what options to pass to gcc for support of arm security extensions
Shahin Ansari
shansari@verizon.net
Thu Aug 6 00:42:00 GMT 2015
Thank you so much for the email. I tried all of the switches you suggested,
and I wanted to share the results with you in hope that you would validate
what I think is the issue. Also if you can suggest possible remedies, I
would greatly appreciate it. I started with...
Initial state:
LOCAL_CFLAGS := -march=armv7-a -mtune=cortex-a15 -D__ASSEMBLY__
-mabi=aapcs-linux -gdwarf-2 -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs
-fno-strict-aliasing -fno-common -Werror-implicit-function-declaration
-Wno-format-security -fno-delete-null-pointer-checks -Os
-Wno-maybe-uninitialized -marm -fno-dwarf2-cfi-asm -fstack-protector
-mabi=aapcs-linux -mno-thumb-interwork -funwind-tables
-D__LINUX_ARM_ARCH__=7 -mcpu=cortex-a15 -msoft-float -Uarm
-Wframe-larger-than=1024 -Wno-unused-but-set-variable -fomit-frame-pointer
-g -Wdeclaration-after-statement -Wno-pointer-sign -fno-strict-overflow
-fconserve-stack -DCC_HAVE_ASM_GOTO
try 1
I tried removing -march statement out and rely on -mcpu option. So the flags
I used were:
LOCAL_CFLAGS := -mtune=cortex-a15 -D__ASSEMBLY__ -mabi=aapcs-linux -gdwarf-2
-Wall -Wundef -Wstrict-prototypes -Wno-trigraphs -fno-strict-aliasing
-fno-common -Werror-implicit-function-declaration -Wno-format-security
-fno-delete-null-pointer-checks -Os -Wno-maybe-uninitialized -marm
-fno-dwarf2-cfi-asm -fstack-protector -mabi=aapcs-linux -mno-thumb-interwork
-funwind-tables -D__LINUX_ARM_ARCH__=7 -mcpu=cortex-a15 -msoft-float -Uarm
-Wframe-larger-than=1024 -Wno-unused-but-set-variable -fomit-frame-pointer
-g -Wdeclaration-after-statement -Wno-pointer-sign -fno-strict-overflow
-fconserve-stack -DCC_HAVE_ASM_GOTO
result:
[armeabi-v7a] AsmFilter : hello_tz <= main_normal.s
[armeabi-v7a] Assembly : hello_tz <= main_normal.filtered.s
./obj/local/armeabi-v7a/objs-debug/hello_tz/main_normal.filtered.s:
Assembler messages:
./obj/local/armeabi-v7a/objs-debug/hello_tz/main_normal.filtered.s:16:
Error: selected processor does not support ARM mode `smc #0'
make: *** [obj/local/armeabi-v7a/objs-debug/hello_tz/main_normal.o] Error 1
try 2
I tried to use -march=armv7-a+sec and removed the -mcpu=cortex-a15 statment
as follows:
LOCAL_CFLAGS := -march=armv7-a+sec -mtune=cortex-a15 -D__ASSEMBLY__
-mabi=aapcs-linux -gdwarf-2 -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs
-fno-strict-aliasing -fno-common -Werror-implicit-function-declaration
-Wno-format-security -fno-delete-null-pointer-checks -Os
-Wno-maybe-uninitialized -marm -fno-dwarf2-cfi-asm -fstack-protector
-mabi=aapcs-linux -mno-thumb-interwork -funwind-tables
-D__LINUX_ARM_ARCH__=7 -msoft-float -Uarm -Wframe-larger-than=1024
-Wno-unused-but-set-variable -fomit-frame-pointer -g
-Wdeclaration-after-statement -Wno-pointer-sign -fno-strict-overflow
-fconserve-stack -DCC_HAVE_ASM_GOTO
Result:
sansari@ubuntu:~/android/gas$ ndk-build
jni/Android.mk:6: This is in NDK_ROOT /home/sansari/android/android-ndk-r10d
[armeabi-v7a] Compile arm : hello_tz <= main_normal.c
arm-linux-androideabi-gcc: error: unrecognized argument in option
'-march=armv7-a+sec'
arm-linux-androideabi-gcc: note: valid arguments to '-march=' are: armv2
armv2a armv3 armv3m armv4 armv4t armv5 armv5e armv5t armv5te armv6 armv6-m
armv6j armv6k armv6s-m armv6t2 armv6z armv6zk armv7 armv7-a armv7-m armv7-r
armv7e-m armv8-a iwmmxt iwmmxt2 native
make: *** [obj/local/armeabi-v7a/objs-debug/hello_tz/main_normal.s] Error 1
