summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNathan Rossi <nathan@nathanrossi.com>2018-09-10 12:44:13 +0000
committerRichard Purdie <richard.purdie@linuxfoundation.org>2018-09-11 09:05:35 +0100
commita71dbdee2ffbe2ef87d7b0f22c5fefeda668c6f0 (patch)
tree54bab15d5b85ae961afb7f02c9c684499b53cd6b
parent7670b7b4cc6f65d945974dbc645b6e067ca03503 (diff)
downloadpoky-a71dbdee2ffbe2ef87d7b0f22c5fefeda668c6f0.tar.gz
tclibc: For newlib and baremetal disable some security features
With GCCPIE being enabled by default with security_flags.inc the compiler will by default attempt to compile and link programs as PIE. The targets that use newlib and baremetal in general do not support PIE or are otherwise unable to use it due to how embedded targets are compiled and executed. As such it makes sense to disable PIE by default for these libc's in order to prevent build failures. For baremetal tclibc there are no libc features or implementation as such there is no implementation for the strong stack protector by default. (From OE-Core rev: dfe434b793c156a87b5ead5cb85fe60d920d69d3) Signed-off-by: Nathan Rossi <nathan@nathanrossi.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/conf/distro/include/tclibc-baremetal.inc6
-rw-r--r--meta/conf/distro/include/tclibc-newlib.inc4
2 files changed, 10 insertions, 0 deletions
diff --git a/meta/conf/distro/include/tclibc-baremetal.inc b/meta/conf/distro/include/tclibc-baremetal.inc
index 1bf44c8591..b00917913f 100644
--- a/meta/conf/distro/include/tclibc-baremetal.inc
+++ b/meta/conf/distro/include/tclibc-baremetal.inc
@@ -28,3 +28,9 @@ TOOLCHAIN_HOST_TASK ?= "packagegroup-cross-canadian-${MACHINE}"
28TOOLCHAIN_HOST_TASK_ATTEMPTONLY ?= "" 28TOOLCHAIN_HOST_TASK_ATTEMPTONLY ?= ""
29TOOLCHAIN_TARGET_TASK ?= "libgcc-dev" 29TOOLCHAIN_TARGET_TASK ?= "libgcc-dev"
30TOOLCHAIN_NEED_CONFIGSITE_CACHE_remove = "virtual/${MLPREFIX}libc zlib ncurses" 30TOOLCHAIN_NEED_CONFIGSITE_CACHE_remove = "virtual/${MLPREFIX}libc zlib ncurses"
31
32# disable stack protector by default (no-libc, no protector implementation)
33SECURITY_STACK_PROTECTOR_libc-baremetal = ""
34# disable pie security flags by default
35SECURITY_CFLAGS_libc-baremetal = "${SECURITY_NOPIE_CFLAGS}"
36SECURITY_LDFLAGS_libc-baremetal = ""
diff --git a/meta/conf/distro/include/tclibc-newlib.inc b/meta/conf/distro/include/tclibc-newlib.inc
index dc631d8ada..896c0b16d7 100644
--- a/meta/conf/distro/include/tclibc-newlib.inc
+++ b/meta/conf/distro/include/tclibc-newlib.inc
@@ -42,3 +42,7 @@ TARGET_OS_arm = "eabi"
42TOOLCHAIN_HOST_TASK ?= "packagegroup-cross-canadian-${MACHINE}" 42TOOLCHAIN_HOST_TASK ?= "packagegroup-cross-canadian-${MACHINE}"
43TOOLCHAIN_TARGET_TASK ?= "${LIBC_DEPENDENCIES}" 43TOOLCHAIN_TARGET_TASK ?= "${LIBC_DEPENDENCIES}"
44TOOLCHAIN_NEED_CONFIGSITE_CACHE_remove = "zlib ncurses" 44TOOLCHAIN_NEED_CONFIGSITE_CACHE_remove = "zlib ncurses"
45
46# disable pie security flags by default
47SECURITY_CFLAGS_libc-newlib = "${SECURITY_NOPIE_CFLAGS}"
48SECURITY_LDFLAGS_libc-newlib = ""