-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathbuildenv.mk
153 lines (128 loc) · 4.12 KB
/
buildenv.mk
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
CP := /bin/cp -f
MKDIR := mkdir -p
STRIP := strip
OBJCOPY := objcopy
CARGOTOOL := cargo
ifeq ($(shell id -u), 0)
CARGOTOOL := /root/.cargo/bin/cargo
endif
# clean the content of 'INCLUDE' - this variable will be set by vcvars32.bat
# thus it will cause build error when this variable is used by our Makefile,
# when compiling the code under Cygwin tainted by MSVC environment settings.
INCLUDE :=
# turn on stack protector for SDK
COMMON_FLAGS += -fstack-protector
ifdef DEBUG
COMMON_FLAGS += -O0 -g -DDEBUG -UNDEBUG
else
COMMON_FLAGS += -O2 -D_FORTIFY_SOURCE=2 -UDEBUG -DNDEBUG
endif
# turn on compiler warnings as much as possible
COMMON_FLAGS += -Wall -Wextra -Winit-self -Wpointer-arith -Wreturn-type \
-Waddress -Wsequence-point -Wformat-security \
-Wmissing-include-dirs -Wfloat-equal -Wundef -Wshadow \
-Wcast-align -Wconversion -Wredundant-decls
# additional warnings flags for C
CFLAGS += -Wjump-misses-init -Wstrict-prototypes -Wunsuffixed-float-constants
# additional warnings flags for C++
CXXFLAGS += -Wnon-virtual-dtor
# for static_assert()
CXXFLAGS += -std=c++0x
.DEFAULT_GOAL := all
# this turns off the RCS / SCCS implicit rules of GNU Make
% : RCS/%,v
% : RCS/%
% : %,v
% : s.%
% : SCCS/s.%
# If a rule fails, delete $@.
.DELETE_ON_ERROR:
HOST_FILE_PROGRAM := file
UNAME := $(shell uname -m)
ifneq (,$(findstring 86,$(UNAME)))
HOST_ARCH := x86
ifneq (,$(shell $(HOST_FILE_PROGRAM) -L $(SHELL) | grep 'x86[_-]64'))
HOST_ARCH := x86_64
endif
else
$(info Unknown host CPU arhitecture $(UNAME))
$(error Aborting)
endif
ifeq "$(findstring __INTEL_COMPILER, $(shell $(CC) -E -dM -xc /dev/null))" "__INTEL_COMPILER"
ifeq ($(shell test -f /usr/bin/dpkg; echo $$?), 0)
ADDED_INC := -I /usr/include/$(shell dpkg-architecture -qDEB_BUILD_MULTIARCH)
endif
endif
ARCH := $(HOST_ARCH)
ifeq "$(findstring -m32, $(CXXFLAGS))" "-m32"
ARCH := x86
endif
ifeq ($(ARCH), x86)
COMMON_FLAGS += -DITT_ARCH_IA32
else
COMMON_FLAGS += -DITT_ARCH_IA64
endif
CFLAGS += $(COMMON_FLAGS)
CXXFLAGS += $(COMMON_FLAGS)
# Enable the security flags
COMMON_LDFLAGS := -Wl,-z,relro,-z,now,-z,noexecstack
# mitigation options
MITIGATION_INDIRECT ?= 0
MITIGATION_RET ?= 0
MITIGATION_C ?= 0
MITIGATION_ASM ?= 0
MITIGATION_AFTERLOAD ?= 0
MITIGATION_LIB_PATH :=
ifeq ($(MITIGATION-CVE-2020-0551), LOAD)
MITIGATION_C := 1
MITIGATION_ASM := 1
MITIGATION_INDIRECT := 1
MITIGATION_RET := 1
MITIGATION_AFTERLOAD := 1
MITIGATION_LIB_PATH := cve_2020_0551_load
else ifeq ($(MITIGATION-CVE-2020-0551), CF)
MITIGATION_C := 1
MITIGATION_ASM := 1
MITIGATION_INDIRECT := 1
MITIGATION_RET := 1
MITIGATION_AFTERLOAD := 0
MITIGATION_LIB_PATH := cve_2020_0551_cf
endif
MITIGATION_CFLAGS :=
MITIGATION_ASFLAGS :=
ifeq ($(MITIGATION_C), 1)
ifeq ($(MITIGATION_INDIRECT), 1)
MITIGATION_CFLAGS += -mindirect-branch-register
endif
ifeq ($(MITIGATION_RET), 1)
MITIGATION_CFLAGS += -mfunction-return=thunk-extern
endif
endif
ifeq ($(MITIGATION_ASM), 1)
MITIGATION_ASFLAGS += -fno-plt
ifeq ($(MITIGATION_AFTERLOAD), 1)
MITIGATION_ASFLAGS += -Wa,-mlfence-after-load=yes
else
MITIGATION_ASFLAGS += -Wa,-mlfence-before-indirect-branch=register
endif
ifeq ($(MITIGATION_RET), 1)
MITIGATION_ASFLAGS += -Wa,-mlfence-before-ret=not
endif
endif
MITIGATION_CFLAGS += $(MITIGATION_ASFLAGS)
# Compiler and linker options for an Enclave
#
# We are using '--export-dynamic' so that `g_global_data_sim' etc.
# will be exported to dynamic symbol table.
#
# When `pie' is enabled, the linker (both BFD and Gold) under Ubuntu 14.04
# will hide all symbols from dynamic symbol table even if they are marked
# as `global' in the LD version script.
ENCLAVE_CFLAGS = -ffreestanding -nostdinc -fvisibility=hidden -fpie -fno-strict-overflow -fno-delete-null-pointer-checks
ENCLAVE_CXXFLAGS = $(ENCLAVE_CFLAGS) -nostdinc++
ENCLAVE_LDFLAGS = $(COMMON_LDFLAGS) -Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \
-Wl,-pie,-eenclave_entry -Wl,--export-dynamic \
-Wl,--gc-sections \
-Wl,--defsym,__ImageBase=0
ENCLAVE_CFLAGS += $(MITIGATION_CFLAGS)
ENCLAVE_ASFLAGS = $(MITIGATION_ASFLAGS)