hv: fix symbols not stripped from release binaries

In release environment, binary files must be stripped in order to remove debugging code sections and symbol information that aid attackers in the process of disassembly and reverse engineering. Use '-s' linking option to remove symbol table and relocation information from release binaries. Tracked-On: #3427 Signed-off-by: Tianhua Sun <[email protected]> Reviewed-by: Yonghua Huang <[email protected]>
projectacrn · Jul 19, 2019 · 749556e · 749556e
1 parent 5530fc8
commit 749556e
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 0 deletions.
diff --git a/devicemodel/Makefile b/devicemodel/Makefile
@@ -51,8 +51,11 @@ endif
 
 ifeq ($(RELEASE),0)
 CFLAGS += -DDM_DEBUG
+else
+LDFLAGS += -s
 endif
 
+
 LDFLAGS += -Wl,-z,noexecstack
 LDFLAGS += -Wl,-z,relro,-z,now
 LDFLAGS += -pie

diff --git a/hypervisor/Makefile b/hypervisor/Makefile
@@ -18,6 +18,7 @@ BASEDIR := $(shell pwd)
 HV_OBJDIR ?= $(CURDIR)/build
 HV_FILE := acrn
 SUB_MAKEFILES := $(wildcard */Makefile)
+RELEASE ?= 0
 
 LIB_DEBUG = $(HV_OBJDIR)/debug/libdebug.a
 LIB_RELEASE = $(HV_OBJDIR)/release/librelease.a
@@ -95,6 +96,10 @@ else
 LDFLAGS += -static
 endif
 
+ifeq ($(RELEASE),y)
+LDFLAGS += -s
+endif
+
 ARCH_CFLAGS += -gdwarf-2
 ARCH_ASFLAGS += -gdwarf-2 -DASSEMBLER=1
 ARCH_ARFLAGS +=

diff --git a/tools/acrn-manager/Makefile b/tools/acrn-manager/Makefile
@@ -41,6 +41,8 @@ endif
 
 ifeq ($(RELEASE),0)
 MANAGER_CFLAGS += -g -DMNGR_DEBUG
+else
+MANAGER_LDFLAGS += -s
 endif
 
 MANAGER_LDFLAGS := -Wl,-z,noexecstack