diff options
author | Nathan Rossi <nathan@nathanrossi.com> | 2018-09-10 12:44:13 +0000 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-09-11 09:05:35 +0100 |
commit | a71dbdee2ffbe2ef87d7b0f22c5fefeda668c6f0 (patch) | |
tree | 54bab15d5b85ae961afb7f02c9c684499b53cd6b | |
parent | 7670b7b4cc6f65d945974dbc645b6e067ca03503 (diff) | |
download | poky-a71dbdee2ffbe2ef87d7b0f22c5fefeda668c6f0.tar.gz |
tclibc: For newlib and baremetal disable some security features
With GCCPIE being enabled by default with security_flags.inc the
compiler will by default attempt to compile and link programs as PIE.
The targets that use newlib and baremetal in general do not support PIE
or are otherwise unable to use it due to how embedded targets are
compiled and executed. As such it makes sense to disable PIE by default
for these libc's in order to prevent build failures.
For baremetal tclibc there are no libc features or implementation as
such there is no implementation for the strong stack protector by
default.
(From OE-Core rev: dfe434b793c156a87b5ead5cb85fe60d920d69d3)
Signed-off-by: Nathan Rossi <nathan@nathanrossi.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r-- | meta/conf/distro/include/tclibc-baremetal.inc | 6 | ||||
-rw-r--r-- | meta/conf/distro/include/tclibc-newlib.inc | 4 |
2 files changed, 10 insertions, 0 deletions
diff --git a/meta/conf/distro/include/tclibc-baremetal.inc b/meta/conf/distro/include/tclibc-baremetal.inc index 1bf44c8591..b00917913f 100644 --- a/meta/conf/distro/include/tclibc-baremetal.inc +++ b/meta/conf/distro/include/tclibc-baremetal.inc | |||
@@ -28,3 +28,9 @@ TOOLCHAIN_HOST_TASK ?= "packagegroup-cross-canadian-${MACHINE}" | |||
28 | TOOLCHAIN_HOST_TASK_ATTEMPTONLY ?= "" | 28 | TOOLCHAIN_HOST_TASK_ATTEMPTONLY ?= "" |
29 | TOOLCHAIN_TARGET_TASK ?= "libgcc-dev" | 29 | TOOLCHAIN_TARGET_TASK ?= "libgcc-dev" |
30 | TOOLCHAIN_NEED_CONFIGSITE_CACHE_remove = "virtual/${MLPREFIX}libc zlib ncurses" | 30 | TOOLCHAIN_NEED_CONFIGSITE_CACHE_remove = "virtual/${MLPREFIX}libc zlib ncurses" |
31 | |||
32 | # disable stack protector by default (no-libc, no protector implementation) | ||
33 | SECURITY_STACK_PROTECTOR_libc-baremetal = "" | ||
34 | # disable pie security flags by default | ||
35 | SECURITY_CFLAGS_libc-baremetal = "${SECURITY_NOPIE_CFLAGS}" | ||
36 | SECURITY_LDFLAGS_libc-baremetal = "" | ||
diff --git a/meta/conf/distro/include/tclibc-newlib.inc b/meta/conf/distro/include/tclibc-newlib.inc index dc631d8ada..896c0b16d7 100644 --- a/meta/conf/distro/include/tclibc-newlib.inc +++ b/meta/conf/distro/include/tclibc-newlib.inc | |||
@@ -42,3 +42,7 @@ TARGET_OS_arm = "eabi" | |||
42 | TOOLCHAIN_HOST_TASK ?= "packagegroup-cross-canadian-${MACHINE}" | 42 | TOOLCHAIN_HOST_TASK ?= "packagegroup-cross-canadian-${MACHINE}" |
43 | TOOLCHAIN_TARGET_TASK ?= "${LIBC_DEPENDENCIES}" | 43 | TOOLCHAIN_TARGET_TASK ?= "${LIBC_DEPENDENCIES}" |
44 | TOOLCHAIN_NEED_CONFIGSITE_CACHE_remove = "zlib ncurses" | 44 | TOOLCHAIN_NEED_CONFIGSITE_CACHE_remove = "zlib ncurses" |
45 | |||
46 | # disable pie security flags by default | ||
47 | SECURITY_CFLAGS_libc-newlib = "${SECURITY_NOPIE_CFLAGS}" | ||
48 | SECURITY_LDFLAGS_libc-newlib = "" | ||