[PATCH 5/8] UBUNTU: SAUCE: ubuntu/sgx: hardening compiler options
Tim Gardner
tim.gardner at canonical.com
Thu Aug 12 12:09:10 UTC 2021
BugLink: https://bugs.launchpad.net/bugs/1936240
https://github.com/intel/SGXDataCenterAttestationPrimitives
9086b3ef9b0760292cd2ffd70253a45bfcb37f26 Linux Driver: hardening compiler options
Signed-off-by: Tim Gardner <tim.gardner at canonical.com>
---
ubuntu/sgx/Makefile | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/ubuntu/sgx/Makefile b/ubuntu/sgx/Makefile
index 763fd841cb209..4f7f513b8b7e1 100644
--- a/ubuntu/sgx/Makefile
+++ b/ubuntu/sgx/Makefile
@@ -29,8 +29,11 @@ default:
else
PWD := $(shell pwd)
+EXTRA_CFLAGS += -I$(PWD) -I$(PWD)/include -D_FORTIFY_SOURCE=2 -Wl,-z,relro,-z,now
+EXTRA_LDFLAGS := -z noexecstack
+
default:
- $(MAKE) -C $(KDIR) M=$(PWD) CFLAGS_MODULE="-I$(PWD) -I$(PWD)/include $(EXTRA_CFLAGS)" modules
+ $(MAKE) -C $(KDIR) M=$(PWD) LDFLAGS_MODULE="$(EXTRA_LDFLAGS)" CFLAGS_MODULE="$(EXTRA_CFLAGS)" modules
endif
endif
--
2.32.0
More information about the kernel-team
mailing list