diff --git a/QuoteGeneration/buildenv.mk b/QuoteGeneration/buildenv.mk index 0b677db8f..3fba93597 100644 --- a/QuoteGeneration/buildenv.mk +++ b/QuoteGeneration/buildenv.mk @@ -128,12 +128,7 @@ ifeq ($(CC_NO_LESS_THAN_8), 1) endif # turn on stack protector for SDK -CC_BELOW_4_9 := $(shell expr "`$(CC) -dumpversion`" \< "4.9") -ifeq ($(CC_BELOW_4_9), 1) - COMMON_FLAGS += -fstack-protector -else - COMMON_FLAGS += -fstack-protector-strong -endif +COMMON_FLAGS += -fstack-protector-strong ifdef DEBUG COMMON_FLAGS += -O0 -ggdb -DDEBUG -UNDEBUG diff --git a/QuoteGeneration/quote_wrapper/qgs_msg_lib/linux/Makefile b/QuoteGeneration/quote_wrapper/qgs_msg_lib/linux/Makefile index dff0af230..9ece3cc48 100644 --- a/QuoteGeneration/quote_wrapper/qgs_msg_lib/linux/Makefile +++ b/QuoteGeneration/quote_wrapper/qgs_msg_lib/linux/Makefile @@ -33,7 +33,7 @@ TOP_DIR = ../../.. SDK_NOT_REQUIRED = 1 ifeq ($(wildcard $(TOP_DIR)/buildenv.mk),) - CXXFLAGS ?= -Wnon-virtual-dtor -std=c++14 -fstack-protector -O2 -D_FORTIFY_SOURCE=2 -UDEBUG -DNDEBUG \ + CXXFLAGS ?= -Wnon-virtual-dtor -std=c++14 -fstack-protector-strong -O2 -D_FORTIFY_SOURCE=2 -UDEBUG -DNDEBUG \ -ffunction-sections -fdata-sections -Wall -Wextra -Winit-self -Wpointer-arith -Wreturn-type -Waddress \ -Wsequence-point -Wformat-security -Wmissing-include-dirs -Wfloat-equal -Wundef -Wshadow -Wcast-align \ -Wconversion -Wredundant-decls -DITT_ARCH_IA64 -fcf-protection diff --git a/QuoteGeneration/quote_wrapper/tdx_attest/linux/Makefile b/QuoteGeneration/quote_wrapper/tdx_attest/linux/Makefile index f0a5e364b..20f30221f 100644 --- a/QuoteGeneration/quote_wrapper/tdx_attest/linux/Makefile +++ b/QuoteGeneration/quote_wrapper/tdx_attest/linux/Makefile @@ -33,11 +33,11 @@ TOP_DIR = ../../.. SDK_NOT_REQUIRED = 1 ifeq ($(wildcard $(TOP_DIR)/buildenv.mk),) - CFLAGS ?= -Wjump-misses-init -Wstrict-prototypes -Wunsuffixed-float-constants -fstack-protector -O2 \ + CFLAGS ?= -Wjump-misses-init -Wstrict-prototypes -Wunsuffixed-float-constants -fstack-protector-strong -O2 \ -D_FORTIFY_SOURCE=2 -UDEBUG -DNDEBUG -ffunction-sections -fdata-sections -Wall -Wextra -Winit-self \ -Wpointer-arith -Wreturn-type -Waddress -Wsequence-point -Wformat-security -Wmissing-include-dirs \ -Wfloat-equal -Wundef -Wshadow -Wcast-align -Wconversion -Wredundant-decls -DITT_ARCH_IA64 -fcf-protection - CXXFLAGS ?= -Wnon-virtual-dtor -std=c++14 -fstack-protector -O2 -D_FORTIFY_SOURCE=2 -UDEBUG -DNDEBUG \ + CXXFLAGS ?