This is an automated email from the ASF dual-hosted git repository.
mssun pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-teaclave.git
The following commit(s) were added to refs/heads/master by this push:
new 0282017 Add security link flags (#575)
0282017 is described below
commit 02820175c25afd245530b1833e59b92ffc132c0b
Author: Mingshen Sun <[email protected]>
AuthorDate: Wed Nov 17 13:46:20 2021 -0800
Add security link flags (#575)
---
cmake/scripts/sgx_link_sign.sh | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/cmake/scripts/sgx_link_sign.sh b/cmake/scripts/sgx_link_sign.sh
index 3c44023..b2e4de7 100755
--- a/cmake/scripts/sgx_link_sign.sh
+++ b/cmake/scripts/sgx_link_sign.sh
@@ -48,7 +48,12 @@ TEACLAVE_LINK_FLAGS="-L${TEACLAVE_OUT_DIR} -lpycomponent
ffi.o -lpypy-c -lsgx_tl
if [ "$TEACLAVE_EXECUTOR_WAMR" == "ON" ]; then
TEACLAVE_LINK_FLAGS+=" -lvmlib"
fi
-ENCLAVE_LINK_FLAGS="-Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles
-L${SGX_LIBRARY_PATH} \
+
+# Enable the security flags
+ENCLAVE_SECURITY_LINK_FLAGS="-Wl,-z,relro,-z,now,-z,noexecstack"
+
+ENCLAVE_LINK_FLAGS="${ENCLAVE_SECURITY_LINK_FLAGS} \
+ -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles
-L${SGX_LIBRARY_PATH} \
-Wl,--whole-archive -l${Trts_Library_Name}
-Wl,--no-whole-archive \
-Wl,--start-group \
-l${Service_Library_Name} -lsgx_tprotected_fs
-lsgx_tkey_exchange \
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
