mirror of https://github.com/acidanthera/audk.git
cac0955658
This patch updates the GenC logic to generate a random stack cookie value for the stack check libraries. These random values improve security for modules which cannot update the global intrinsics. If the stack cookie value is randomized in the AutoGen.h file each build, the build system will determine the module/library must be rebuilt causing effectively a clean build every time. This also makes binary reproducibility impossible. This patch updates the early build scripts to create 32 and 64-bit JSON files in the build output directory which each contain 100 randomized stack cookie values for each bitwidth. If the JSON files are already present, then they are not recreated which allows them to be stored and moved to other builds for binary reproducibility. Because they are in the build directory, a clean build will cause the values to be regenerated. The logic which creates AutoGen.h will read these JSON files and use a hash of the module GUID (the hash seed is fixed in Basetools) to index into the array of stack cookie values for the module bitwidth. This model is necessary because there isn't thread-consistent data so we cannot use a locking mechanism to ensure only one thread is writing to the stack cookie files at a time. With this model, the build threads only need to read from the files. Signed-off-by: Oliver Smith-Denny <osde@linux.microsoft.com> |
||
|---|---|---|
| .. | ||
| AutoGen.py | ||
| AutoGenWorker.py | ||
| BuildEngine.py | ||
| DataPipe.py | ||
| GenC.py | ||
| GenDepex.py | ||
| GenMake.py | ||
| GenPcdDb.py | ||
| GenVar.py | ||
| IdfClassObject.py | ||
| IncludesAutoGen.py | ||
| InfSectionParser.py | ||
| ModuleAutoGen.py | ||
| ModuleAutoGenHelper.py | ||
| PlatformAutoGen.py | ||
| StrGather.py | ||
| UniClassObject.py | ||
| ValidCheckingInfoObject.py | ||
| WorkspaceAutoGen.py | ||
| __init__.py | ||