Skip to content

Commit

Permalink
[PORT FROM PMRI] Add stack protection flag for kernelflinger
Browse files Browse the repository at this point in the history 
It requires stack-protector, stack execution protection,
 data relocation and protection (RELRO)
Add CFLAGS: -fstack-protector-strong -Wformat -Wformat-security -D_FORTIFY_SOURCE=2
Add LDFLAGS: -znoexecstack -zrelro -znow

Change-Id: I3c56445f0bb1c223460048d682bfe03882f17f3a
Tracked-On: OAM-73605
Signed-off-by: Heng Luo <[email protected]>
  • Loading branch information
@luo-heng @swaroopbalan
luo-heng authored and swaroopbalan committed Mar 26, 2019
1 parent cfe2fa3 commit 911bf1a
Showing 1 changed file with 5 additions and 3 deletions.
8 changes: 5 additions & 3 deletions core/definitions.mk
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ endif
otatools: $(INTEL_OTATOOLS)

# FIXME: may be unsafe to omit -no-sse
TARGET_IAFW_GLOBAL_CFLAGS := -ggdb -O3 -fno-stack-protector \
TARGET_IAFW_GLOBAL_CFLAGS := -ggdb -O3 -fstack-protector-strong \
-fno-strict-aliasing -fpic \
-fshort-wchar -mno-red-zone \
-mno-mmx -fno-builtin \
Expand All @@ -73,10 +73,12 @@ TARGET_IAFW_GLOBAL_CFLAGS := -ggdb -O3 -fno-stack-protector \
-Wno-unused-const-variable \
-Wno-constant-conversion \
-Wno-unused-function \
-Wno-tautological-pointer-compare
-Wno-tautological-pointer-compare \
-Wformat -Wformat-security \
-D_FORTIFY_SOURCE=2

TARGET_IAFW_GLOBAL_LDFLAGS := -nostdlib --no-undefined \
--fatal-warnings -Bsymbolic -znocombreloc
--fatal-warnings -Bsymbolic -znocombreloc -znoexecstack -zrelro -znow

ifneq ($(TARGET_UEFI_ARCH),)
TARGET_IAFW_ARCH := $(TARGET_UEFI_ARCH)
Expand Down

0 comments on commit 911bf1a

Please sign in to comment.