diff options
| author | Douglas Raillard <douglas.raillard@arm.com> | 2017-02-24 18:14:15 +0000 |
|---|---|---|
| committer | dp-arm <dimitris.papastamos@arm.com> | 2017-03-31 13:58:48 +0100 |
| commit | 51faada71a219a8b94cd8d8e423f0f22e9da4d8f (patch) | |
| tree | 402ce88d1f332e3afda2a623a7ec66053deb2d24 /bl2 | |
| parent | e422f991df48306cd5d9629c4f1ed230b0807fdb (diff) | |
Add support for GCC stack protection
Introduce new build option ENABLE_STACK_PROTECTOR. It enables
compilation of all BL images with one of the GCC -fstack-protector-*
options.
A new platform function plat_get_stack_protector_canary() is introduced.
It returns a value that is used to initialize the canary for stack
corruption detection. Returning a random value will prevent an attacker
from predicting the value and greatly increase the effectiveness of the
protection.
A message is printed at the ERROR level when a stack corruption is
detected.
To be effective, the global data must be stored at an address
lower than the base of the stacks. Failure to do so would allow an
attacker to overwrite the canary as part of an attack which would void
the protection.
FVP implementation of plat_get_stack_protector_canary is weak as
there is no real source of entropy on the FVP. It therefore relies on a
timer's value, which could be predictable.
Change-Id: Icaaee96392733b721fa7c86a81d03660d3c1bc06
Signed-off-by: Douglas Raillard <douglas.raillard@arm.com>
Diffstat (limited to 'bl2')
| -rw-r--r-- | bl2/aarch32/bl2_entrypoint.S | 11 | ||||
| -rw-r--r-- | bl2/aarch64/bl2_entrypoint.S | 9 | ||||
| -rw-r--r-- | bl2/bl2.ld.S | 5 |
3 files changed, 24 insertions, 1 deletions
diff --git a/bl2/aarch32/bl2_entrypoint.S b/bl2/aarch32/bl2_entrypoint.S index bb0b7f31..c82456f2 100644 --- a/bl2/aarch32/bl2_entrypoint.S +++ b/bl2/aarch32/bl2_entrypoint.S @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016, ARM Limited and Contributors. All rights reserved. + * Copyright (c) 2016-2017, ARM Limited and Contributors. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: @@ -122,6 +122,15 @@ func bl2_entrypoint bl plat_set_my_stack /* --------------------------------------------- + * Initialize the stack protector canary before + * any C code is called. + * --------------------------------------------- + */ +#if STACK_PROTECTOR_ENABLED + bl update_stack_protector_canary +#endif + + /* --------------------------------------------- * Perform early platform setup & platform * specific early arch. setup e.g. mmu setup * --------------------------------------------- diff --git a/bl2/aarch64/bl2_entrypoint.S b/bl2/aarch64/bl2_entrypoint.S index 31f77879..15a217d0 100644 --- a/bl2/aarch64/bl2_entrypoint.S +++ b/bl2/aarch64/bl2_entrypoint.S @@ -113,6 +113,15 @@ func bl2_entrypoint bl plat_set_my_stack /* --------------------------------------------- + * Initialize the stack protector canary before + * any C code is called. + * --------------------------------------------- + */ +#if STACK_PROTECTOR_ENABLED + bl update_stack_protector_canary +#endif + + /* --------------------------------------------- * Perform early platform setup & platform * specific early arch. setup e.g. mmu setup * --------------------------------------------- diff --git a/bl2/bl2.ld.S b/bl2/bl2.ld.S index b9275f34..07e0bccd 100644 --- a/bl2/bl2.ld.S +++ b/bl2/bl2.ld.S @@ -99,6 +99,11 @@ SECTIONS */ __RW_START__ = . ; + /* + * .data must be placed at a lower address than the stacks if the stack + * protector is enabled. Alternatively, the .data.stack_protector_canary + * section can be placed independently of the main .data section. + */ .data . : { __DATA_START__ = .; *(.data*) |