From: Roland Hieber <rhi@pengutronix.de>
To: distrokit@pengutronix.de
Cc: Roland Hieber <rhi@pengutronix.de>
Subject: [DistroKit] [PATCH 5/6] v8a: update to OSELAS.Toolchain 2020.08.0
Date: Sun, 30 Aug 2020 23:32:02 +0200 [thread overview]
Message-ID: <20200830213203.15562-6-rhi@pengutronix.de> (raw)
In-Reply-To: <20200830213203.15562-1-rhi@pengutronix.de>
Update to the latest toolchain, which was released this week.
Updating to GCC 10 prompts for new kernel options:
| CONFIG_ARM64_PTR_AUTH:
|
| Pointer authentication (part of the ARMv8.3 Extensions) provides
| instructions for signing and authenticating pointers against secret
| keys, which can be used to mitigate Return Oriented Programming (ROP)
| and other attacks.
|
| This option enables these instructions at EL0 (i.e. for userspace).
| Choosing this option will cause the kernel to initialise secret keys
| for each process at exec() time, with these keys being
| context-switched along with the process.
|
| If the compiler supports the -mbranch-protection or
| -msign-return-address flag (e.g. GCC 7 or later), then this option
| will also cause the kernel itself to be compiled with return address
| protection. In this case, and if the target hardware is known to
| support pointer authentication, then CONFIG_STACKPROTECTOR can be
| disabled with minimal loss of protection.
|
| The feature is detected at runtime. If the feature is not present in
| hardware it will not be advertised to userspace/KVM guest nor will it
| be enabled. However, KVM guest also require VHE mode and hence
| CONFIG_ARM64_VHE=y option to use this feature.
|
| If the feature is present on the boot CPU but not on a late CPU, then
| the late CPU will be parked. Also, if the boot CPU does not have
| address auth and the late CPU has then the late CPU will still boot
| but with the feature disabled. On such a system, this option should
| not be selected.
|
| This feature works with FUNCTION_GRAPH_TRACER option only if
| DYNAMIC_FTRACE_WITH_REGS is enabled.
| CONFIG_ARM64_BTI_KERNEL:
|
| Build the kernel with Branch Target Identification annotations
| and enable enforcement of this for kernel code. When this option
| is enabled and the system supports BTI all kernel code including
| modular code must have BTI enabled.
Use their default values for enhanced security.
Signed-off-by: Roland Hieber <rhi@pengutronix.de>
---
configs/platform-v8a/kernelconfig | 9 ++++++---
configs/platform-v8a/platformconfig | 6 +++---
2 files changed, 9 insertions(+), 6 deletions(-)
diff --git a/configs/platform-v8a/kernelconfig b/configs/platform-v8a/kernelconfig
index 0f77dd0f11d8..5a2b6791768c 100644
--- a/configs/platform-v8a/kernelconfig
+++ b/configs/platform-v8a/kernelconfig
@@ -2,10 +2,10 @@
# Automatically generated file; DO NOT EDIT.
# Linux/arm64 5.8 Kernel Configuration
#
-CONFIG_CC_VERSION_TEXT="aarch64-v8a-linux-gnu-gcc (OSELAS.Toolchain-2019.09.1 9-20191130) 9.2.1 20191130"
+CONFIG_CC_VERSION_TEXT="aarch64-v8a-linux-gnu-gcc (OSELAS.Toolchain-2020.08.0 10-20200822) 10.2.1 20200822"
CONFIG_CC_IS_GCC=y
-CONFIG_GCC_VERSION=90201
-CONFIG_LD_VERSION=232000000
+CONFIG_GCC_VERSION=100201
+CONFIG_LD_VERSION=235000000
CONFIG_CLANG_VERSION=0
CONFIG_CC_CAN_LINK=y
CONFIG_CC_CAN_LINK_STATIC=y
@@ -426,9 +426,11 @@ CONFIG_ARM64_CNP=y
#
# ARMv8.3 architectural features
#
+CONFIG_ARM64_PTR_AUTH=y
CONFIG_CC_HAS_BRANCH_PROT_PAC_RET=y
CONFIG_CC_HAS_SIGN_RETURN_ADDRESS=y
CONFIG_AS_HAS_PAC=y
+CONFIG_AS_HAS_CFI_NEGATE_RA_STATE=y
# end of ARMv8.3 architectural features
#
@@ -441,6 +443,7 @@ CONFIG_ARM64_AMU_EXTN=y
# ARMv8.5 architectural features
#
CONFIG_ARM64_BTI=y
+CONFIG_ARM64_BTI_KERNEL=y
CONFIG_CC_HAS_BRANCH_PROT_PAC_RET_BTI=y
CONFIG_ARM64_E0PD=y
CONFIG_ARCH_RANDOM=y
diff --git a/configs/platform-v8a/platformconfig b/configs/platform-v8a/platformconfig
index 32e08456f815..4a929a0ac655 100644
--- a/configs/platform-v8a/platformconfig
+++ b/configs/platform-v8a/platformconfig
@@ -61,11 +61,11 @@ PTXCONF_SYSROOT_CROSS="${PTXDIST_PLATFORMDIR}/sysroot-cross"
#
# toolchain
#
-PTXCONF_CROSSCHAIN_VENDOR="OSELAS.Toolchain-2019.09"
-PTXCONF_CROSSCHAIN_CHECK="9.2.1"
+PTXCONF_CROSSCHAIN_VENDOR="OSELAS.Toolchain-2020.08"
+PTXCONF_CROSSCHAIN_CHECK="10.2.1"
PTXCONF_LIBC_GLIBC=y
# PTXCONF_LIBC_UCLIBC is not set
-PTXCONF_GLIBC_VERSION="2.30"
+PTXCONF_GLIBC_VERSION="2.32"
PTXCONF_GNU_TARGET="aarch64-v8a-linux-gnu"
PTXCONF_COMPILER_PREFIX="${PTXCONF_GNU_TARGET}-"
PTXCONF_COMPILER_PREFIX_KERNEL="${PTXCONF_COMPILER_PREFIX}"
--
2.28.0
_______________________________________________
DistroKit mailing list
DistroKit@pengutronix.de
next prev parent reply other threads:[~2020-08-30 21:32 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-30 21:31 [DistroKit] [PATCH 0/6] update all platforms " Roland Hieber
2020-08-30 21:31 ` [DistroKit] [PATCH 1/6] strace: temporary version bump 5.7 -> 5.8 Roland Hieber
2020-08-30 21:31 ` [DistroKit] [PATCH 2/6] mips: update to OSELAS.Toolchain 2020.08.0 Roland Hieber
2020-08-30 21:32 ` [DistroKit] [PATCH 3/6] rpi: " Roland Hieber
2020-08-30 21:32 ` [DistroKit] [PATCH 4/6] v7a: " Roland Hieber
2020-08-30 21:32 ` Roland Hieber [this message]
2020-08-30 21:32 ` [DistroKit] [PATCH 6/6] x86_64: " Roland Hieber
2020-09-04 12:43 ` [DistroKit] [PATCH 0/6] update all platforms " Robert Schwebel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200830213203.15562-6-rhi@pengutronix.de \
--to=rhi@pengutronix.de \
--cc=distrokit@pengutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox