QcomModulePkg: Enable SafeStack option to bootloader
SafeStack protects against attacks based on stack buffer overflows.
The protections is achieved by seperating the program stack into two,
one is safe stack which stores return addresses, local variables,
register spills, while everything else is stored on unsafe stack.
To enable safe stack for ABL, add the required compilation flags,
allocate unsafe stack and return the unsafe stack pointer to compiler.
CRs-Fixed: 2238349
Change-Id: If3fb73207b2ae0dd45be2d3d407a166876c97889
diff --git a/AndroidBoot.mk b/AndroidBoot.mk
index aaa072a..0e879be 100644
--- a/AndroidBoot.mk
+++ b/AndroidBoot.mk
@@ -49,6 +49,14 @@
BOARD_BOOTLOADER_PRODUCT_NAME := QC_Reference_Phone
endif
+ifeq ($(BOARD_ABL_SAFESTACK_DISABLE),true)
+ ABL_SAFESTACK := false
+else
+ ABL_SAFESTACK := true
+endif
+
+SAFESTACK_SUPPORTED_CLANG_VERSION = 6.0
+
# For most platform, abl needed always be built
# in aarch64 arthitecture to run.
# Specify BOOTLOADER_ARCH if needed to built with
@@ -92,6 +100,8 @@
CLANG_BIN=$(CLANG_BIN) \
CLANG_PREFIX=$(CLANG35_PREFIX)\
ABL_USE_SDLLVM=$(ABL_USE_SDLLVM) \
+ ABL_SAFESTACK=$(ABL_SAFESTACK) \
+ SAFESTACK_SUPPORTED_CLANG_VERSION=$(SAFESTACK_SUPPORTED_CLANG_VERSION) \
CLANG_GCC_TOOLCHAIN=$(CLANG35_GCC_TOOLCHAIN)\
TARGET_ARCHITECTURE=$(TARGET_ARCHITECTURE) \
BOARD_BOOTLOADER_PRODUCT_NAME=$(BOARD_BOOTLOADER_PRODUCT_NAME)