upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-03-31 23:15:10 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
opnsense-src/sys/boot/mips/beri/boot2/Makefile
Bryan Drewery 5608fd23c2 Revert r267233 for now. PIE support needs to be reworked. 
1. 50+% of NO_PIE use is fixed by adding -fPIC to INTERNALLIB and other
   build-only utility libraries.
2. Another 40% is fixed by generating _pic.a variants of various libraries.
3. Some of the NO_PIE use is a bit absurd as it is disabling PIE (and ASLR)
   where it never would work anyhow, such as csu or loader. This suggests
   there may be better ways of adding support to the tree. Many of these
   cases can be fixed such that -fPIE will work but there is really no
   reason to have it in those cases.
4. Some of the uses are working around hacks done to some Makefiles that are
   really building libraries but have been using bsd.prog.mk because the code
   is cleaner. Had they been using bsd.lib.mk then NO_PIE would not have
   been needed.

We likely do want to enable PIE by default (opt-out) for non-tree consumers
(such as ports). For in-tree though we probably want to only enable PIE
(opt-in) for common attack targets such as remote service daemons and setuid
utilities. This is also a great performance compromise since ASLR is expected
to reduce performance. As such it does not make sense to enable it in all
utilities such as ls(1) that have little benefit to having it enabled.

Reported by:	kib
2014-08-19 15:04:32 +00:00

89 lines
2.8 KiB
Makefile
Raw Blame History

#-
# Copyright (c) 2013-2014 Robert N. M. Watson
# All rights reserved.
#
# This software was developed by SRI International and the University of
# Cambridge Computer Laboratory under DARPA/AFRL contract (FA8750-10-C-0237)
# ("CTSRD"), as part of the DARPA CRASH research programme.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
# $FreeBSD$
BINDIR?= /boot
INSTALLFLAGS= -b
LOADERS= flashboot jtagboot
FILES= ${LOADERS} ${LOADERS:S/$/.md5/}
SRCS= relocate.S \
start.S \
boot2.c \
altera_jtag_uart.c \
cfi.c \
sdcard.c
MAN=
AFLAGS= -G0
CFLAGS= -ffreestanding \
-I${.CURDIR} \
-I${.CURDIR}/../../../common \
-I${.CURDIR}/../../../.. \
-D_KERNEL \
-Wall \
-G0 -Xassembler -G0 \
-fno-pic -mno-abicalls \
-msoft-float \
-g
# where to get libstand from
CFLAGS+= -I${.CURDIR}/../../../../../lib/libstand/
LIBSTAND= ${.OBJDIR}/../../../../../lib/libstand/libstand.a
LDFLAGS= -nostdlib \
-static \
-N \
-G0 \
-L${.CURDIR}
.PATH: ${.CURDIR}/../common
CFLAGS+= -I${.CURDIR}/../common
flashboot.elf: relocate.o start.o boot2.o altera_jtag_uart.o cfi.o sdcard.o
${LD} ${_LDFLAGS} -T ${.CURDIR}/flashboot.ldscript -o ${.TARGET} \
${.ALLSRC} ${LIBSTAND}
flashboot: flashboot.elf
objcopy -S -O binary ${.TARGET}.elf ${.TARGET}
flashboot.md5: flashboot
md5 flashboot > flashboot.md5
jtagboot: start.o boot2.o altera_jtag_uart.o cfi.o sdcard.o
${LD} ${_LDFLAGS} -T ${.CURDIR}/jtagboot.ldscript -o ${.TARGET} \
${.ALLSRC} ${LIBSTAND}
jtagboot.md5: jtagboot
md5 jtagboot > jtagboot.md5
CLEANFILES+= flashboot.elf
.include <bsd.prog.mk>
Reference in a new issue View git blame Copy permalink