NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

boot/arm-trusted-firmware: add SSP option

Browse Source 
Buildroot sets appropriate ENABLE_STACK_PROTECTOR build flag value based
on the toolchain global BR2_SSP_* options, and all packages are built
with that setting.

However it might not be always convenient to automatically infer TF-A
stack protection from the toolchain features. For instance, secure
memory constraints may become an issue and all the extra TF-A features
need to be tuned or disabled in order to shrink TF-A firmware image.

Besides, for any value other than "none", TF-A platform specific hook
'plat_get_stack_protector_canary' must be implemented. However this hook
is not implemented by all the platforms supported by TF-A. For instance,
Allwinner currently does not provide such a hook.

Add an new option that a user can toggle to enable or disable SSP in
their ATF build. If enabled, the SSP level is automatically inherited
from the global setting.

Signed-off-by: Sergey Matyukevich <geomatsi@gmail.com>
[yann.morin.1998@free.fr: simplify logic with a single boolean]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This commit is contained in:
Sergey Matyukevich 2021-06-25 22:33:14 +03:00 committed by Yann E. MORIN
parent 78f477d136
commit cf176128ec
2 changed files with 23 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
boot/arm-trusted-firmware/Config.in
View File

@ -188,4 +188,25 @@ config BR2_TARGET_ARM_TRUSTED_FIRMWARE_NEEDS_ARM32_TOOLCHAIN
Select this option if your ATF board configuration requires
an ARM32 bare metal toolchain to be available.
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_SSP
bool "Build with SSP"
depends on BR2_TOOLCHAIN_HAS_SSP
depends on !BR2_SSP_NONE
default y
help
Say 'y' here if you want to build ATF with SSP.
Your board must have SSP support in ATF: it must have an
implementation for plat_get_stack_protector_canary().
If you say 'y', the SSP level will be the level selected
by the global SSP setting.
config BR2_TARGET_ARM_TRUSTED_FIRMWARE_SSP_LEVEL
string
default "none" if !BR2_TARGET_ARM_TRUSTED_FIRMWARE_SSP
default "default" if BR2_SSP_REGULAR
default "strong" if BR2_SSP_STRONG
default "all" if BR2_SSP_ALL
endif

11
boot/arm-trusted-firmware/arm-trusted-firmware.mk
View File

@ -51,7 +51,8 @@ endif
ARM_TRUSTED_FIRMWARE_MAKE_OPTS += \
CROSS_COMPILE="$(TARGET_CROSS)" \
$(call qstrip,$(BR2_TARGET_ARM_TRUSTED_FIRMWARE_ADDITIONAL_VARIABLES)) \
PLAT=$(ARM_TRUSTED_FIRMWARE_PLATFORM)
PLAT=$(ARM_TRUSTED_FIRMWARE_PLATFORM) \
ENABLE_STACK_PROTECTOR=$(call qstrip,$(BR2_TARGET_ARM_TRUSTED_FIRMWARE_SSP_LEVEL))
ifeq ($(BR2_ARM_CPU_ARMV7A),y)
ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ARM_ARCH_MAJOR=7
@ -109,14 +110,6 @@ ARM_TRUSTED_FIRMWARE_MAKE_OPTS += MV_DDR_PATH=$(MV_DDR_MARVELL_DIR)
ARM_TRUSTED_FIRMWARE_DEPENDENCIES += mv-ddr-marvell
endif
ifeq ($(BR2_SSP_REGULAR),y)
ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ENABLE_STACK_PROTECTOR=default
else ifeq ($(BR2_SSP_STRONG),y)
ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ENABLE_STACK_PROTECTOR=strong
else ifeq ($(BR2_SSP_ALL),y)
ARM_TRUSTED_FIRMWARE_MAKE_OPTS += ENABLE_STACK_PROTECTOR=all
endif
ARM_TRUSTED_FIRMWARE_MAKE_TARGETS = all
ifeq ($(BR2_TARGET_ARM_TRUSTED_FIRMWARE_FIP),y)