09 19:59 ` [Buildroot] [PATCH v2 11/28] configs/friendlyarm_nanopi_neo2_defconfig: " Sergey Matyukevich
2021-06-09 19:59 ` [Buildroot] [PATCH v2 12/28] configs/friendlyarm_nanopi_neo_plus2_defconfig: " Sergey Matyukevich
2021-06-09 19:59 ` [Buildroot] [PATCH v2 13/28] configs/amarula_a64_relic_defconfig: " Sergey Matyukevich
2021-06-09 19:59 ` [Buildroot] [PATCH v2 14/28] configs/olimex_a64_olinuxino_defconfig: " Sergey Matyukevich
2021-06-09 19:59 ` [Buildroot] [PATCH v2 15/28] configs/pine64_defconfig: " Sergey Matyukevich
2021-06-09 19:59 ` [Buildroot] [PATCH v2 16/28] configs/pine64_sopine_defconfig: " Sergey Matyukevich
2021-06-09 19:59 ` [Buildroot] [PATCH v2 17/28] configs/orangepi-zero-plus2: bump BSP versions Sergey Matyukevich
2021-06-09 19:59 ` [Buildroot] [PATCH v2 18/28] configs/bananapi_m64_defconfig: " Sergey Matyukevich
2021-06-09 19:59 ` [Buildroot] [PATCH v2 19/28] configs/orangepi_zero_plus_defconfig: " Sergey Matyukevich
2021-06-09 19:59 ` [Buildroot] [PATCH v2 20/28] configs/orangepi_pc2_defconfig: " Sergey Matyukevich
2021-06-09 19:59 ` [Buildroot] [PATCH v2 21/28] configs/orangepi_prime_defconfig: " Sergey Matyukevich
2021-06-09 19:59 ` [Buildroot] [PATCH v2 22/28] configs/orangepi_win_defconfig: " Sergey Matyukevich
2021-06-09 19:59 ` [Buildroot] [PATCH v2 23/28] configs/friendlyarm_nanopi_a64_defconfig: " Sergey Matyukevich
2021-06-09 19:59 ` [Buildroot] [PATCH v2 24/28] configs/friendlyarm_nanopi_neo2_defconfig: " Sergey Matyukevich
2021-06-09 20:00 ` [Buildroot] [PATCH v2 25/28] configs/friendlyarm_nanopi_neo_plus2_defconfig: " Sergey Matyukevich
2021-06-09 20:00 ` [Buildroot] [PATCH v2 26/28] configs/olimex_a64_olinuxino_defconfig: " Sergey Matyukevich
2021-06-09 20:00 ` [Buildroot] [PATCH v2 27/28] configs/pine64_defconfig: " Sergey Matyukevich
2021-06-09 20:00 ` [Buildroot] [PATCH v2 28/28] configs/pine64_sopine_defconfig: " Sergey Matyukevich
2021-06-10 13:22 ` [Buildroot] [PATCH v2 00/28] sunxi: use mainline arm-trusted-firmware Thomas Petazzoni
2021-06-10 19:37 ` Sergey Matyukevich
2021-06-24 21:25 ` Yann E. MORIN
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210609200003.2866122-2-geomatsi@gmail.com \
--to=geomatsi@gmail.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.