(+ Mark, Matt) On 6 June 2017 at 04:52, Kees Cook <[email protected]> wrote: > This avoids CONFIG_FORTIFY_SOURCE from being enabled during the EFI stub > build, as adding a panic() implementation may not work well. This can be > adjusted in the future. > > Suggested-by: Daniel Micay <[email protected]> > Signed-off-by: Kees Cook <[email protected]> > Cc; Matt Fleming <[email protected]> > Cc: Ard Biesheuvel <[email protected]> > --- > drivers/firmware/efi/libstub/Makefile | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/drivers/firmware/efi/libstub/Makefile > b/drivers/firmware/efi/libstub/Makefile > index f7425960f6a5..37e24f525162 100644 > --- a/drivers/firmware/efi/libstub/Makefile > +++ b/drivers/firmware/efi/libstub/Makefile > @@ -17,6 +17,7 @@ cflags-$(CONFIG_ARM) := $(subst > -pg,,$(KBUILD_CFLAGS)) \ > cflags-$(CONFIG_EFI_ARMSTUB) += -I$(srctree)/scripts/dtc/libfdt > > KBUILD_CFLAGS := $(cflags-y) -DDISABLE_BRANCH_PROFILING \ > + -D__NO_FORTIFY \ > $(call cc-option,-ffreestanding) \ > $(call cc-option,-fno-stack-protector) >
Reviewed-by: Ard Biesheuvel <[email protected]> This is unlikely to conflict with anything going through the EFI tree, so feel free to queue it elsewhere.
