[Buildroot] [PATCH v2 01/28] boot/arm-trusted-firmware: option to disable stack protection

Sergey Matyukevich geomatsi at gmail.com
Wed Jun 9 19:59:36 UTC 2021


Default value for ATF build flag  ENABLE_STACK_PROTECTOR is "none".
Buildroot sets appropriate ENABLE_STACK_PROTECTOR build flag value
based on the enabled BR2_SSP_* options. For any values other than
"none", ATF platform specific hook 'plat_get_stack_protector_canary'
should be implemented. However this hook is not implemented by all
the platforms supported by ATF. For instance, allwinner does not
provide such a hook.

Add new option BR2_TARGET_ARM_TRUSTED_FIRMWARE_DISABLE_SSP to disable
GCC stack protecton when selected ATF platform does not provide
support for this feature.

Signed-off-by: Sergey Matyukevich <geomatsi at gmail.com>
---
 boot/arm-trusted-firmware/Config.in               | 7 +++++++
 boot/arm-trusted-firmware/arm-trusted-firmware.mk | 4 ++++
 2 files changed, 11 insertions(+)

diff --git a/boot/arm-trusted-firmware/Config.in b/boot/arm-trusted-firmware/Config.in
index a5a8c5bfc3..ba371986d8 100644
--- a/boot/arm-trusted-firmware/Config.in
+++ b/boot/arm-trusted-firmware/Config.in
@@ -188,4 +188,11 @@ config BR2_TARGET_ARM_TRUSTED_FIRMWARE_NEEDS_ARM32_TOOLCHAIN
 	  Select this option if your ATF board configuration requires
 	  an ARM32 bare metal toolchain to be available.
 
+config BR2_TARGET_ARM_TRUSTED_FIRMWARE_DISABLE_SSP
+	bool "Disable stack protection"
+	help
+	  Select this option to explicitly disable stack protection checks in GCC.
+	  Such checks need to be disabled if ATF platform port does not implement
+	  plat_get_stack_protector_canary() hook.
+
 endif
diff --git a/boot/arm-trusted-firmware/arm-trusted-firmware.mk b/boot/arm-trusted-firmware/arm-trusted-firmware.mk
index 279658712b..00d20aac94 100644
--- a/boot/arm-trusted-firmware/arm-trusted-firmware.mk
+++ b/boot/arm-trusted-firmware/arm-trusted-firmware.mk
@@ -109,6 +109,9 @@ ARM_TRUSTED_FIRMWARE_MAKE_OPTS += MV_DDR_PATH=$(MV_DDR_MARVELL_DIR)
 ARM_TRUSTED_FIRMWARE_DEPENDENCIES += mv-ddr-marvell
 endif
 
+ifeq ($(BR2_TARGET_ARM_TRUSTED_FIRMWARE_DISABLE_SSP),y)
+ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ENABLE_STACK_PROTECTOR=none
+else
 ifeq ($(BR2_SSP_REGULAR),y)
 ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ENABLE_STACK_PROTECTOR=default
 else ifeq ($(BR2_SSP_STRONG),y)
@@ -116,6 +119,7 @@ ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ENABLE_STACK_PROTECTOR=strong
 else ifeq ($(BR2_SSP_ALL),y)
 ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ENABLE_STACK_PROTECTOR=all
 endif
+endif
 
 ARM_TRUSTED_FIRMWARE_MAKE_TARGETS = all
 
-- 
2.31.1




More information about the buildroot mailing list