feat(security): add support for SLS mitigation This patch enables support for the gcc compiler option "-mharden-sls", the default is not to use this option. Setting HARDEN_SLS=1 sets "-mharden-sls=all" that enables all hardening against straight line speculation. Signed-off-by: Bipin Ravi <bipin.ravi@arm.com> Change-Id: I59f5963c22431571f5aebe7e0c5642b32362f4c9

commit: e53e6ae56923e1f15e0a1fb212e4137dc1df5cbc [log] [tgz]
author: Bipin Ravi <bipin.ravi@arm.com> Thu Sep 28 13:17:24 2023 -0500
committer: Bipin Ravi <bipin.ravi@arm.com> Tue Nov 21 15:27:00 2023 -0600
tree: 8a92eff20b463b40a07ae435fcb1c0a6762b54e0
parent: e052a53caeedaf635fa31a2b2284f3f77a52c773 [diff] [blame]
diff --git a/Makefile b/Makefile
index 907ae21..ef01fef 100644
--- a/Makefile
+++ b/Makefile

@@ -312,6 +312,10 @@
 # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105523
 TF_CFLAGS		+= 	$(call cc_option, --param=min-pagesize=0)
 
+ifeq ($(HARDEN_SLS), 1)
+        TF_CFLAGS_aarch64       +=      $(call cc_option, -mharden-sls=all)
+endif
+
 else
 # using clang
 WARNINGS	+=		-Wshift-overflow -Wshift-sign-overflow \
@@ -1179,6 +1183,7 @@
 	GENERATE_COT \
 	GICV2_G0_FOR_EL3 \
 	HANDLE_EA_EL3_FIRST_NS \
+	HARDEN_SLS \
 	HW_ASSISTED_COHERENCY \
 	MEASURED_BOOT \
 	DRTM_SUPPORT \
commit	e53e6ae56923e1f15e0a1fb212e4137dc1df5cbc	[log] [tgz]
author	Bipin Ravi <bipin.ravi@arm.com>	Thu Sep 28 13:17:24 2023 -0500
committer	Bipin Ravi <bipin.ravi@arm.com>	Tue Nov 21 15:27:00 2023 -0600
tree	8a92eff20b463b40a07ae435fcb1c0a6762b54e0
parent	e052a53caeedaf635fa31a2b2284f3f77a52c773 [diff] [blame]