wrapper: introduce a wrapper for cc, c++, cpp and ld

This is used to inject compiler and linker options without relying on the
build-systems to pass additional options to the tools.
It is used for options needed for cross-compiling, hardening flags and
other user defined options.
The wrapper also calls ccache if ptxdist is configured to use it.

Signed-off-by: Jan Luebbe <jlu@pengutronix.de>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>

2 files changed, 79 insertions, 0 deletions

diff --git a/platforms/toolchain_hardening.in b/platforms/toolchain_hardening.in
new file mode 100644
index 000000000..cb81798b2
--- /dev/null
+++ b/platforms/toolchain_hardening.in
@@ -0,0 +1,50 @@
+## SECTION=architecture_options
+
+menu "hardening options             "
+
+config TARGET_HARDEN_STACK
+	bool
+	prompt "Enable stack protector (cc -fstack-protector)"
+	help
+	  This is a mainline GCC feature, which adds safety checks against
+	  stack overwrites. This renders many potential code injection
+	  attacks into aborting situations. In the best case this turns
+	  code injection vulnerabilities into denial of service or into
+	  non-issues (depending on the application).
+	  http://en.wikipedia.org/wiki/Stack-smashing_protection
+
+config TARGET_HARDEN_FORTIFY
+	bool
+	prompt "Enable glibc protections (cc -D_FORTIFY_SOURCE=2)"
+	help
+	  During code generation the compiler knows a great deal of
+	  information about buffer sizes (where possible), and attempts to
+	  replace insecure unlimited length buffer function calls with
+	  length-limited ones. This is especially useful for old, crufty
+	  code.
+
+config TARGET_HARDEN_RELRO
+	bool
+	prompt "Enable 'RELocation Read-Only' (ld -z relro)"
+	help
+	  Several ELF sections need to be written to by the linker, but can
+	  be turned read-only after starting. Most notably this prevents
+	  GOT overwrites attacks.
+
+config TARGET_HARDEN_BINDNOW
+	bool
+	prompt "Enable 'Bind Now' (ld -z now)"
+	help
+	  Perform all dynamic bindings at start-up instead of on-demand.
+	  This prevents PLT overwrite attacks.
+
+config TARGET_HARDEN_PIE
+	bool
+	prompt "Enable 'Position Independent Executables' (-fPIE -pie)"
+	help
+	  Position Independent Executable are needed for effective Address
+	  Space Layout randomization.
+	  http://en.wikipedia.org/wiki/ASLR
+
+
+endmenu
diff --git a/platforms/toolchain_options.in b/platforms/toolchain_options.in
index 1277335ac..59a8ac81f 100644
--- a/platforms/toolchain_options.in
+++ b/platforms/toolchain_options.in
@@ -2,6 +2,35 @@
 
 menu "extra toolchain options       "
 
+choice
+	prompt "linker hash-style"
+	default TARGET_LINKER_HASH_DEFAULT
+
+	config TARGET_LINKER_HASH_DEFAULT
+		bool
+		prompt "default   "
+		help
+		  don't change the default linker hash style
+
+	config TARGET_LINKER_HASH_SYSV
+		bool
+		prompt "sysv      "
+		help
+		  add "--hash-style=sysv" to the linker options
+
+	config TARGET_LINKER_HASH_GNU
+		bool
+		prompt "gnu       "
+		help
+		  add "--hash-style=gnu" to the linker options
+
+	config TARGET_LINKER_HASH_BOTH
+		bool
+		prompt "gnu & sysv"
+		help
+		  add "--hash-style=both" to the linker options
+endchoice
+
 config TARGET_EXTRA_CPPFLAGS
 	string
 	prompt "Extra CPPFLAGS (cpp)"