cr50: adjust FIPS module build flags for reproducible build

Set FIPS module build flags to reduce changes in object file due to
compiler's randomization during LTO.

Adjusted several optimization options which resulted in smaller image.
Freed 136 bytes for ToT.

BUG=b:138578318
TEST=make BOARD=cr50, test that image works.

Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I99d9bf459bda6f1fcbd8dafe6f23539dda110fd8
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3123967
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>

1 files changed, 10 insertions, 1 deletions

diff --git a/board/cr50/build.mk b/board/cr50/build.mk
index 0c2b9778e7..b75d867421 100644
--- a/board/cr50/build.mk
+++ b/board/cr50/build.mk
@@ -135,10 +135,19 @@ RW_BD_OUT=$(out)/RW/$(BDIR)
 FIPS_MODULE=dcrypto/fips_module.o
 FIPS_LD_SCRIPT=$(BDIR)/dcrypto/fips_module.ld
 RW_FIPS_OBJS=$(patsubst %.o, $(RW_BD_OUT)/%.o, $(fips-y))
+$(RW_FIPS_OBJS): CFLAGS += -frandom-seed=0 -fno-fat-lto-objects
+
+# Note, since FIPS object files are compiled with lto, actual compilation
+# and code optimization take place during link time.
+# Consider -ffile-prefix-map=old_path=new_path if needed
+FIPS_CFLAGS = $(CFLAGS) -frandom-seed=0 -flto=1 -flto-partition=1to1 -fipa-pta\
+  -fvisibility=hidden -fipa-cp-clone -fweb -ftree-partial-pre\
+  -flive-range-shrinkage -fgcse-after-reload -fgcse-sm -fgcse-las -fivopts\
+  -fpredictive-commoning -freorder-blocks-algorithm=stc
 
 $(RW_BD_OUT)/$(FIPS_MODULE): $(RW_FIPS_OBJS)
 	@echo "  LD      $(notdir $@)"
-	$(Q)$(CC) $(CFLAGS) --static -Wl,--relocatable\
+	$(Q)$(CC) $(FIPS_CFLAGS) --static -Wl,--relocatable\
 		-Wl,-T $(FIPS_LD_SCRIPT) -Wl,-Map=$@.map -o $@ $^
 	$(Q)$(OBJDUMP) -th $@ > $@.sym