All the mail mirrored from lore.kernel.org
 help / color / mirror / Atom feed
From: Heiko Thiery <heiko.thiery@gmail.com>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH v2 01/28] boot/arm-trusted-firmware: option to disable stack protection
Date: Thu, 10 Jun 2021 08:36:19 +0200	[thread overview]
Message-ID: <CAEyMn7aqWF6ki5H-Uv_rGezusRwP3oKrba2zj31OAeb-ribsQQ@mail.gmail.com> (raw)
In-Reply-To: <YME6zLv85ivVOkpi@curiosity>

Hi Thomas, Hi Sergey,

Am Do., 10. Juni 2021 um 00:03 Uhr schrieb Sergey Matyukevich
<geomatsi@gmail.com>:
>
> Hello Thomas,
>
> > > +config BR2_TARGET_ARM_TRUSTED_FIRMWARE_DISABLE_SSP
> > > +   bool "Disable stack protection"
> > > +   help
> > > +     Select this option to explicitly disable stack protection checks in GCC.
> > > +     Such checks need to be disabled if ATF platform port does not implement
> > > +     plat_get_stack_protector_canary() hook.
> >
> > It's a bit annoying that we have to tell TF-A about this. If TF-A
> > doesn't implement plat_get_stack_protector_canary() for a certain
> > platform, why does it try to enable SSP ? It feels like something that
> > should be fixed in TF-A.
>
> TF-A does not attempt to enable those protection checks. This is
> controlled by its ENABLE_STACK_PROTECTOR build flag, which default
> value is 'none'. This is Buildroot who tries to enable TF-A stack
> protection checks depending on BR2_SSP_* toolchain features only:
> see arm-trusted-firmware.mk.

with commit 810ba387 we enabled SSP by default. And in the ATF
makefile we map that setting to atf ENABLE_STACK_PROTECTOR setting. As
this we force to use SSP in atf. But you're right this should be
handled in the TF-A stack. I tried to get some feedback from the TF-A
guys [1] but there is no helpful answer. So for now I think it is a
quick solution to make it possible to disable SSP for ATF like that.

On the other hand, does it make any sense at all to automatically take
over the SSP setting from the compiler options?

[1] https://lists.trustedfirmware.org/pipermail/tf-a/2021-May/001152.html

>
> Regards,
> Sergey

  reply	other threads:[~2021-06-10  6:36 UTC|newest]

