I seem to have hit a sensitive spot here. I don't want to get into a detailed
discussion of my client's security considerations on a public forum, other
than to say that my views on "security by obscurity" are exactly those which
Bruce Schneier expresses so elegantly, in every book of his that I have read.
On Wednesday 18 November 2009 08:54:49 JMGross wrote:
> >All in all, I think I'll stick with my somewhat kludgy use of a separate
> >section for the function to be moved. The optimiser does not jump to code
> >outside the section, and the linker reliably reports the memory address
> > of the end of the section.
>
> Yes, the end of the section, not the end of your function.
> So this is equal to the 'copy from start of function as much as you can'
> approach.
Defining your section as:
/* New section by rlj */
__foobar_start = . ;
*(.foobar)
__foobar_end = . ;
. = ALIGN(2);
/* End new section by rlj */
allows the section to be the exact size of the contents, in my case a single
function.
> You have seen my assembly hack? If you put your fucntion into a separate
> object file, it will be 100% safe, even with -o3. Without any linker
> hacking.
I have, and it's clearly the most elegant solution to my original problem. In
particular, it confines the "trickery" to the source file containing the
function, instead of requiring an obscure, dissociated entry in a linker
script. After trying it out I'm convinced this is the cleanest way to go.
If I felt a little less fallible, I'd use the method of a fixed, unchangeable
reprogrammer in a non-erased section of ROM. I just have a nasty, sinking
feeling that, the moment this was widely deployed, I'd find a bug in it...
Thanks to all who have taken the time to respond.
--
Rick Jenkins <[email protected]>
Hartman Technica http://www.hartmantech.com
Phone +1 (403) 230-1987
221 35 Avenue. N.E., Calgary, Alberta, Canada T2E 2K5
