Skip to content

Patch for building ARM TF-A with binutils-2.39+ #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
troglobit merged 1 commit into from
Apr 6, 2023
Merged

Patch for building ARM TF-A with binutils-2.39+ #5

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
58 changes: 58 additions & 0 deletions patches/arm-trusted-firmware/v2.7/binutils-2.39.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
From 164e8746c14134d0ecd60baf705d0ad4866ea7ed Mon Sep 17 00:00:00 2001
From: Marco Felsch <m.felsch@pengutronix.de>
Date: Wed, 9 Nov 2022 12:59:09 +0100
Subject: [PATCH] feat(build): add support for new binutils versions

Users of GNU ld (BPF) from binutils 2.39+ will observe multiple instaces
of a new warning when linking the bl*.elf in the form:

ld.bfd: warning: stm32mp1_helper.o: missing .note.GNU-stack section implies executable stack
ld.bfd: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
ld.bfd: warning: bl2.elf has a LOAD segment with RWX permissions
ld.bfd: warning: bl32.elf has a LOAD segment with RWX permissions

These new warnings are enbaled by default to secure elf binaries:
- https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107
- https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=0d38576a34ec64a1b4500c9277a8e9d0f07e6774

Fix it in a similar way to what the Linux kernel does, see:
https://lore.kernel.org/all/20220810222442.2296651-1-ndesaulniers@google.com/

Following the reasoning there, we set "-z noexecstack" for all linkers
(although LLVM's LLD defaults to it) and optional add
--no-warn-rwx-segments since this a ld.bfd related.

Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
Signed-off-by: Robert Schwebel <r.schwebel@pengutronix.de>
Change-Id: I9430f5fa5036ca88da46cd3b945754d62616b617
---
Makefile | 5 +++++
1 file changed, 5 insertions(+)

diff --git a/Makefile b/Makefile
index 1ddb7b8..e56cd81 100644
--- a/Makefile
+++ b/Makefile
@@ -416,6 +416,8 @@ endif

GCC_V_OUTPUT := $(shell $(CC) -v 2>&1)

+TF_LDFLAGS += -z noexecstack
+
# LD = armlink
ifneq ($(findstring armlink,$(notdir $(LD))),)
TF_LDFLAGS += --diag_error=warning --lto_level=O1
@@ -442,6 +444,9 @@ TF_LDFLAGS += $(subst --,-Xlinker --,$(TF_LDFLAGS_$(ARCH)))

# LD = gcc-ld (ld) or llvm-ld (ld.lld) or other
else
+# With ld.bfd version 2.39 and newer new warnings are added. Skip those since we
+# are not loaded by a elf loader.
+TF_LDFLAGS += $(call ld_option, --no-warn-rwx-segments)
-TF_LDFLAGS += --fatal-warnings -O1
+TF_LDFLAGS += -O1
TF_LDFLAGS += --gc-sections
# ld.lld doesn't recognize the errata flags,
--
2.34.1