Add BTI enablement in TS
Add BTI_ENABLED option which enables bti in the sp,
opteesp and arm-linux environments.
Signed-off-by: Gabor Toth <gabor.toth2@arm.com>
Change-Id: I2ed477f52000839c61d4f0631c5fd19465c5b7a3
diff --git a/environments/arm-linux/default_toolchain_file.cmake b/environments/arm-linux/default_toolchain_file.cmake
index d5efc4c..308c2a7 100644
--- a/environments/arm-linux/default_toolchain_file.cmake
+++ b/environments/arm-linux/default_toolchain_file.cmake
@@ -22,6 +22,19 @@
set(TS_WARNING_FLAGS "-Wall -Werror" CACHE STRING "Compiler flags affecting generating warning messages.")
set(TS_MANDATORY_LINKER_FLAGS "" CACHE STRING "Linker flags needed for correct builds.")
+set(BTI_ENABLED unset CACHE STRING "Enable Branch Target Identification (BTI)")
+set_property(CACHE BTI_ENABLED PROPERTY STRINGS unset OFF ON)
+
+if(BTI_ENABLED STREQUAL "ON")
+ # branch-protection enables bti while compile force-bti tells the linker to
+ # warn if some object files lack the .note.gnu.property section with the BTI
+ # flag, and to turn on the BTI flag in the output anyway.
+ set(TS_MANDATORY_AARCH_FLAGS "${TS_MANDATORY_AARCH_FLAGS} -mbranch-protection=bti")
+ set(TS_MANDATORY_LINKER_FLAGS "${TS_MANDATORY_LINKER_FLAGS} -zforce-bti")
+elseif(BTI_ENABLED STREQUAL "OFF")
+ set(TS_MANDATORY_AARCH_FLAGS "${TS_MANDATORY_AARCH_FLAGS} -mbranch-protection=none")
+endif()
+
# Set flags affecting all build types
string(APPEND CMAKE_C_FLAGS_INIT " ${TS_MANDATORY_AARCH_FLAGS}")
string(APPEND CMAKE_CXX_FLAGS_INIT " ${TS_MANDATORY_AARCH_FLAGS}")
diff --git a/environments/opteesp/default_toolchain_file.cmake b/environments/opteesp/default_toolchain_file.cmake
index 11b689e..00ddf89 100644
--- a/environments/opteesp/default_toolchain_file.cmake
+++ b/environments/opteesp/default_toolchain_file.cmake
@@ -25,6 +25,19 @@
set(TS_MANDATORY_LINKER_FLAGS "-pie -Wl,--as-needed -Wl,--sort-section=alignment -zmax-page-size=4096"
CACHE STRING "Linker flags needed for correct builds.")
+set(BTI_ENABLED unset CACHE STRING "Enable Branch Target Identification (BTI)")
+set_property(CACHE BTI_ENABLED PROPERTY STRINGS unset OFF ON)
+
+if(BTI_ENABLED STREQUAL "ON")
+ # branch-protection enables bti while compile force-bti tells the linker to
+ # warn if some object files lack the .note.gnu.property section with the BTI
+ # flag, and to turn on the BTI flag in the output anyway.
+ set(TS_MANDATORY_AARCH_FLAGS "${TS_MANDATORY_AARCH_FLAGS} -mbranch-protection=bti")
+ set(TS_MANDATORY_LINKER_FLAGS "${TS_MANDATORY_LINKER_FLAGS} -zforce-bti")
+elseif(BTI_ENABLED STREQUAL "OFF")
+ set(TS_MANDATORY_AARCH_FLAGS "${TS_MANDATORY_AARCH_FLAGS} -mbranch-protection=none")
+endif()
+
# Set flags affecting all build types
string(APPEND CMAKE_C_FLAGS_INIT " ${TS_MANDATORY_AARCH_FLAGS}")
string(APPEND CMAKE_CXX_FLAGS_INIT " ${TS_MANDATORY_AARCH_FLAGS}")
diff --git a/environments/opteesp/sp.ld.S b/environments/opteesp/sp.ld.S
index a3999f2..e5d3545 100644
--- a/environments/opteesp/sp.ld.S
+++ b/environments/opteesp/sp.ld.S
@@ -52,6 +52,7 @@
.dynstr : { *(.dynstr) }
.hash : { *(.hash) }
.note.gnu.build-id : { *(.note.gnu.build-id) }
+ .note.gnu.property : { *(.note.gnu.property) }
/* Page align to allow dropping execute bit for RW data */
. = ALIGN(4096);
diff --git a/environments/sp/default_toolchain_file.cmake b/environments/sp/default_toolchain_file.cmake
index ccac1d3..b2c4bb1 100644
--- a/environments/sp/default_toolchain_file.cmake
+++ b/environments/sp/default_toolchain_file.cmake
@@ -24,6 +24,19 @@
set(TS_WARNING_FLAGS "-Wall" CACHE STRING "Compiler flags affecting generating warning messages.")
set(TS_MANDATORY_LINKER_FLAGS "-Wl,-pie -Wl,--no-dynamic-linker -Wl,--sort-section=alignment -zmax-page-size=4096" CACHE STRING "Linker flags needed for correct builds.")
+set(BTI_ENABLED unset CACHE STRING "Enable Branch Target Identification (BTI)")
+set_property(CACHE BTI_ENABLED PROPERTY STRINGS unset OFF ON)
+
+if(BTI_ENABLED STREQUAL "ON")
+ # branch-protection enables bti while compile force-bti tells the linker to
+ # warn if some object files lack the .note.gnu.property section with the BTI
+ # flag, and to turn on the BTI flag in the output anyway.
+ set(TS_MANDATORY_AARCH_FLAGS "${TS_MANDATORY_AARCH_FLAGS} -mbranch-protection=bti")
+ set(TS_MANDATORY_LINKER_FLAGS "${TS_MANDATORY_LINKER_FLAGS} -zforce-bti")
+elseif(BTI_ENABLED STREQUAL "OFF")
+ set(TS_MANDATORY_AARCH_FLAGS "${TS_MANDATORY_AARCH_FLAGS} -mbranch-protection=none")
+endif()
+
# Set flags affecting all build types
string(APPEND CMAKE_C_FLAGS_INIT " ${TS_MANDATORY_AARCH_FLAGS}")
string(APPEND CMAKE_CXX_FLAGS_INIT " ${TS_MANDATORY_AARCH_FLAGS}")
diff --git a/environments/sp/sp.ld.S b/environments/sp/sp.ld.S
index ac29bb1..3e0e69e 100644
--- a/environments/sp/sp.ld.S
+++ b/environments/sp/sp.ld.S
@@ -51,6 +51,7 @@
.dynstr : { *(.dynstr) }
.hash : { *(.hash) }
.note.gnu.build-id : { *(.note.gnu.build-id) }
+ .note.gnu.property : { *(.note.gnu.property) }
. = ALIGN(8);
__rela_start = .;