hv: fix symbols not stripped from release binaries

In release environment, binary files must be stripped in
order to remove debugging code sections and symbol information
that aid attackers in the process of disassembly and reverse
engineering.
Use '-s' linking option to remove symbol table and relocation
information from release binaries.

Tracked-On: #3427
Signed-off-by: Tianhua Sun <tianhuax.s.sun@intel.com>
Reviewed-by: Yonghua Huang <yonghua.huang@intel.com>

devicemodel/Makefile

@@ -51,8 +51,11 @@ endif
 
 ifeq ($(RELEASE),0)
 CFLAGS += -DDM_DEBUG
+else
+LDFLAGS += -s
 endif
 
+
 LDFLAGS += -Wl,-z,noexecstack
 LDFLAGS += -Wl,-z,relro,-z,now
 LDFLAGS += -pie

hypervisor/Makefile

@@ -18,6 +18,7 @@ BASEDIR := $(shell pwd)
 HV_OBJDIR ?= $(CURDIR)/build
 HV_FILE := acrn
 SUB_MAKEFILES := $(wildcard */Makefile)
+RELEASE ?= 0
 
 LIB_DEBUG = $(HV_OBJDIR)/debug/libdebug.a
 LIB_RELEASE = $(HV_OBJDIR)/release/librelease.a
@@ -95,6 +96,10 @@ else
 LDFLAGS += -static
 endif
 
+ifeq ($(RELEASE),y)
+LDFLAGS += -s
+endif
+
 ARCH_CFLAGS += -gdwarf-2
 ARCH_ASFLAGS += -gdwarf-2 -DASSEMBLER=1
 ARCH_ARFLAGS +=

tools/acrn-manager/Makefile

@@ -41,6 +41,8 @@ endif
 
 ifeq ($(RELEASE),0)
 MANAGER_CFLAGS += -g -DMNGR_DEBUG
+else
+MANAGER_LDFLAGS += -s
 endif
 
 MANAGER_LDFLAGS := -Wl,-z,noexecstack