* [Buildroot] [git commit branch/2021.02.x] boot/arm-trusted-firmware: add SSP option
@ 2021-07-12 8:15 Peter Korsgaard
0 siblings, 0 replies; only message in thread
From: Peter Korsgaard @ 2021-07-12 8:15 UTC (permalink / raw
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=dc82fb995877e5d03ca4cd1328020ca043741888
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2021.02.x
Buildroot sets appropriate ENABLE_STACK_PROTECTOR build flag value based
on the toolchain global BR2_SSP_* options, and all packages are built
with that setting.
However it might not be always convenient to automatically infer TF-A
stack protection from the toolchain features. For instance, secure
memory constraints may become an issue and all the extra TF-A features
need to be tuned or disabled in order to shrink TF-A firmware image.
Besides, for any value other than "none", TF-A platform specific hook
'plat_get_stack_protector_canary' must be implemented. However this hook
is not implemented by all the platforms supported by TF-A. For instance,
Allwinner currently does not provide such a hook.
Add an new option that a user can toggle to enable or disable SSP in
their ATF build. If enabled, the SSP level is automatically inherited
from the global setting.
Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
[yann.morin.1998 at free.fr: simplify logic with a single boolean]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit cf176128ec4ad60c29c8828cab1887f69edb9473)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
boot/arm-trusted-firmware/Config.in | 21 +++++++++++++++++++++
boot/arm-trusted-firmware/arm-trusted-firmware.mk | 11 ++---------
2 files changed, 23 insertions(+), 9 deletions(-)
diff --git a/boot/arm-trusted-firmware/Config.in b/boot/arm-trusted-firmware/Config.in
index c06294040e..d2535b2f17 100644
--- a/boot/arm-trusted-firmware/Config.in
+++ b/boot/arm-trusted-firmware/Config.in
@@ -175,4 +175,25 @@ config BR2_TARGET_ARM_TRUSTED_FIRMWARE_NEEDS_ARM32_TOOLCHAIN
Select this option if your ATF board configuration requires
an ARM32 bare metal toolchain to be available.
+config BR2_TARGET_ARM_TRUSTED_FIRMWARE_SSP
+ bool "Build with SSP"
+ depends on BR2_TOOLCHAIN_HAS_SSP
+ depends on !BR2_SSP_NONE
+ default y
+ help
+ Say 'y' here if you want to build ATF with SSP.
+
+ Your board must have SSP support in ATF: it must have an
+ implementation for plat_get_stack_protector_canary().
+
+ If you say 'y', the SSP level will be the level selected
+ by the global SSP setting.
+
+config BR2_TARGET_ARM_TRUSTED_FIRMWARE_SSP_LEVEL
+ string
+ default "none" if !BR2_TARGET_ARM_TRUSTED_FIRMWARE_SSP
+ default "default" if BR2_SSP_REGULAR
+ default "strong" if BR2_SSP_STRONG
+ default "all" if BR2_SSP_ALL
+
endif
diff --git a/boot/arm-trusted-firmware/arm-trusted-firmware.mk b/boot/arm-trusted-firmware/arm-trusted-firmware.mk
index 0597cecf71..d06bc336e0 100644
--- a/boot/arm-trusted-firmware/arm-trusted-firmware.mk
+++ b/boot/arm-trusted-firmware/arm-trusted-firmware.mk
@@ -51,7 +51,8 @@ endif
ARM_TRUSTED_FIRMWARE_MAKE_OPTS += \
CROSS_COMPILE="$(TARGET_CROSS)" \
$(call qstrip,$(BR2_TARGET_ARM_TRUSTED_FIRMWARE_ADDITIONAL_VARIABLES)) \
- PLAT=$(ARM_TRUSTED_FIRMWARE_PLATFORM)
+ PLAT=$(ARM_TRUSTED_FIRMWARE_PLATFORM) \
+ ENABLE_STACK_PROTECTOR=$(call qstrip,$(BR2_TARGET_ARM_TRUSTED_FIRMWARE_SSP_LEVEL))
ifeq ($(BR2_ARM_CPU_ARMV7A),y)
ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ARM_ARCH_MAJOR=7
@@ -100,14 +101,6 @@ ARM_TRUSTED_FIRMWARE_MAKE_OPTS += MV_DDR_PATH=$(MV_DDR_MARVELL_DIR)
ARM_TRUSTED_FIRMWARE_DEPENDENCIES += mv-ddr-marvell
endif
-ifeq ($(BR2_SSP_REGULAR),y)
-ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ENABLE_STACK_PROTECTOR=default
-else ifeq ($(BR2_SSP_STRONG),y)
-ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ENABLE_STACK_PROTECTOR=strong
-else ifeq ($(BR2_SSP_ALL),y)
-ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ENABLE_STACK_PROTECTOR=all
-endif
-
ARM_TRUSTED_FIRMWARE_MAKE_TARGETS = all
ifeq ($(BR2_TARGET_ARM_TRUSTED_FIRMWARE_FIP),y)
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2021-07-12 8:15 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-07-12 8:15 [Buildroot] [git commit branch/2021.02.x] boot/arm-trusted-firmware: add SSP option Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.