[PATCH 13/17] makefile: Add `norelro` linker option
Ilias Apalodimas
ilias.apalodimas at linaro.org
Tue Mar 11 15:31:55 CET 2025
On Mon, 24 Feb 2025 at 07:56, Sam Edwards <cfsworks at gmail.com> wrote:
>
> RELRO is an instruction to a dynamic loader to make a memory range
> read-only after relocations are applied, for added security. Some
> linkers (e.g. LLD) require that all sections covered by the RELRO are
> contiguous, so that only a single RELRO is needed. U-Boot at present
> neither satisfies this requirement (e.g. x86_64 linker script currently
> puts .dynamic too far from .got) nor preserves the RELRO when converting
> away from ELF, therefore add `-z norelro` to global linker options.
>
> Signed-off-by: Sam Edwards <CFSworks at gmail.com>
> ---
> Makefile | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/Makefile b/Makefile
> index 87b07d8989a..c869b5c55fa 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -820,6 +820,7 @@ KBUILD_AFLAGS += $(KAFLAGS)
> KBUILD_CFLAGS += $(KCFLAGS)
>
> KBUILD_LDFLAGS += -z noexecstack
> +KBUILD_LDFLAGS += -z norelro
> KBUILD_LDFLAGS += $(call ld-option,--no-warn-rwx-segments)
>
> KBUILD_HOSTCFLAGS += $(if $(CONFIG_TOOLS_DEBUG),-g)
> --
> 2.45.2
>
I guess we can bring it back eventually when we clean up the linkler
scripts more
Reviewed-by: Ilias Apalodimas <ilias.apalodimas at linaro.org>
More information about the U-Boot
mailing list