On 13.11.23 10:31, 'Quirin Gylstorff' via EFI Boot Guard wrote: > From: Felix Moessbauer <felix.moessba...@siemens.com> > > These flags require libc support which we do not have in the EFI part. > As distro builders inject the hardening flags into CFLAGS, which is fine > for the userspace part, but for EFI we need to override it. > > Signed-off-by: Felix Moessbauer <felix.moessba...@siemens.com> > --- > Makefile.am | 7 ++++++- > 1 file changed, 6 insertions(+), 1 deletion(-) > > diff --git a/Makefile.am b/Makefile.am > index 3b05e7c..831ed68 100644 > --- a/Makefile.am > +++ b/Makefile.am > @@ -217,13 +217,18 @@ efi_cflags = \ > -fshort-wchar \ > -ffreestanding \ > -fno-strict-aliasing \ > - -fno-stack-protector \ > -Wsign-compare \ > -DGNU_EFI_USE_MS_ABI \ > -Werror \ > $(CFLAGS_MGENERAL_REGS_ONLY) \ > $(CFLAGS) > > +# the stack protectors needs libc support which we don't have in the EFI part > +# distro builders inject the hardening variables into CFLAGS, which is fine > +# for the userspace part, but for EFI we need to override it. > +efi_cflags += \ > + -fno-stack-protector > +
Can we do that a bit shorter as well? Eg. # Override any stack protector enabling from CFLAGS - # not supported in GNU EFI environment. Jan > if ARCH_X86_64 > efi_cflags += \ > -mno-red-zone -- Siemens AG, Technology Linux Expert Center -- You received this message because you are subscribed to the Google Groups "EFI Boot Guard" group. To unsubscribe from this group and stop receiving emails from it, send an email to efibootguard-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/efibootguard-dev/48ca6928-aaff-440a-9961-704248bc15ea%40siemens.com.
