[meta-intel] [met-intel-quark] Enable stack-protector defense support for SPI image

Ong, Boon Leong boon.leong.ong at intel.com
Wed Jul 22 10:08:25 PDT 2015 

>-----Original Message-----
>From: meta-intel-bounces at yoctoproject.org [mailto:meta-intel-
>bounces at yoctoproject.org] On Behalf Of Ramajayam, Yugeraj
>Sent: Thursday, July 9, 2015 3:36 PM
>To: Le Foll, Brendan
>Cc: meta-intel at yoctoproject.org
>Subject: Re: [meta-intel] [met-intel-quark] Enable stack-protector defense
>support for SPI image
>
>Hi Brian,
>
>I followed as you said. I ran,
>
>1. $ bitbake -c menuconfig uclibc
>2. Selected fstack-protector option
>3. Copied the .config file from build/tmp-spi/work/i586-poky-linux-
>uclibc/uclibc/0.9.33+gitAUTOINC+48a0006012-r9/git/.config
>4. I replaced ../meta/recipes-core/uclibc/uclibc-git/uClibc.distro with .config and
>renamed it as uClibc.distro and did a $ bitbake uclibc 5. After compilation, I
>checked the build/tmp-spi/work/i586-poky-linux-
>uclibc/uclibc/0.9.33+gitAUTOINC+48a0006012-r9. The Uclibc.distro there is the
>same as I changed in ../meta/recipes-core/uclibc/uclibc-git/uClibc.distro with all
>the SSP (stack-protector) related configs built in.
>6. But, when I checked .config file at  build/tmp-spi/work/i586-poky-linux-
>uclibc/uclibc/0.9.33+gitAUTOINC+48a0006012-r9/git/.config, the SSP configs
>are disabled as in my previous build. Somehow the stack-protector features
>were not passed over to the final .config
>
>Is there any other way for me to check if those stack-protector options are
>enabled ?
>Or did I missing some steps ??
>

Took a look at this topic.
We just need to declare DISTRO_FEATURES_append = "ssp" under local.conf for enabling stack smashing protection for uclibc

I have confirmed that the merged.config under work/i586-poky-linux-uclibc/uclibc/0.9.33+gitAUTOINC+48a0006012-r9/git has UCLIBC_HAS_SSP=y. 

Test performed as shown below against the uclibc binary on tmp/work/.../packages-split/uclibc/lib/  will reveal that with and without the "ssp" settings, the library C is built with and without stack protector.
objdump -d libuClibc-0.9.34-git.so  | grep __stack_chk_fail



Cheers.
BL

More information about the meta-intel mailing list