Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move Stack Protector Global Flag in Toolsdef #755

Merged
merged 2 commits into from
Feb 29, 2024
Merged

Move Stack Protector Global Flag in Toolsdef #755

merged 2 commits into from
Feb 29, 2024

Conversation

TaylorBeebe
Copy link
Contributor

Description

-mstack-protector-guard=global flag is required to use stack cookies for GCC builds. Clang toolchains inherit flags from GCC defs in the tools_def and does not support the -mstack-protector-guard option. This PR moves the -mstack-protector-guard option to ensure it only targets GCC5 builds.

  • Impacts functionality?
    • Functionality - Does the change ultimately impact how firmware functions?
    • Examples: Add a new library, publish a new PPI, update an algorithm, ...
  • Impacts security?
    • Security - Does the change have a direct security impact on an application,
      flow, or firmware?
    • Examples: Crypto algorithm change, buffer overflow fix, parameter
      validation improvement, ...
  • Breaking change?
    • Breaking change - Will anyone consuming this change experience a break
      in build or boot behavior?
    • Examples: Add a new library class, move a module to a different repo, call
      a function in a new library class in a pre-existing module, ...
  • Includes tests?
    • Tests - Does the change include any explicit test code?
    • Examples: Unit tests, integration tests, robot tests, ...
  • Includes documentation?
    • Documentation - Does the change contain explicit documentation additions
      outside direct code modifications (and comments)?
    • Examples: Update readme file, add feature readme file, link to documentation
      on an a separate Web page, ...

How This Was Tested

Tested in pipelines

Integration Instructions

The Conf/ folder will need to be deleted for existing clones so it can be regenerated

@TaylorBeebe TaylorBeebe changed the base branch from release/202311 to release/202302 February 29, 2024 00:54
@github-actions github-actions bot added impact:breaking-change Requires integration attention impact:security Has a security impact labels Feb 29, 2024
@TaylorBeebe TaylorBeebe changed the title Update stack cookie tools def Move Stack Protector Global Flag in Toolsdef Feb 29, 2024
@TaylorBeebe TaylorBeebe enabled auto-merge (squash) February 29, 2024 18:23
@TaylorBeebe TaylorBeebe merged commit 9571b96 into microsoft:release/202302 Feb 29, 2024
38 checks passed
TaylorBeebe added a commit to TaylorBeebe/mu_basecore that referenced this pull request Feb 29, 2024
@TaylorBeebe
Move Stack Protector Global Flag in Toolsdef (microsoft#755)
91961a7 
-mstack-protector-guard=global flag is required to use stack cookies for
GCC builds. Clang toolchains inherit flags from GCC defs in the
tools_def and does not support the -mstack-protector-guard option. This
PR moves the -mstack-protector-guard option to ensure it only targets
GCC5 builds.

- [x] Impacts functionality?
- **Functionality** - Does the change ultimately impact how firmware
functions?
- Examples: Add a new library, publish a new PPI, update an algorithm,
...
- [x] Impacts security?
- **Security** - Does the change have a direct security impact on an
application,
    flow, or firmware?
  - Examples: Crypto algorithm change, buffer overflow fix, parameter
    validation improvement, ...
- [x] Breaking change?
- **Breaking change** - Will anyone consuming this change experience a
break
    in build or boot behavior?
- Examples: Add a new library class, move a module to a different repo,
call
    a function in a new library class in a pre-existing module, ...
- [ ] Includes tests?
  - **Tests** - Does the change include any explicit test code?
  - Examples: Unit tests, integration tests, robot tests, ...
- [ ] Includes documentation?
- **Documentation** - Does the change contain explicit documentation
additions
    outside direct code modifications (and comments)?
- Examples: Update readme file, add feature readme file, link to
documentation
    on an a separate Web page, ...

Tested in pipelines

The Conf/ folder will need to be deleted for existing clones so it can
be regenerated
TaylorBeebe added a commit to TaylorBeebe/mu_basecore that referenced this pull request Feb 29, 2024
@TaylorBeebe
Move Stack Protector Global Flag in Toolsdef (microsoft#755)
a12543c 
-mstack-protector-guard=global flag is required to use stack cookies for
GCC builds. Clang toolchains inherit flags from GCC defs in the
tools_def and does not support the -mstack-protector-guard option. This
PR moves the -mstack-protector-guard option to ensure it only targets
GCC5 builds.

