From 75d099fa674abb61c54376a39bcb055b78c34486 Mon Sep 17 00:00:00 2001
From: Baruch Siach <baruch@tkos.co.il>
Date: Tue, 11 Oct 2022 17:02:09 +0300
Subject: [PATCH] boot/arm-trusted-firmware: fix SSP support

Commit ccac9a5bbbd ("boot/arm-trusted-firmware: don't force
ENABLE_STACK_PROTECTOR") fixed a build failure but also effectively
disabled SSP entirely for ATF. This is because ENABLE_STACK_PROTECTOR is
set to 0 unconditionally in make_helpers/defaults.mk, overwriting any
environment set value. So we must pass ENABLE_STACK_PROTECTOR in
MAKE_OPTS for it to be effective. But to avoid said build failure we
can't pass ENABLE_STACK_PROTECTOR=0.

Only pass ENABLE_STACK_PROTECTOR when
BR2_TARGET_ARM_TRUSTED_FIRMWARE_SSP is enabled. Drop SSP_LEVEL value for
the !BR2_TARGET_ARM_TRUSTED_FIRMWARE_SSP case which is now unused.

Cc: Dick Olsson <hi@senzilla.io>
Cc: Sergey Matyukevich <geomatsi@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 09acc7cbc91f50305730ca0690a58fb93529034b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 boot/arm-trusted-firmware/Config.in               | 4 ----
 boot/arm-trusted-firmware/arm-trusted-firmware.mk | 8 ++++++--
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/boot/arm-trusted-firmware/Config.in b/boot/arm-trusted-firmware/Config.in
index 100ac83482..a87181d0db 100644
--- a/boot/arm-trusted-firmware/Config.in
+++ b/boot/arm-trusted-firmware/Config.in
@@ -218,10 +218,6 @@ config BR2_TARGET_ARM_TRUSTED_FIRMWARE_SSP
 
 config BR2_TARGET_ARM_TRUSTED_FIRMWARE_SSP_LEVEL
 	string
-	# While newer versions of TF-A support "none" as
-	# ENABLE_STACK_PROTECTOR value, older versions (e.g 2.0) only
-	# supported "0" to disable SSP.
-	default "0"    	  if !BR2_TARGET_ARM_TRUSTED_FIRMWARE_SSP
 	default "default" if BR2_SSP_REGULAR
 	default "strong"  if BR2_SSP_STRONG
 	default "all"     if BR2_SSP_ALL
diff --git a/boot/arm-trusted-firmware/arm-trusted-firmware.mk b/boot/arm-trusted-firmware/arm-trusted-firmware.mk
index 7c4e7edb00..6225d60560 100644
--- a/boot/arm-trusted-firmware/arm-trusted-firmware.mk
+++ b/boot/arm-trusted-firmware/arm-trusted-firmware.mk
@@ -64,10 +64,14 @@ ARM_TRUSTED_FIRMWARE_MAKE_OPTS += \
 	PLAT=$(ARM_TRUSTED_FIRMWARE_PLATFORM) \
 	TARGET_BOARD=$(ARM_TRUSTED_FIRMWARE_TARGET_BOARD)
 
+ifeq ($(BR2_TARGET_ARM_TRUSTED_FIRMWARE_SSP),y)
+ARM_TRUSTED_FIRMWARE_MAKE_OPTS += \
+	ENABLE_STACK_PROTECTOR=$(call qstrip,$(BR2_TARGET_ARM_TRUSTED_FIRMWARE_SSP_LEVEL))
+endif
+
 ARM_TRUSTED_FIRMWARE_MAKE_ENV += \
 	$(TARGET_MAKE_ENV) \
-	$(if $(BR2_PIC_PIE),CFLAGS="-fno-PIE") \
-	ENABLE_STACK_PROTECTOR=$(call qstrip,$(BR2_TARGET_ARM_TRUSTED_FIRMWARE_SSP_LEVEL))
+	$(if $(BR2_PIC_PIE),CFLAGS="-fno-PIE")
 
 ifeq ($(BR2_ARM_CPU_ARMV7A),y)
 ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ARM_ARCH_MAJOR=7