Try 3
I changed armv7-a+sec to armv7ve as follows:
LOCAL_CFLAGS := -march=armv7ve -mtune=cortex-a15 -D__ASSEMBLY__
-mabi=aapcs-linux -gdwarf-2 -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs
-fno-strict-aliasing -fno-common -Werror-implicit-function-declaration
-Wno-format-security -fno-delete-null-pointer-checks -Os
-Wno-maybe-uninitialized -marm -fno-dwarf2-cfi-asm -fstack-protector
-mabi=aapcs-linux -mno-thumb-interwork -funwind-tables
-D__LINUX_ARM_ARCH__=7 -msoft-float -Uarm -Wframe-larger-than=1024
-Wno-unused-but-set-variable -fomit-frame-pointer -g
-Wdeclaration-after-statement -Wno-pointer-sign -fno-strict-overflow
-fconserve-stack -DCC_HAVE_ASM_GOTO
Result:
jni/Android.mk:6: This is in NDK_ROOT /home/sansari/android/android-ndk-r10d
[armeabi-v7a] Compile arm : hello_tz <= main_normal.c
arm-linux-androideabi-gcc: error: unrecognized argument in option
'-march=armv7ve'
arm-linux-androideabi-gcc: note: valid arguments to '-march=' are: armv2
armv2a armv3 armv3m armv4 armv4t armv5 armv5e armv5t armv5te armv6 armv6-m
armv6j armv6k armv6s-m armv6t2 armv6z armv6zk armv7 armv7-a armv7-m armv7-r
armv7e-m armv8-a iwmmxt iwmmxt2 native
make: *** [obj/local/armeabi-v7a/objs-debug/hello_tz/main_normal.s] Error 1
I am starting to agree that the toolchain I am using may not support
security extension. Do you think I should look into building my own
toolchain? I have little experience with this, but if it fixes my issue I
would do it. Do you think the reason for "unrecognized argument errors above
is lack of support by the toolchain? I think the toolchain I use is provided
my ndk. It seems to me NDK simply passes the files and switches to gcc; I do
not see what sort of support may be required here. Do you know of other
toolchains I can use? I know codesourcery makes toolchains? Do you know of a
toolchain that supports security extensions, and provides a choice between
arm and gnu syntax perhaps?
Could this have anything to do with the version of gcc I run? Here is what I
have:
sansari@ubuntu:~/android/gas$ gcc -v
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/4.9/lto-wrapper
Target: x86_64-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Ubuntu
4.9.2-10ubuntu13' --with-bugurl=file:///usr/share/doc/gcc-4.9/README.Bugs
--enable-languages=c,c++,java,go,d,fortran,objc,obj-c++ --prefix=/usr
--program-suffix=-4.9 --enable-shared --enable-linker-build-id
--libexecdir=/usr/lib --without-included-gettext --enable-threads=posix
--with-gxx-include-dir=/usr/include/c++/4.9 --libdir=/usr/lib --enable-nls
--with-sysroot=/ --enable-clocale=gnu --enable-libstdcxx-debug
--enable-libstdcxx-time=yes --enable-gnu-unique-object
--disable-vtable-verify --enable-plugin --with-system-zlib
--disable-browser-plugin --enable-java-awt=gtk --enable-gtk-cairo
--with-java-home=/usr/lib/jvm/java-1.5.0-gcj-4.9-amd64/jre
--enable-java-home --with-jvm-root-dir=/usr/lib/jvm/java-1.5.0-gcj-4.9-amd64
--with-jvm-jar-dir=/usr/lib/jvm-exports/java-1.5.0-gcj-4.9-amd64
--with-arch-directory=amd64 --with-ecj-jar=/usr/share/java/eclipse-ecj.jar
--enable-objc-gc --enable-multiarch --disable-werror --with-arch-32=i686
--with-abi=m64 --with-multilib-list=m32,m64,mx32 --enable-multilib
--with-tune=generic --enable-checking=release --build=x86_64-linux-gnu
--host=x86_64-linux-gnu --target=x86_64-linux-gnu
Thread model: posix
gcc version 4.9.2 (Ubuntu 4.9.2-10ubuntu13)
Please let me know if I should perhaps upgrade it.
