Merge changes from topic "lm/stack_protector" into integration

* changes: juno: Add security sources for tsp-juno Add support for default stack-protector flag
2019-04-30 15:43:21 +00:00 · 2019-04-30 15:43:21 +00:00 · 2916284377
parent 19b4f689c6 2a3c645b40
commit 2916284377
3 changed files with 22 additions and 14 deletions
--- a/docs/user-guide.rst
+++ b/docs/user-guide.rst
@ -460,12 +460,12 @@ Common build options
   architecture is AArch32.

 -  ``ENABLE_STACK_PROTECTOR``: String option to enable the stack protection
-   checks in GCC. Allowed values are "all", "strong" and "0" (default).
-   "strong" is the recommended stack protection level if this feature is
-   desired. 0 disables the stack protection. For all values other than 0, the
-   ``plat_get_stack_protector_canary()`` platform hook needs to be implemented.
-   The value is passed as the last component of the option
-   ``-fstack-protector-$ENABLE_STACK_PROTECTOR``.
+   checks in GCC. Allowed values are "all", "strong", "default" and "none". The
+   default value is set to "none". "strong" is the recommended stack protection
+   level if this feature is desired. "none" disables the stack protection. For
+   all values other than "none", the ``plat_get_stack_protector_canary()``
+   platform hook needs to be implemented. The value is passed as the last
+   component of the option ``-fstack-protector-$ENABLE_STACK_PROTECTOR``.

 -  ``ERROR_DEPRECATED``: This option decides whether to treat the usage of
   deprecated platform APIs, helper functions or drivers within Trusted
--- a/lib/stack_protector/stack_protector.mk
+++ b/lib/stack_protector/stack_protector.mk
@ -1,5 +1,5 @@
 #
-# Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2017-2019, ARM Limited and Contributors. All rights reserved.
 #
 # SPDX-License-Identifier: BSD-3-Clause
 #
@ -7,13 +7,20 @@
 # Boolean macro to be used in C code
 STACK_PROTECTOR_ENABLED := 0

-ifneq (${ENABLE_STACK_PROTECTOR},0)
-STACK_PROTECTOR_ENABLED := 1
-BL_COMMON_SOURCES	+=	lib/stack_protector/stack_protector.c			\
+ifeq (${ENABLE_STACK_PROTECTOR},0)
+  ENABLE_STACK_PROTECTOR := none
+endif
+
+ifneq (${ENABLE_STACK_PROTECTOR},none)
+  STACK_PROTECTOR_ENABLED := 1
+  BL_COMMON_SOURCES	+=	lib/stack_protector/stack_protector.c	\
 				lib/stack_protector/${ARCH}/asm_stack_protector.S

-TF_CFLAGS		+=	-fstack-protector-${ENABLE_STACK_PROTECTOR}
+  ifeq (${ENABLE_STACK_PROTECTOR},default)
+    TF_CFLAGS		+=	-fstack-protector
+  else
+    TF_CFLAGS		+=	-fstack-protector-${ENABLE_STACK_PROTECTOR}
+  endif
 endif

 $(eval $(call add_define,STACK_PROTECTOR_ENABLED))
-
--- a/plat/arm/board/juno/tsp/tsp-juno.mk
+++ b/plat/arm/board/juno/tsp/tsp-juno.mk
@ -1,11 +1,12 @@
 #
-# Copyright (c) 2014-2016, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2014-2019, ARM Limited and Contributors. All rights reserved.
 #
 # SPDX-License-Identifier: BSD-3-Clause
 #

 BL32_SOURCES		+=	plat/arm/board/juno/juno_topology.c	\
 				plat/arm/css/common/css_topology.c	\
-				${JUNO_GIC_SOURCES}
+				${JUNO_GIC_SOURCES}			\
+				${JUNO_SECURITY_SOURCES}

 include plat/arm/common/tsp/arm_tsp.mk