Gitiles
Code Review Sign In
192.168.1.100 / T108 / refs/heads/YUNDONG_BASE1.0 / . / include / hardening.mk
blob: 4a8874261b92c38d769813b511fd325580290528 [file] [log] [blame]
b.liue9582032025-04-17 19:18:16 +0800[diff] [blame]1# SPDX-License-Identifier: GPL-2.0-only
2#
3# Copyright (C) 2015-2020 OpenWrt.org
4
5PKG_CHECK_FORMAT_SECURITY ?= 1
6PKG_ASLR_PIE ?= 1
7PKG_ASLR_PIE_REGULAR ?= 0
8PKG_SSP ?= 1
9PKG_FORTIFY_SOURCE ?= 1
10PKG_RELRO ?= 1
11
12ifdef CONFIG_PKG_CHECK_FORMAT_SECURITY
13 ifeq ($(strip $(PKG_CHECK_FORMAT_SECURITY)),1)
14 TARGET_CFLAGS += -Wformat -Werror=format-security
15 endif
16endif
17ifdef CONFIG_PKG_ASLR_PIE_ALL
18 ifeq ($(strip $(PKG_ASLR_PIE)),1)
19 TARGET_CFLAGS += $(FPIC)
20 TARGET_LDFLAGS += $(FPIC) -specs=$(INCLUDE_DIR)/hardened-ld-pie.specs
21 endif
22endif
23ifdef CONFIG_PKG_ASLR_PIE_REGULAR
24 ifeq ($(strip $(PKG_ASLR_PIE_REGULAR)),1)
25 TARGET_CFLAGS += $(FPIC)
26 TARGET_LDFLAGS += $(FPIC) -specs=$(INCLUDE_DIR)/hardened-ld-pie.specs
27 endif
28endif
29ifdef CONFIG_PKG_CC_STACKPROTECTOR_REGULAR
30 ifeq ($(strip $(PKG_SSP)),1)
31 TARGET_CFLAGS += -fstack-protector
32 endif
33endif
34ifdef CONFIG_PKG_CC_STACKPROTECTOR_STRONG
35 ifeq ($(strip $(PKG_SSP)),1)
36 TARGET_CFLAGS += -fstack-protector-strong
37 endif
38endif
39ifdef CONFIG_PKG_CC_STACKPROTECTOR_ALL
40 ifeq ($(strip $(PKG_SSP)),1)
41 TARGET_CFLAGS += -fstack-protector-all
42 endif
43endif
44ifdef CONFIG_PKG_FORTIFY_SOURCE_1
45 ifeq ($(strip $(PKG_FORTIFY_SOURCE)),1)
46 TARGET_CFLAGS += -D_FORTIFY_SOURCE=1
47 endif
48endif
49ifdef CONFIG_PKG_FORTIFY_SOURCE_2
50 ifeq ($(strip $(PKG_FORTIFY_SOURCE)),1)
51 TARGET_CFLAGS += -D_FORTIFY_SOURCE=2
52 endif
53endif
54ifdef CONFIG_PKG_RELRO_PARTIAL
55 ifeq ($(strip $(PKG_RELRO)),1)
56 TARGET_CFLAGS += -Wl,-z,relro
57 TARGET_LDFLAGS += -zrelro
58 endif
59endif
60ifdef CONFIG_PKG_RELRO_FULL
61 ifeq ($(strip $(PKG_RELRO)),1)
62 TARGET_CFLAGS += -Wl,-z,now -Wl,-z,relro
63 TARGET_LDFLAGS += -znow -zrelro
64 endif
65endif
66