-----Original Message-----
From: gcc-help-owner@gcc.gnu.org [mailto:gcc-help-owner@gcc.gnu.org] On
Behalf Of Richard Earnshaw
Sent: Friday, July 31, 2015 10:01 AM
To: Shahin Ansari <shansari@verizon.net>; gcc-help@gcc.gnu.org
Subject: Re: what options to pass to gcc for support of arm security
extensions
My apologies, my statement this morning was not quite accurate.
SMC is only implemented as part of the security extensions feature. As such
it is not part of the base-line ARMv7-A architecture.
To enable this feature you need to specify -march=armv7-a+sec (provided your
toolchain supports that). You should also be able to enable it if you build
with -march=armv7ve (which includes SEC by default), or if you take the
-march= statement out of the list of options below and rely on picking up
the architecture from the -mcpu statement (your current command line options
are slightly in conflict, since Cortex-A15 implements the ARMv7VE version of
the architecture).
Note that SMC will be treated as undefined if executed from user mode; user
code cannot call directly into the monitor. But that's a different issue.
Once again, apologies for misleading you earlier.
R.
On 31/07/15 14:10, Shahin Ansari wrote:
> Thanks. The following are the flags I am using; I do not see what I am
> doing wrong. Would you have a look?
> LOCAL_CFLAGS := -march=armv7-a -mtune=cortex-a15 -D__ASSEMBLY__
> -mabi=aapcs-linux -gdwarf-2 -Wall -Wundef -Wstrict-proto types
> -Wno-trigraphs -fno-strict-aliasing -fno-common
> -Werror-implicit-function-declaration -Wno-format-security -fno-de
> lete-null-pointer-checks -Os -Wno-maybe-uninitialized -marm
> -fno-dwarf2-cfi-asm -fstack-protector -mabi=aapcs-linux -mno
> -thumb-interwork -funwind-tables -D__LINUX_ARM_ARCH__=7
> -mcpu=cortex-a15 -msoft-float -Uarm -Wframe-larger-than=1024 -Wn
> o-unused-but-set-variable -fomit-frame-pointer -g
> -Wdeclaration-after-statement -Wno-pointer-sign -fno-strict-overflow -
> fconserve-stack -DCC_HAVE_ASM_GOTO
>
> -----Original Message-----
> From: gcc-help-owner@gcc.gnu.org [mailto:gcc-help-owner@gcc.gnu.org]
> On Behalf Of Richard Earnshaw
> Sent: Friday, July 31, 2015 5:46 AM
> To: Shahin Ansari <shansari@verizon.net>; gcc-help@gcc.gnu.org
> Subject: Re: what options to pass to gcc for support of arm security
> extensions
>
> On 30/07/15 20:29, Shahin Ansari wrote:
>> Greetings-
>> According to the ARM documentation the SMC call should be supported
>> at
>> ARMv6 and above. However, I get the error message below when I try to
>> use
> it:
>>
>
> Almost, it's ARMv6Z that introduced the SMC instruction. It will
> certainly be recognized for ARMv7-a and above.
>
> GCC uses the -mcpu= (or if that's not specified the -march=) options
> from the command line to tell the assembler what instructions should
> be permitted.
>
> R.
>
More information about the Gcc-help
mailing list