mirror of
https://github.com/u-boot/u-boot.git
synced 2024-12-02 09:03:27 +08:00
4b05301979
The Yocto project builds their aarch64 cross-compiler with the configure knob --enable-standard-branch-protection, which means that their gcc behaves as if -mbranch-protection=standard is passed; the default (lacking that configure knob) is -mbranch-protection=none. This means that when building U-Boot using the Yocto toolchain, most functions end up containing paciasp/autiasp/bti instructions. However, since U-Boot is not an ordinary userspace application, there's no OS kernel which has set up the required authentication keys, so these instructions do nothing at all (even on arm64 hardware that does have the pointer authentication capability). They do however make the image larger. It is theoretically possible for U-Boot to make use of the pointer authentication protection - cf. the linux kernel's CONFIG_ARM64_PTR_AUTH_KERNEL - but it is far from trivial, and it's hard to see just what threat model it would protect against in a bootloader context. Regardless, we certainly have none of the required infrastructure now, so explicitly pass -mbranch-protection=none to ensure those useless instructions do not get emitted. For a toolchain not configured with --enable-standard-branch-protection, this changes nothing. For the Yocto toolchain, this reduces the size of both SPL and U-Boot proper by about 3% for my imx8mp target. If you don't have a Yocto toolchain, the effect can easily be reproduced by applying this patch and changing =none to =standard. Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk> Reviewed-by: Simon Glass <sjg@chromium.org> |
||
---|---|---|
.. | ||
arc | ||
arm | ||
m68k | ||
microblaze | ||
mips | ||
nios2 | ||
powerpc | ||
riscv | ||
sandbox | ||
sh | ||
x86 | ||
xtensa | ||
.gitignore | ||
Kconfig | ||
Kconfig.nxp | ||
u-boot-elf.lds |