= -Wnon-virtual-dtor -std=c++14 -fstack-protector-strong -O2 -D_FORTIFY_SOURCE=2 -UDEBUG -DNDEBUG \ -ffunction-sections -fdata-sections -Wall -Wextra -Winit-self -Wpointer-arith -Wreturn-type -Waddress \ -Wsequence-point -Wformat-security -Wmissing-include-dirs -Wfloat-equal -Wundef -Wshadow -Wcast-align \ -Wconversion -Wredundant-decls -DITT_ARCH_IA64 -fcf-protection diff --git a/QuoteVerification/QvE/Makefile b/QuoteVerification/QvE/Makefile index cdac5ff99..73e0c65b3 100644 --- a/QuoteVerification/QvE/Makefile +++ b/QuoteVerification/QvE/Makefile @@ -101,12 +101,7 @@ endif ifneq ($(DEBUG), 1) ENCLAVE_CFLAGS += -ffunction-sections -fdata-sections endif -CC_BELOW_4_9 := $(shell expr "`$(CC) -dumpversion`" \< "4.9") -ifeq ($(CC_BELOW_4_9), 1) - ENCLAVE_CFLAGS += -fstack-protector -else - ENCLAVE_CFLAGS += -fstack-protector-strong -endif +ENCLAVE_CFLAGS += -fstack-protector-strong ENCLAVE_CXXFLAGS += $(ENCLAVE_CFLAGS) -std=c++17 -DSGX_TRUSTED -DSGX_JWT -DPICOJSON_USE_LOCALE=0 diff --git a/QuoteVerification/dcap_tvl/Makefile b/QuoteVerification/dcap_tvl/Makefile index 2d62f283c..49b4b686e 100644 --- a/QuoteVerification/dcap_tvl/Makefile +++ b/QuoteVerification/dcap_tvl/Makefile @@ -56,12 +56,7 @@ endif ifneq ($(DEBUG), 1) COMMON_FLAGS += -ffunction-sections -fdata-sections endif -CC_BELOW_4_9 := $(shell expr "`$(CC) -dumpversion`" \< "4.9") -ifeq ($(CC_BELOW_4_9), 1) - COMMON_FLAGS += -fstack-protector -else - COMMON_FLAGS += -fstack-protector-strong -endif +COMMON_FLAGS += -fstack-protector-strong ENCLAVE_CXXFLAGS += $(SGX_COMMON_CXXFLAGS) $(COMMON_FLAGS) -fPIC -std=c++11 diff --git a/QuoteVerification/dcap_tvl/Makefile.standalone b/QuoteVerification/dcap_tvl/Makefile.standalone index 8a1cb7304..713d8afc3 100644 --- a/QuoteVerification/dcap_tvl/Makefile.standalone +++ b/QuoteVerification/dcap_tvl/Makefile.standalone @@ -45,12 +45,7 @@ COMMON_LDFLAGS := -Wl,-z,relro,-z,now,-z,noexecstack ifneq ($(DEBUG), 1) COMMON_FLAGS += -ffunction-sections -fdata-sections endif -CC_BELOW_4_9 := $(shell expr "`$(CC) -dumpversion`" \< "4.9") -ifeq ($(CC_BELOW_4_9), 1) - COMMON_FLAGS += -fstack-protector -else - COMMON_FLAGS += -fstack-protector-strong -endif +COMMON_FLAGS += -fstack-protector-strong ENCLAVE_CFLAGS = -ffreestanding -nostdinc -fvisibility=hidden -fpie -fno-strict-overflow -fno-delete-null-pointer-checks ENCLAVE_CXXFLAGS = $(ENCLAVE_CFLAGS) -nostdinc++ diff --git a/SampleCode/QuoteAppraisalSample/QAEAppraisal/Makefile b/SampleCode/QuoteAppraisalSample/QAEAppraisal/Makefile index 662ac3e57..868d72df5 100644 --- a/SampleCode/QuoteAppraisalSample/QAEAppraisal/Makefile +++ b/SampleCode/QuoteAppraisalSample/QAEAppraisal/Makefile @@ -87,13 +87,7 @@ Crypto_Library_Name := sgx_tcrypto Enclave_Cpp_Files := Enclave/Enclave.cpp Enclave_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -Enclave_C_Flags := $(Enclave_Include_Paths) -nostdinc -fvisibility=hidden -fpie -ffunction-sections -fdata-sections $(MITIGATION_CFLAGS) -CC_BELOW_4_9 := $(shell expr "`$(CC) -dumpversion`" \< "4.9") -ifeq ($(CC_BELOW_4_9), 1) - Enclave_C_Flags += -fstack-protector -else - Enclave_C_Flags += -fstack-protector-strong -endif +Enclave_C_Flags := $(Enclave_Include_Paths) -nostdinc -fvisibility=hidden -fpie -ffunction-sections -fdata-sections $(MITIGATION_CFLAGS) -fstack-protector-strong Enclave_Cpp_Flags := $(Enclave_C_Flags) -std=c++11 -nostdinc++ diff --git a/SampleCode/QuoteGenerationSample/Makefile b/SampleCode/QuoteGenerationSample/Makefile index 4fdbb36e9..fd5b4e253 100644 --- a/SampleCode/QuoteGenerationSample/Makefile +++ b/SampleCode/QuoteGenerationSample/Makefile @@ -104,11 +104,7 @@ Enclave_Cpp_Files := Enclave/Enclave.cpp Enclave_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/libcxx CC_BELOW_4_9 := $(shell expr "`$(CC) -dumpversion`" \< "4.9") -ifeq ($(CC_BELOW_4_9), 1) - Enclave_C_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -ffunction-sections -fdata-sections -fstack-protector -else - Enclave_C_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -ffunction-sections -fdata-sections -fstack-protector-strong -endif +Enclave_C_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -ffunction-sections -fdata-sections Enclave_C_Flags += $(Enclave_Include_Paths) Enclave_Cpp_Flags := $(Enclave_C_Flags) -std=c++11 -nostdinc++ diff --git a/SampleCode/QuoteVerificationSample/Makefile b/SampleCode/QuoteVerificationSample/Makefile index d5346152b..616458717 100644 --- a/SampleCode/QuoteVerificationSample/Makefile +++ b/SampleCode/QuoteVerificationSample/Makefile @@ -130,13 +130,7 @@ DCAP_DIR ?= ../../ Enclave_Cpp_Files := Enclave/Enclave.cpp Enclave_Include_Paths := -IEnclave -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/libcxx -Enclave_C_Flags := $(Enclave_Include_Paths) -nostdinc -fvisibility=hidden -fpie -ffunction-sections -fdata-sections -CC_BELOW_4_9 := $(shell expr "`$(CC) -dumpversion`" \< "4.9") -ifeq ($(CC_BELOW_4_9), 1) - Enclave_C_Flags += -fstack-protector -else - Enclave_C_Flags += -fstack-protector-strong -endif +Enclave_C_Flags := $(Enclave_Include_Paths) -nostdinc -fvisibility=hidden -fpie -ffunction-sections -fdata-sections -fstack-protector-strong Enclave_Cpp_Flags := $(Enclave_C_Flags) -nostdinc++ diff --git a/tools/PCKRetrievalTool/Makefile b/tools/PCKRetrievalTool/Makefile index d9c2baca9..f41a47b7d 100644 --- a/tools/PCKRetrievalTool/Makefile +++ b/tools/PCKRetrievalTool/Makefile @@ -59,12 +59,7 @@ else endif # turn on stack protector for SDK -CC_BELOW_4_9 := $(shell expr "`$(CC) -dumpversion`" \< "4.9") -ifeq ($(CC_BELOW_4_9), 1) - COMMON_FLAGS += -fstack-protector -else - COMMON_FLAGS += -fstack-protector-strong -endif +COMMON_FLAGS += -fstack-protector-strong ifdef DEBUG COMMON_FLAGS += -O0 -ggdb -DDEBUG -UNDEBUG