Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc / d47f9a099a4ef992351237b0f2f562b5dc843397^! / .
commitd47f9a099a4ef992351237b0f2f562b5dc843397[log] [tgz]
authorEd Tanous <edtanous@google.com>Mon Jan 25 13:15:36 2021 -0800
committerBrad Bishop <bradleyb@fuzziesquirrel.com>Wed Jan 27 21:55:07 2021 +0000
treef3feb818bdfb57ddfe1bc6a595e31b3d540b4f49
parentf4a1ba5e78e225e598066c0a61474b943be5385a [diff]
Add security flags to all phosphor builds

Yocto has a built-in class for applying compiler security flags to
builds.  Some security concious projects within OpenBMC set these flags
manually.  We should do this project wide, given that it has a
negligible performance impact, and brings us in line with modern
security requirements.

There are some whitepapers on the specifics of what these flags do,
which is a much better documentation than I am able to write here, but
the key takeaways are that this:
1. Enables position independent code.
2. Enables FORTIFY_SOURCE level 2.
3. Enables -wformat and -wformat-security
4. Enables strong stack protection.

None of these flags should have any change in functional behavior.

Section 4.3 of this doc goes through this file in more detail:
https://www.nccgroup.com/globalassets/our-research/us/whitepapers/2018/improving-embedded-linux-security-yocto3.pdf

croserver/eCMD doesn't currently compile with these flags, so it's
explicitly excluded for the moment.  Patchset has been merged against
eCMD master to fix this, but we're so far behind, the bump doesn't build

obmc-libobmc-intf has an error that I can't quite understand yet about
unused results, which shouldn't have been effected by this, yet it seems
to be related to enabling the security hardening, so it is also excluded
from the security flags for the moment.

libpldm includes an IBM OEM command that relies on undefined behavior with
open() the proposed fix is here, but libpldm is excluded until that is
merged and bumped.
https://gerrit.openbmc-project.xyz/c/openbmc/pldm/+/3998412

Even with those three exceptions, getting a majority of the security flags
enabled on a majority of the repos should be an overall win.

Signed-off-by: Ed Tanous <edtanous@google.com>
Change-Id: I0483b1dbe1123a7beff8c5788363685487fb9c09

diff --git a/meta-phosphor/conf/distro/include/phosphor-defaults.inc b/meta-phosphor/conf/distro/include/phosphor-defaults.inc
index b90f280..d5e07e3 100644
--- a/meta-phosphor/conf/distro/include/phosphor-defaults.inc
+++ b/meta-phosphor/conf/distro/include/phosphor-defaults.inc

@@ -226,6 +226,19 @@
 # phosphor-ipmi-fru-whitelist-native recipe.
 VIRTUAL-RUNTIME_phosphor-ipmi-providers ?= "phosphor-ipmi-fru"
 
+# Set security headers on builds
+require conf/distro/include/security_flags.inc
+
+# Disable security on croserver.
+# Remove if https://github.com/open-power/eCMD/pull/433 is ever merged
+SECURITY_STRINGFORMAT_pn-croserver = ""
+# obmc-libobmc-intf doesn't compile with security flags enabled
+SECURITY_CFLAGS_pn-obmc-libobmc-intf = ""
+
+# remove when https://gerrit.openbmc-project.xyz/c/openbmc/pldm/+/39984
+# is merged and rev bumped
+SECURITY_CFLAGS_pn-pldm = ""
+
 # Set the root password to '0penBmc'
 inherit extrausers