feat(lib/stack_protector): Add stack protector option
This patch adds `-fstack-protector-strong` as a USER
build option to TF-RMM.
Fixes #35
Signed-off-by: Jacob Man Chun Yiu <jacobmanchun.yiu@arm.com>
Change-Id: I5cd9898a4433d445b7a701288040f7b7476f28d3
diff --git a/cmake/CommonConfigs.cmake b/cmake/CommonConfigs.cmake
index 89d4c27..44a3fb2 100644
--- a/cmake/CommonConfigs.cmake
+++ b/cmake/CommonConfigs.cmake
@@ -91,6 +91,17 @@
ADVANCED)
#
+# Enable the Stack protection compiler flag.
+# Having the PAUTH and BTI feature enabled makes the software-based
+# stack frame canary redundant. Enabling the software canary could
+# have a performance degradation. Hence the default is OFF.
+#
+arm_config_option(
+ NAME STACK_PROTECTOR
+ HELP "Enable Stack Protection Compiler Flags"
+ string OFF)
+
+#
# Introduce a pseudo-library purely for applying flags to RMM's libraries.
# This is applied to any targets created after this point.
#
@@ -138,6 +149,14 @@
target_compile_definitions(rmm-common
INTERFACE "RMM_NUM_PAGES_PER_STACK=UL(${RMM_NUM_PAGES_PER_STACK})")
+# Set stack protector option.
+if(STACK_PROTECTOR)
+ target_compile_definitions(rmm-common
+ INTERFACE "STACK_PROTECTOR_ENABLED=1")
+ message(STATUS "Stack Protector is Enabled.")
+ add_compile_options(-fstack-protector-strong)
+endif()
+
if(RMM_FPU_USE_AT_REL2 AND RMM_ARCH STREQUAL aarch64)
target_compile_definitions(rmm-common
INTERFACE "RMM_FPU_USE_AT_REL2=1")