Users of GNU ld (BPF) from binutils 2.39+ will observe multiple instaces
of a new warning when linking the bl*.elf in the form:
ld.bfd: warning: stm32mp1_helper.o: missing .note.GNU-stack section implies executable stack
ld.bfd: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
ld.bfd: warning: bl2.elf has a LOAD segment with RWX permissions
ld.bfd: warning: bl32.elf has a LOAD segment with RWX permissions
These new warnings are enbaled by default to secure elf binaries:
- https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=
ba951afb99912da01a6e8434126b8fac7aa75107
- https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=
0d38576a34ec64a1b4500c9277a8e9d0f07e6774
Fix it in a similar way to what the Linux kernel does, see:
https://lore.kernel.org/all/
20220810222442.
2296651-1-ndesaulniers@google.com/
Following the reasoning there, we set "-z noexecstack" for all linkers
(although LLVM's LLD defaults to it) and optional add
--no-warn-rwx-segments since this a ld.bfd related.
Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
Signed-off-by: Robert Schwebel <r.schwebel@pengutronix.de>
Change-Id: I9430f5fa5036ca88da46cd3b945754d62616b617
GCC_V_OUTPUT := $(shell $(CC) -v 2>&1)
+TF_LDFLAGS += -z noexecstack
+
# LD = armlink
ifneq ($(findstring armlink,$(notdir $(LD))),)
TF_LDFLAGS += --diag_error=warning --lto_level=O1
# LD = gcc-ld (ld) or llvm-ld (ld.lld) or other
else
+# With ld.bfd version 2.39 and newer new warnings are added. Skip those since we
+# are not loaded by a elf loader.
+TF_LDFLAGS += $(call ld_option, --no-warn-rwx-segments)
TF_LDFLAGS += -O1
TF_LDFLAGS += --gc-sections
projects / arm-tf.git / commitdiff