Skip to content

Patch for building ARM TF-A with binutils-2.39+ #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
hno-wires wants to merge 1 commit into from
Closed

Patch for building ARM TF-A with binutils-2.39+ #4

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
52 changes: 52 additions & 0 deletions patches/arm-trusted-firmware/binutils-2.39.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
From 1f49db5f25cdd4e43825c9bcc0575070b80f628c Mon Sep 17 00:00:00 2001
From: Marco Felsch <m.felsch@pengutronix.de>
Date: Wed, 09 Nov 2022 12:59:09 +0100
Subject: [PATCH] feat(build): add support for new binutils versions

Users of GNU ld (BPF) from binutils 2.39+ will observe multiple instaces
of a new warning when linking the bl*.elf in the form:

ld.bfd: warning: stm32mp1_helper.o: missing .note.GNU-stack section implies executable stack
ld.bfd: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
ld.bfd: warning: bl2.elf has a LOAD segment with RWX permissions
ld.bfd: warning: bl32.elf has a LOAD segment with RWX permissions

These new warnings are enbaled by default to secure elf binaries:
- https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107
- https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=0d38576a34ec64a1b4500c9277a8e9d0f07e6774

Fix it in a similar way to what the Linux kernel does, see:
https://lore.kernel.org/all/20220810222442.2296651-1-ndesaulniers@google.com/

Following the reasoning there, we set "-z noexecstack" for all linkers
(although LLVM's LLD defaults to it) and optional add
--no-warn-rwx-segments since this a ld.bfd related.

Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
Signed-off-by: Robert Schwebel <r.schwebel@pengutronix.de>
Change-Id: I9430f5fa5036ca88da46cd3b945754d62616b617
---

diff --git a/Makefile b/Makefile
index a69bfbb..04b75fe 100644
--- a/Makefile
+++ b/Makefile
@@ -445,6 +445,8 @@

GCC_V_OUTPUT := $(shell $(CC) -v 2>&1)

+TF_LDFLAGS += -z noexecstack
+
# LD = armlink
ifneq ($(findstring armlink,$(notdir $(LD))),)
TF_LDFLAGS += --diag_error=warning --lto_level=O1
@@ -475,6 +477,9 @@

# LD = gcc-ld (ld) or llvm-ld (ld.lld) or other
else
+# With ld.bfd version 2.39 and newer new warnings are added. Skip those since we
+# are not loaded by a elf loader.
+TF_LDFLAGS += $(call ld_option, --no-warn-rwx-segments)
TF_LDFLAGS += -O1
TF_LDFLAGS += --gc-sections