hv: fix symbols not stripped from release binaries

In release environment, binary files must be stripped in order to remove debugging code sections and symbol information that aid attackers in the process of disassembly and reverse engineering. Use '-s' linking option to remove symbol table and relocation information from release binaries. Tracked-On: #3427 Signed-off-by: Tianhua Sun <tianhuax.s.sun@intel.com> Reviewed-by: Yonghua Huang <yonghua.huang@intel.com>
2025-08-08 03:35:14 +00:00 · 2019-07-16 10:32:47 +08:00 · 2019-07-16 10:32:47 +08:00 · 796ac55016
commit 796ac55016
parent 63e258bd01
3 changed files with 10 additions and 0 deletions
--- a/devicemodel/Makefile
+++ b/devicemodel/Makefile
@ -51,8 +51,11 @@ endif

 ifeq ($(RELEASE),0)
 CFLAGS += -DDM_DEBUG
+else
+LDFLAGS += -s
 endif

+
 LDFLAGS += -Wl,-z,noexecstack
 LDFLAGS += -Wl,-z,relro,-z,now
 LDFLAGS += -pie
--- a/hypervisor/Makefile
+++ b/hypervisor/Makefile
@ -19,6 +19,7 @@ HV_OBJDIR ?= $(CURDIR)/build
 HV_MODDIR ?= $(HV_OBJDIR)/modules
 HV_FILE := acrn
 SUB_MAKEFILES := $(wildcard */Makefile)
+RELEASE ?= 0

 LIB_MOD = $(HV_MODDIR)/lib_mod.a
 BOOT_MOD = $(HV_MODDIR)/boot_mod.a
@ -108,6 +109,10 @@ else
 LDFLAGS += -static
 endif

+ifeq ($(RELEASE),y)
+LDFLAGS += -s
+endif
+
 ARCH_CFLAGS += -gdwarf-2
 ARCH_ASFLAGS += -gdwarf-2 -DASSEMBLER=1
 ARCH_ARFLAGS +=
--- a/tools/acrn-manager/Makefile
+++ b/tools/acrn-manager/Makefile
@ -49,6 +49,8 @@ endif

 ifeq ($(RELEASE),0)
 MANAGER_CFLAGS += -g -DMNGR_DEBUG
+else
+MANAGER_LDFLAGS += -s
 endif

 MANAGER_LDFLAGS := -Wl,-z,noexecstack