1From 5e1beb793c06352e87c46eca1144ff1fe8555103 Mon Sep 17 00:00:00 2001 2From: Heiko Thiery <heiko.thiery@gmail.com> 3Date: Mon, 10 Jul 2023 10:43:03 +0200 4Subject: [PATCH] [PATCH] feat(build): add support for new binutils versions 5 6Users of GNU ld (BPF) from binutils 2.39+ will observe multiple instaces 7of a new warning when linking the bl*.elf in the form: 8 9 ld.bfd: warning: stm32mp1_helper.o: missing .note.GNU-stack section implies executable stack 10 ld.bfd: NOTE: This behaviour is deprecated and will be removed in a future version of the linker 11 ld.bfd: warning: bl2.elf has a LOAD segment with RWX permissions 12 ld.bfd: warning: bl32.elf has a LOAD segment with RWX permissions 13 14These new warnings are enbaled by default to secure elf binaries: 15 - https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107 16 - https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=0d38576a34ec64a1b4500c9277a8e9d0f07e6774 17 18Fix it in a similar way to what the Linux kernel does, see: 19https://lore.kernel.org/all/20220810222442.2296651-1-ndesaulniers@google.com/ 20 21Following the reasoning there, we set "-z noexecstack" for all linkers 22(although LLVM's LLD defaults to it) and optional add 23--no-warn-rwx-segments since this a ld.bfd related. 24 25Signed-off-by: Marco Felsch <m.felsch@pengutronix.de> 26Signed-off-by: Robert Schwebel <r.schwebel@pengutronix.de> 27Change-Id: I9430f5fa5036ca88da46cd3b945754d62616b617 28 29Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com> 30Upstream: https://github.com/ARM-software/arm-trusted-firmware/commit/1f49db5f25cdd4e43825c9bcc0575070b80f628c 31--- 32 Makefile | 7 ++++++- 33 1 file changed, 6 insertions(+), 1 deletion(-) 34 35diff --git a/Makefile b/Makefile 36index 721246d51..5893cf422 100644 37--- a/Makefile 38+++ b/Makefile 39@@ -297,11 +297,16 @@ endif 40 41 GCC_V_OUTPUT := $(shell $(CC) -v 2>&1) 42 43+TF_LDFLAGS += -z noexecstack 44+ 45 ifneq ($(findstring armlink,$(notdir $(LD))),) 46 TF_LDFLAGS += --diag_error=warning --lto_level=O1 47 TF_LDFLAGS += --remove --info=unused,unusedsymbols 48 else 49-TF_LDFLAGS += --fatal-warnings -O1 50+# With ld.bfd version 2.39 and newer new warnings are added. Skip those since we 51+# are not loaded by a elf loader. 52+TF_LDFLAGS += $(call ld_option, --no-warn-rwx-segments) 53+TF_LDFLAGS += -O1 54 TF_LDFLAGS += --gc-sections 55 endif 56 TF_LDFLAGS += $(TF_LDFLAGS_$(ARCH)) 57-- 582.30.2 59 60