Thread overview: 37+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-06-09 19:59 [Buildroot] [PATCH v2 00/28] sunxi: use mainline arm-trusted-firmware Sergey Matyukevich
2021-06-09 19:59 ` [Buildroot] [PATCH v2 01/28] boot/arm-trusted-firmware: option to disable stack protection Sergey Matyukevich
2021-06-09 21:40   ` Thomas Petazzoni
2021-06-09 22:03     ` Sergey Matyukevich
2021-06-10  6:36       ` Heiko Thiery [this message]
2021-06-10 19:26         ` Sergey Matyukevich
2021-06-10 14:10       ` Thomas Petazzoni
2021-06-09 19:59 ` [Buildroot] [PATCH v2 02/28] support/testing: switch TestATFAllwinner to mainline ATF Sergey Matyukevich
2021-06-09 19:59 ` [Buildroot] [PATCH v2 03/28] support/testing/tests/boot/test_atf: update U-Boot in TestATFAllwinner Sergey Matyukevich
2021-06-09 19:59 ` [Buildroot] [PATCH v2 04/28] configs/orangepi_zero_plus2_defconfig: switch to mainline ATF Sergey Matyukevich
2021-06-09 19:59 ` [Buildroot] [PATCH v2 05/28] configs/bananapi_m64_defconfig: " Sergey Matyukevich
2021-06-09 19:59 ` [Buildroot] [PATCH v2 06/28] configs/orangepi_zero_plus_defconfig: " Sergey Matyukevich
2021-06-09 19:59 ` [Buildroot] [PATCH v2 07/28] configs/orangepi_pc2_defconfig: " Sergey Matyukevich
2021-06-09 19:59 ` [Buildroot] [PATCH v2 08/28] configs/orangepi_prime_defconfig: " Sergey Matyukevich
2021-06-09 19:59 ` [Buildroot] [PATCH v2 09/28] configs/orangepi_win_defconfig: " Sergey Matyukevich
2021-06-09 19:59 ` [Buildroot] [PATCH v2 10/28] configs/friendlyarm_nanopi_a64_defconfig: " Sergey Matyukevich
2021-06-09 19:59 ` [Buildroot] [PATCH v2 11/28] configs/friendlyarm_nanopi_neo2_defconfig: " Sergey Matyukevich
2021-06-09 19:59 ` [Buildroot] [PATCH v2 12/28] configs/friendlyarm_nanopi_neo_plus2_defconfig: " Sergey Matyukevich
2021-06-09 19:59 ` [Buildroot] [PATCH v2 13/28] configs/amarula_a64_relic_defconfig: " Sergey Matyukevich
2021-06-09 19:59 ` [Buildroot] [PATCH v2 14/28] configs/olimex_a64_olinuxino_defconfig: " Sergey Matyukevich
2021-06-09 19:59 ` [Buildroot] [PATCH v2 15/28] configs/pine64_defconfig: " Sergey Matyukevich
2021-06-09 19:59 ` [Buildroot] [PATCH v2 16/28] configs/pine64_sopine_defconfig: " Sergey Matyukevich
2021-06-09 19:59 ` [Buildroot] [PATCH v2 17/28] configs/orangepi-zero-plus2: bump BSP versions Sergey Matyukevich
2021-06-09 19:59 ` [Buildroot] [PATCH v2 18/28] configs/bananapi_m64_defconfig: " Sergey Matyukevich
2021-06-09 19:59 ` [Buildroot] [PATCH v2 19/28] configs/orangepi_zero_plus_defconfig: " Sergey Matyukevich
2021-06-09 19:59 ` [Buildroot] [PATCH v2 20/28] configs/orangepi_pc2_defconfig: " Sergey Matyukevich
2021-06-09 19:59 ` [Buildroot] [PATCH v2 21/28] configs/orangepi_prime_defconfig: " Sergey Matyukevich
2021-06-09 19:59 ` [Buildroot] [PATCH v2 22/28] configs/orangepi_win_defconfig: " Sergey Matyukevich
2021-06-09 19:59 ` [Buildroot] [PATCH v2 23/28] configs/friendlyarm_nanopi_a64_defconfig: " Sergey Matyukevich
2021-06-09 19:59 ` [Buildroot] [PATCH v2 24/28] configs/friendlyarm_nanopi_neo2_defconfig: " Sergey Matyukevich
2021-06-09 20:00 ` [Buildroot] [PATCH v2 25/28] configs/friendlyarm_nanopi_neo_plus2_defconfig: " Sergey Matyukevich
2021-06-09 20:00 ` [Buildroot] [PATCH v2 26/28] configs/olimex_a64_olinuxino_defconfig: " Sergey Matyukevich
2021-06-09 20:00 ` [Buildroot] [PATCH v2 27/28] configs/pine64_defconfig: " Sergey Matyukevich
2021-06-09 20:00 ` [Buildroot] [PATCH v2 28/28] configs/pine64_sopine_defconfig: " Sergey Matyukevich
2021-06-10 13:22 ` [Buildroot] [PATCH v2 00/28] sunxi: use mainline arm-trusted-firmware Thomas Petazzoni
2021-06-10 19:37   ` Sergey Matyukevich
2021-06-24 21:25     ` Yann E. MORIN

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAEyMn7aqWF6ki5H-Uv_rGezusRwP3oKrba2zj31OAeb-ribsQQ@mail.gmail.com \
    --to=heiko.thiery@gmail.com \
    --cc=buildroot@busybox.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.