boot/arm-trusted-firmware/v2.2/0001-PATCH-feat-build-add-support-for-new-binutils-versio.patch - buildroot - Git at Google

 From 5e1beb793c06352e87c46eca1144ff1fe8555103 Mon Sep 17 00:00:00 2001
 From: Heiko Thiery <heiko.thiery@gmail.com>
 Date: Mon, 10 Jul 2023 10:43:03 +0200
 Subject: [PATCH] [PATCH] feat(build): add support for new binutils versions

 Users of GNU ld (BPF) from binutils 2.39+ will observe multiple instaces
 of a new warning when linking the bl*.elf in the form:

   ld.bfd: warning: stm32mp1_helper.o: missing .note.GNU-stack section implies executable stack
   ld.bfd: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
   ld.bfd: warning: bl2.elf has a LOAD segment with RWX permissions
   ld.bfd: warning: bl32.elf has a LOAD segment with RWX permissions

 These new warnings are enbaled by default to secure elf binaries:
  - https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107
  - https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=0d38576a34ec64a1b4500c9277a8e9d0f07e6774

 Fix it in a similar way to what the Linux kernel does, see:
 https://lore.kernel.org/all/20220810222442.2296651-1-ndesaulniers@google.com/

 Following the reasoning there, we set "-z noexecstack" for all linkers
 (although LLVM's LLD defaults to it) and optional add
 --no-warn-rwx-segments since this a ld.bfd related.

 Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
 Signed-off-by: Robert Schwebel <r.schwebel@pengutronix.de>
 Change-Id: I9430f5fa5036ca88da46cd3b945754d62616b617

 Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
 Upstream: https://github.com/ARM-software/arm-trusted-firmware/commit/1f49db5f25cdd4e43825c9bcc0575070b80f628c
 ---
  Makefile | 7 ++++++-
  1 file changed, 6 insertions(+), 1 deletion(-)

 diff --git a/Makefile b/Makefile
 index 721246d51..5893cf422 100644
 --- a/Makefile
 +++ b/Makefile
 @@ -297,11 +297,16 @@ endif

  GCC_V_OUTPUT		:=	$(shell $(CC) -v 2>&1)

 +TF_LDFLAGS              +=      -z noexecstack
 +
  ifneq ($(findstring armlink,$(notdir $(LD))),)
  TF_LDFLAGS		+=	--diag_error=warning --lto_level=O1
  TF_LDFLAGS		+=	--remove --info=unused,unusedsymbols
  else
 -TF_LDFLAGS		+=	--fatal-warnings -O1
 +# With ld.bfd version 2.39 and newer new warnings are added. Skip those since we
 +# are not loaded by a elf loader.
 +TF_LDFLAGS              +=      $(call ld_option, --no-warn-rwx-segments)
 +TF_LDFLAGS              +=      -O1
  TF_LDFLAGS		+=	--gc-sections
  endif
  TF_LDFLAGS		+=	$(TF_LDFLAGS_$(ARCH))
 --
 2.30.2
	From 5e1beb793c06352e87c46eca1144ff1fe8555103 Mon Sep 17 00:00:00 2001
	From: Heiko Thiery <heiko.thiery@gmail.com>
	Date: Mon, 10 Jul 2023 10:43:03 +0200
	Subject: [PATCH] [PATCH] feat(build): add support for new binutils versions

	Users of GNU ld (BPF) from binutils 2.39+ will observe multiple instaces
	of a new warning when linking the bl*.elf in the form:

	ld.bfd: warning: stm32mp1_helper.o: missing .note.GNU-stack section implies executable stack
	ld.bfd: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
	ld.bfd: warning: bl2.elf has a LOAD segment with RWX permissions
	ld.bfd: warning: bl32.elf has a LOAD segment with RWX permissions

	These new warnings are enbaled by default to secure elf binaries:
	- https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107
	- https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=0d38576a34ec64a1b4500c9277a8e9d0f07e6774

	Fix it in a similar way to what the Linux kernel does, see:
	https://lore.kernel.org/all/20220810222442.2296651-1-ndesaulniers@google.com/

	Following the reasoning there, we set "-z noexecstack" for all linkers
	(although LLVM's LLD defaults to it) and optional add
	--no-warn-rwx-segments since this a ld.bfd related.

	Signed-off-by: Marco Felsch <m.felsch@pengutronix.de>
	Signed-off-by: Robert Schwebel <r.schwebel@pengutronix.de>
	Change-Id: I9430f5fa5036ca88da46cd3b945754d62616b617

	Signed-off-by: Heiko Thiery <heiko.thiery@gmail.com>
	Upstream: https://github.com/ARM-software/arm-trusted-firmware/commit/1f49db5f25cdd4e43825c9bcc0575070b80f628c
	---
	Makefile \| 7 ++++++-
	1 file changed, 6 insertions(+), 1 deletion(-)

	diff --git a/Makefile b/Makefile
	index 721246d51..5893cf422 100644
	--- a/Makefile
	+++ b/Makefile
	@@ -297,11 +297,16 @@ endif

	GCC_V_OUTPUT := $(shell $(CC) -v 2>&1)

	+TF_LDFLAGS += -z noexecstack
	+
	ifneq ($(findstring armlink,$(notdir $(LD))),)
	TF_LDFLAGS += --diag_error=warning --lto_level=O1
	TF_LDFLAGS += --remove --info=unused,unusedsymbols
	else
	-TF_LDFLAGS += --fatal-warnings -O1
	+# With ld.bfd version 2.39 and newer new warnings are added. Skip those since we
	+# are not loaded by a elf loader.
	+TF_LDFLAGS += $(call ld_option, --no-warn-rwx-segments)
	+TF_LDFLAGS += -O1
	TF_LDFLAGS += --gc-sections
	endif
	TF_LDFLAGS += $(TF_LDFLAGS_$(ARCH))
	--
	2.30.2