- [x] Impacts functionality?
- **Functionality** - Does the change ultimately impact how firmware
functions?
- Examples: Add a new library, publish a new PPI, update an algorithm,
...
- [x] Impacts security?
- **Security** - Does the change have a direct security impact on an
application,
    flow, or firmware?
  - Examples: Crypto algorithm change, buffer overflow fix, parameter
    validation improvement, ...
- [x] Breaking change?
- **Breaking change** - Will anyone consuming this change experience a
break
    in build or boot behavior?
- Examples: Add a new library class, move a module to a different repo,
call
    a function in a new library class in a pre-existing module, ...
- [ ] Includes tests?
  - **Tests** - Does the change include any explicit test code?
  - Examples: Unit tests, integration tests, robot tests, ...
- [ ] Includes documentation?
- **Documentation** - Does the change contain explicit documentation
additions
    outside direct code modifications (and comments)?
- Examples: Update readme file, add feature readme file, link to
documentation
    on an a separate Web page, ...

Tested in pipelines

The Conf/ folder will need to be deleted for existing clones so it can
be regenerated
TaylorBeebe added a commit to TaylorBeebe/mu_basecore that referenced this pull request Mar 2, 2024
@TaylorBeebe
Move Stack Protector Global Flag in Toolsdef (microsoft#755)
b89b495 
-mstack-protector-guard=global flag is required to use stack cookies for
GCC builds. Clang toolchains inherit flags from GCC defs in the
tools_def and does not support the -mstack-protector-guard option. This
PR moves the -mstack-protector-guard option to ensure it only targets
GCC5 builds.

- [x] Impacts functionality?
- **Functionality** - Does the change ultimately impact how firmware
functions?
- Examples: Add a new library, publish a new PPI, update an algorithm,
...
- [x] Impacts security?
- **Security** - Does the change have a direct security impact on an
application,
    flow, or firmware?
  - Examples: Crypto algorithm change, buffer overflow fix, parameter
    validation improvement, ...
- [x] Breaking change?
- **Breaking change** - Will anyone consuming this change experience a
break
    in build or boot behavior?
- Examples: Add a new library class, move a module to a different repo,
call
    a function in a new library class in a pre-existing module, ...
- [ ] Includes tests?
  - **Tests** - Does the change include any explicit test code?
  - Examples: Unit tests, integration tests, robot tests, ...
- [ ] Includes documentation?
- **Documentation** - Does the change contain explicit documentation
additions
    outside direct code modifications (and comments)?
- Examples: Update readme file, add feature readme file, link to
documentation
    on an a separate Web page, ...

Tested in pipelines

The Conf/ folder will need to be deleted for existing clones so it can
be regenerated
TaylorBeebe added a commit that referenced this pull request Mar 2, 2024
@TaylorBeebe
Move Stack Protector Global Flag in Toolsdef (#755)
78961a5 
-mstack-protector-guard=global flag is required to use stack cookies for
GCC builds. Clang toolchains inherit flags from GCC defs in the
tools_def and does not support the -mstack-protector-guard option. This
PR moves the -mstack-protector-guard option to ensure it only targets
GCC5 builds.

- [x] Impacts functionality?
- **Functionality** - Does the change ultimately impact how firmware
functions?
- Examples: Add a new library, publish a new PPI, update an algorithm,
...
- [x] Impacts security?
- **Security** - Does the change have a direct security impact on an
application,
    flow, or firmware?
  - Examples: Crypto algorithm change, buffer overflow fix, parameter
    validation improvement, ...
- [x] Breaking change?
- **Breaking change** - Will anyone consuming this change experience a
break
    in build or boot behavior?
- Examples: Add a new library class, move a module to a different repo,
call
    a function in a new library class in a pre-existing module, ...
- [ ] Includes tests?
  - **Tests** - Does the change include any explicit test code?
  - Examples: Unit tests, integration tests, robot tests, ...
- [ ] Includes documentation?
- **Documentation** - Does the change contain explicit documentation
additions
    outside direct code modifications (and comments)?
- Examples: Update readme file, add feature readme file, link to
documentation
    on an a separate Web page, ...

Tested in pipelines

The Conf/ folder will need to be deleted for existing clones so it can
be regenerated
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kuqin12 kuqin12 kuqin12 approved these changes

@Flickdm Flickdm Flickdm approved these changes

Assignees
No one assigned
Labels
impact:breaking-change Requires integration attention impact:security Has a security impact
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@TaylorBeebe @Flickdm @kuqin12