Add support for default stack-protector flag

The current stack-protector support is for none, "strong" or "all". The default use of the flag enables the stack-protection to all functions that declare a character array of eight bytes or more in length on their stack. This option can be tuned with the --param=ssp-buffer-size=N option. Change-Id: I11ad9568187d58de1b962b8ae04edd1dc8578fb0 Signed-off-by: Louis Mayencourt <louis.mayencourt@arm.com>
2025-05-08 10:08:47 +00:00 · 2019-03-26 16:59:26 +00:00 · 2019-03-26 16:59:26 +00:00 · fd7b287cbe
commit fd7b287cbe
parent c3e4e0888d
2 changed files with 19 additions and 12 deletions
--- a/lib/stack_protector/stack_protector.mk
+++ b/lib/stack_protector/stack_protector.mk
@ -1,5 +1,5 @@
 #
-# Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2017-2019, ARM Limited and Contributors. All rights reserved.
 #
 # SPDX-License-Identifier: BSD-3-Clause
 #
@ -7,13 +7,20 @@
 # Boolean macro to be used in C code
 STACK_PROTECTOR_ENABLED := 0

-ifneq (${ENABLE_STACK_PROTECTOR},0)
-STACK_PROTECTOR_ENABLED := 1
-BL_COMMON_SOURCES	+=	lib/stack_protector/stack_protector.c			\
+ifeq (${ENABLE_STACK_PROTECTOR},0)
+  ENABLE_STACK_PROTECTOR := none
+endif
+
+ifneq (${ENABLE_STACK_PROTECTOR},none)
+  STACK_PROTECTOR_ENABLED := 1
+  BL_COMMON_SOURCES	+=	lib/stack_protector/stack_protector.c	\
 				lib/stack_protector/${ARCH}/asm_stack_protector.S

-TF_CFLAGS		+=	-fstack-protector-${ENABLE_STACK_PROTECTOR}
+  ifeq (${ENABLE_STACK_PROTECTOR},default)
+    TF_CFLAGS		+=	-fstack-protector
+  else
+    TF_CFLAGS		+=	-fstack-protector-${ENABLE_STACK_PROTECTOR}
+  endif
 endif

 $(eval $(call add_define,STACK_PROTECTOR_ENABLED))
-