From dfe434b793c156a87b5ead5cb85fe60d920d69d3 Mon Sep 17 00:00:00 2001
From: Nathan Rossi <nathan@nathanrossi.com>
Date: Mon, 10 Sep 2018 12:44:13 +0000
Subject: tclibc: For newlib and baremetal disable some security features

With GCCPIE being enabled by default with security_flags.inc the
compiler will by default attempt to compile and link programs as PIE.
The targets that use newlib and baremetal in general do not support PIE
or are otherwise unable to use it due to how embedded targets are
compiled and executed. As such it makes sense to disable PIE by default
for these libc's in order to prevent build failures.

For baremetal tclibc there are no libc features or implementation as
such there is no implementation for the strong stack protector by
default.

Signed-off-by: Nathan Rossi <nathan@nathanrossi.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
---
 meta/conf/distro/include/tclibc-baremetal.inc | 6 ++++++
 meta/conf/distro/include/tclibc-newlib.inc    | 4 ++++
 2 files changed, 10 insertions(+)

diff --git a/meta/conf/distro/include/tclibc-baremetal.inc b/meta/conf/distro/include/tclibc-baremetal.inc
index 1bf44c8591..b00917913f 100644
--- a/meta/conf/distro/include/tclibc-baremetal.inc
+++ b/meta/conf/distro/include/tclibc-baremetal.inc
@@ -28,3 +28,9 @@ TOOLCHAIN_HOST_TASK ?= "packagegroup-cross-canadian-${MACHINE}"
 TOOLCHAIN_HOST_TASK_ATTEMPTONLY ?= ""
 TOOLCHAIN_TARGET_TASK ?= "libgcc-dev"
 TOOLCHAIN_NEED_CONFIGSITE_CACHE_remove = "virtual/${MLPREFIX}libc zlib ncurses"
+
+# disable stack protector by default (no-libc, no protector implementation)
+SECURITY_STACK_PROTECTOR_libc-baremetal = ""
+# disable pie security flags by default
+SECURITY_CFLAGS_libc-baremetal = "${SECURITY_NOPIE_CFLAGS}"
+SECURITY_LDFLAGS_libc-baremetal = ""
diff --git a/meta/conf/distro/include/tclibc-newlib.inc b/meta/conf/distro/include/tclibc-newlib.inc
index dc631d8ada..896c0b16d7 100644
--- a/meta/conf/distro/include/tclibc-newlib.inc
+++ b/meta/conf/distro/include/tclibc-newlib.inc
@@ -42,3 +42,7 @@ TARGET_OS_arm = "eabi"
 TOOLCHAIN_HOST_TASK ?= "packagegroup-cross-canadian-${MACHINE}"
 TOOLCHAIN_TARGET_TASK ?= "${LIBC_DEPENDENCIES}"
 TOOLCHAIN_NEED_CONFIGSITE_CACHE_remove = "zlib ncurses"
+
+# disable pie security flags by default
+SECURITY_CFLAGS_libc-newlib = "${SECURITY_NOPIE_CFLAGS}"
+SECURITY_LDFLAGS_libc-newlib = ""
-- 
cgit 1.2.3-korg