diff options
author | Vadim Sukhomlinov <sukhomlinov@google.com> | 2023-04-13 19:00:39 -0700 |
---|---|---|
committer | Chromeos LUCI <chromeos-scoped@luci-project-accounts.iam.gserviceaccount.com> | 2023-04-14 15:35:10 +0000 |
commit | 2f9b98535ef6760e0fcbde879b25cbab42c96105 (patch) | |
tree | 40083e03a802db158972046ac90be20375dd56f8 /board | |
parent | b3b3c92ea4f7bbadd6968761d5047163559f7cf6 (diff) | |
download | chrome-ec-2f9b98535ef6760e0fcbde879b25cbab42c96105.tar.gz |
cr50: set compiler options to ensure reproducible FIPS module
As per b/277777628 FIPS module build depends on value of `CC` env var,
which is not a desirable behavior.
1. Add -fconserve-stack to FIPS module builds explicitly to make sure
its digest is same as reported and doesn't depend on environment.
2. gcc specific option moved to core/cortex-m/build.mk
3. Verified that binutils workaround is still needed (b/238039591)
BUG=b:277777628, b:238039591
TEST=make BOARD=cr50; tpm_test.py, FIPS digest is the same
Change-Id: I664cee178de400efed3fe2e06b9b4b72f6ce6067
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4425068
Commit-Queue: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Code-Coverage: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Diffstat (limited to 'board')
-rw-r--r-- | board/cr50/build.mk | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/board/cr50/build.mk b/board/cr50/build.mk index a62a43bd1e..45301733f9 100644 --- a/board/cr50/build.mk +++ b/board/cr50/build.mk @@ -201,7 +201,7 @@ FIPS_MODULE=dcrypto/fips_module.o FIPS_LD_SCRIPT=$(BDIR)/dcrypto/fips_module.ld RW_FIPS_OBJS=$(patsubst %.o, $(RW_BD_OUT)/%.o, $(fips-y)) $(RW_FIPS_OBJS): CFLAGS += -frandom-seed=0 -fno-fat-lto-objects -Wswitch\ - -Wsign-compare -Wuninitialized + -Wsign-compare -Wuninitialized -fconserve-stack $(RW_FIPS_OBJS): | $(out)/ec_version.h $(out)/env_config.h rw_board_deps := $(addsuffix .d, $(RW_FIPS_OBJS)) |