hv: fix symbols not stripped from release binaries

In release environment, binary files must be stripped in order to remove debugging code sections and symbol information that aid attackers in the process of disassembly and reverse engineering. Use '-s' linking option to remove symbol table and relocation information from release binaries. Tracked-On: #3427 Signed-off-by: Tianhua Sun <tianhuax.s.sun@intel.com> Reviewed-by: Yonghua Huang <yonghua.huang@intel.com>
2025-06-25 06:51:49 +00:00 · 2019-07-16 10:32:47 +08:00 · 2019-07-16 10:32:47 +08:00 · 749556ef12
commit 749556ef12
parent 5530fc8f36
3 changed files with 10 additions and 0 deletions
--- a/devicemodel/Makefile
+++ b/devicemodel/Makefile
@ -51,8 +51,11 @@ endif

 ifeq ($(RELEASE),0)
 CFLAGS += -DDM_DEBUG
+else
+LDFLAGS += -s
 endif

+
 LDFLAGS += -Wl,-z,noexecstack
 LDFLAGS += -Wl,-z,relro,-z,now
 LDFLAGS += -pie
--- a/hypervisor/Makefile
+++ b/hypervisor/Makefile
@ -18,6 +18,7 @@ BASEDIR := $(shell pwd)
 HV_OBJDIR ?= $(CURDIR)/build
 HV_FILE := acrn
 SUB_MAKEFILES := $(wildcard */Makefile)
+RELEASE ?= 0

 LIB_DEBUG = $(HV_OBJDIR)/debug/libdebug.a
 LIB_RELEASE = $(HV_OBJDIR)/release/librelease.a
@ -95,6 +96,10 @@ else
 LDFLAGS += -static
 endif

+ifeq ($(RELEASE),y)
+LDFLAGS += -s
+endif
+
 ARCH_CFLAGS += -gdwarf-2
 ARCH_ASFLAGS += -gdwarf-2 -DASSEMBLER=1
 ARCH_ARFLAGS +=
--- a/tools/acrn-manager/Makefile
+++ b/tools/acrn-manager/Makefile
@ -41,6 +41,8 @@ endif

 ifeq ($(RELEASE),0)
 MANAGER_CFLAGS += -g -DMNGR_DEBUG
+else
+MANAGER_LDFLAGS += -s
 endif

 MANAGER_LDFLAGS := -Wl,-z,noexecstack