From 58b4b6f3d45f4430134e63a49798e9c7fe2000be Mon Sep 17 00:00:00 2001 From: Francois Beutin Date: Tue, 11 Jul 2023 14:22:51 +0200 Subject: [PATCH 1/2] Add empty .data section enforcer in loader scripts for all targets --- target/nanos2/script.ld | 2 ++ target/nanox/script.ld | 2 ++ target/stax/script.ld | 2 ++ 3 files changed, 6 insertions(+) diff --git a/target/nanos2/script.ld b/target/nanos2/script.ld index ac27a23d0..47a298109 100644 --- a/target/nanos2/script.ld +++ b/target/nanos2/script.ld @@ -94,6 +94,8 @@ SECTIONS } > DISCARD /*> SRAM AT>FLASH = 0x00 */ + ASSERT( (_edata - _data) <= 0, ".data section must be empty" ) + .bss : { /** diff --git a/target/nanox/script.ld b/target/nanox/script.ld index ecd1bcf4d..5ef60477f 100644 --- a/target/nanox/script.ld +++ b/target/nanox/script.ld @@ -96,6 +96,8 @@ SECTIONS } > DISCARD /*> SRAM AT>FLASH = 0x00 */ + ASSERT( (_edata - _data) <= 0, ".data section must be empty" ) + /* The .init_array is initialized with functions with the constructor * attribute. Discard this section since there's no loader. */ /DISCARD/ : { diff --git a/target/stax/script.ld b/target/stax/script.ld index 0d4066494..e921f4ded 100644 --- a/target/stax/script.ld +++ b/target/stax/script.ld @@ -95,6 +95,8 @@ SECTIONS } > DISCARD /*> SRAM AT>FLASH = 0x00 */ + ASSERT( (_edata - _data) <= 0, ".data section must be empty" ) + .bss : { /** From 9988903a470e921180c6f856925dfd6b75e4aef3 Mon Sep 17 00:00:00 2001 From: Francois Beutin Date: Tue, 11 Jul 2023 14:41:54 +0200 Subject: [PATCH 2/2] Add empty .bss section enforcer in loader scripts for plugin compilation --- Makefile.rules_generic | 8 +++++++- target/nanos/plugin_script.ld | 22 ++++++++++++++++++++++ target/nanos/script.ld | 4 ++-- target/nanos2/plugin_script.ld | 22 ++++++++++++++++++++++ target/nanos2/script.ld | 4 ++-- target/nanox/plugin_script.ld | 22 ++++++++++++++++++++++ target/nanox/script.ld | 4 ++-- target/stax/plugin_script.ld | 22 ++++++++++++++++++++++ target/stax/script.ld | 4 ++-- 9 files changed, 103 insertions(+), 9 deletions(-) create mode 100644 target/nanos/plugin_script.ld create mode 100644 target/nanos2/plugin_script.ld create mode 100644 target/nanox/plugin_script.ld create mode 100644 target/stax/plugin_script.ld diff --git a/Makefile.rules_generic b/Makefile.rules_generic index c417762c4..d5300fc6f 100644 --- a/Makefile.rules_generic +++ b/Makefile.rules_generic @@ -89,7 +89,13 @@ $(OBJ_DIR)/%.o: %.S $(BUILD_DEPENDENCIES) prepare $(L)$(call as_cmdline,$(INCLUDES_PATH), $(DEFINES),$<,$@) ifeq ($(SCRIPT_LD),) -SCRIPT_LD:=$(BOLOS_SDK)/target/$(TARGET)/script.ld +LDFLAGS += -L$(BOLOS_SDK)/target/$(TARGET) +ifeq ($(IS_PLUGIN),) +SCRIPT_LD := $(BOLOS_SDK)/target/$(TARGET)/script.ld +else +SCRIPT_LD := $(BOLOS_SDK)/target/$(TARGET)/plugin_script.ld +$(info Using plugin link script: $(SCRIPT_LD)) +endif else $(info Using custom link script: $(SCRIPT_LD)) endif diff --git a/target/nanos/plugin_script.ld b/target/nanos/plugin_script.ld new file mode 100644 index 000000000..61bcc010a --- /dev/null +++ b/target/nanos/plugin_script.ld @@ -0,0 +1,22 @@ +/******************************************************************************* +* Ledger - Secure firmware +* (c) 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023 Ledger +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +********************************************************************************/ + +/* Reuse the main linker script */ +INCLUDE script.ld + +/* No global variable allowed in plugins */ +ASSERT( (_ebss - _bss) <= 0, ".bss section must be empty for plugins" ) diff --git a/target/nanos/script.ld b/target/nanos/script.ld index 6707f728f..88c311626 100644 --- a/target/nanos/script.ld +++ b/target/nanos/script.ld @@ -1,6 +1,6 @@ /******************************************************************************* -* Ledger Blue - Secure firmware -* (c) 2016, 2017, 2018, 2019, 2020 Ledger +* Ledger - Secure firmware +* (c) 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023 Ledger * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/target/nanos2/plugin_script.ld b/target/nanos2/plugin_script.ld new file mode 100644 index 000000000..61bcc010a --- /dev/null +++ b/target/nanos2/plugin_script.ld @@ -0,0 +1,22 @@ +/******************************************************************************* +* Ledger - Secure firmware +* (c) 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023 Ledger +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +********************************************************************************/ + +/* Reuse the main linker script */ +INCLUDE script.ld + +/* No global variable allowed in plugins */ +ASSERT( (_ebss - _bss) <= 0, ".bss section must be empty for plugins" ) diff --git a/target/nanos2/script.ld b/target/nanos2/script.ld index 47a298109..8fd537a6b 100644 --- a/target/nanos2/script.ld +++ b/target/nanos2/script.ld @@ -1,6 +1,6 @@ /******************************************************************************* -* Ledger Blue - Secure firmware -* (c) 2016, 2017, 2018, 2019 Ledger +* Ledger - Secure firmware +* (c) 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023 Ledger * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/target/nanox/plugin_script.ld b/target/nanox/plugin_script.ld new file mode 100644 index 000000000..1e09b06a6 --- /dev/null +++ b/target/nanox/plugin_script.ld @@ -0,0 +1,22 @@ +/******************************************************************************* +* Ledger - Secure firmware +* (c) 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023 Ledger +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +********************************************************************************/ + +/* Reuse the main linker script */ +INCLUDE script.ld + +/* No global variable allowed in plugins */ +ASSERT( (_ebss - _bss) <= 4, ".bss section must be empty for plugins" ) diff --git a/target/nanox/script.ld b/target/nanox/script.ld index 5ef60477f..82b459121 100644 --- a/target/nanox/script.ld +++ b/target/nanox/script.ld @@ -1,6 +1,6 @@ /******************************************************************************* -* Ledger Blue - Secure firmware -* (c) 2016, 2017, 2018, 2019 Ledger +* Ledger - Secure firmware +* (c) 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023 Ledger * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/target/stax/plugin_script.ld b/target/stax/plugin_script.ld new file mode 100644 index 000000000..61bcc010a --- /dev/null +++ b/target/stax/plugin_script.ld @@ -0,0 +1,22 @@ +/******************************************************************************* +* Ledger - Secure firmware +* (c) 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023 Ledger +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +********************************************************************************/ + +/* Reuse the main linker script */ +INCLUDE script.ld + +/* No global variable allowed in plugins */ +ASSERT( (_ebss - _bss) <= 0, ".bss section must be empty for plugins" ) diff --git a/target/stax/script.ld b/target/stax/script.ld index e921f4ded..19b296a05 100644 --- a/target/stax/script.ld +++ b/target/stax/script.ld @@ -1,6 +1,6 @@ /******************************************************************************* -* Ledger Blue - Secure firmware -* (c) 2016, 2017, 2018, 2019 Ledger +* Ledger - Secure firmware +* (c) 2016, 2017, 2018, 2019, 2020, 2021, 2022, 2023 Ledger * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License.