build: fix uImage fake header command
[openwrt/openwrt.git] / include / hardening.mk
1 #
2 # Copyright (C) 2015 OpenWrt.org
3 #
4 # This is free software, licensed under the GNU General Public License v2.
5 # See /LICENSE for more information.
6 #
7
8 PKG_CHECK_FORMAT_SECURITY ?= 1
9 PKG_ASLR_PIE ?= 1
10 PKG_SSP ?= 1
11 PKG_FORTIFY_SOURCE ?= 1
12 PKG_RELRO ?= 1
13
14 ifdef CONFIG_PKG_CHECK_FORMAT_SECURITY
15 ifeq ($(strip $(PKG_CHECK_FORMAT_SECURITY)),1)
16 TARGET_CFLAGS += -Wformat -Werror=format-security
17 endif
18 endif
19 ifdef CONFIG_PKG_ASLR_PIE
20 ifeq ($(strip $(PKG_ASLR_PIE)),1)
21 TARGET_CFLAGS += -fPIC
22 TARGET_LDFLAGS += -specs=$(INCLUDE_DIR)/hardened-ld-pie.specs
23 endif
24 endif
25 ifdef CONFIG_PKG_CC_STACKPROTECTOR_REGULAR
26 ifeq ($(strip $(PKG_SSP)),1)
27 TARGET_CFLAGS += -fstack-protector
28 endif
29 endif
30 ifdef CONFIG_PKG_CC_STACKPROTECTOR_STRONG
31 ifeq ($(strip $(PKG_SSP)),1)
32 TARGET_CFLAGS += -fstack-protector-strong
33 endif
34 endif
35 ifdef CONFIG_PKG_FORTIFY_SOURCE_1
36 ifeq ($(strip $(PKG_FORTIFY_SOURCE)),1)
37 TARGET_CFLAGS += -D_FORTIFY_SOURCE=1
38 endif
39 endif
40 ifdef CONFIG_PKG_FORTIFY_SOURCE_2
41 ifeq ($(strip $(PKG_FORTIFY_SOURCE)),1)
42 TARGET_CFLAGS += -D_FORTIFY_SOURCE=2
43 endif
44 endif
45 ifdef CONFIG_PKG_RELRO_PARTIAL
46 ifeq ($(strip $(PKG_RELRO)),1)
47 TARGET_CFLAGS += -Wl,-z,relro
48 TARGET_LDFLAGS += -zrelro
49 endif
50 endif
51 ifdef CONFIG_PKG_RELRO_FULL
52 ifeq ($(strip $(PKG_RELRO)),1)
53 TARGET_CFLAGS += -Wl,-z,now -Wl,-z,relro
54 TARGET_LDFLAGS += -znow -zrelro
55 endif
56 endif
57