what options to pass to gcc for support of arm security extensions
Richard Earnshaw
Richard.Earnshaw@foss.arm.com
Mon Aug 10 21:19:00 GMT 2015
On 06/08/15 01:42, Shahin Ansari wrote:
> Thank you so much for the email. I tried all of the switches you suggested,
> and I wanted to share the results with you in hope that you would validate
> what I think is the issue. Also if you can suggest possible remedies, I
> would greatly appreciate it. I started with...
>
> Initial state:
> LOCAL_CFLAGS := -march=armv7-a -mtune=cortex-a15 -D__ASSEMBLY__
> -mabi=aapcs-linux -gdwarf-2 -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs
> -fno-strict-aliasing -fno-common -Werror-implicit-function-declaration
> -Wno-format-security -fno-delete-null-pointer-checks -Os
> -Wno-maybe-uninitialized -marm -fno-dwarf2-cfi-asm -fstack-protector
> -mabi=aapcs-linux -mno-thumb-interwork -funwind-tables
> -D__LINUX_ARM_ARCH__=7 -mcpu=cortex-a15 -msoft-float -Uarm
> -Wframe-larger-than=1024 -Wno-unused-but-set-variable -fomit-frame-pointer
> -g -Wdeclaration-after-statement -Wno-pointer-sign -fno-strict-overflow
> -fconserve-stack -DCC_HAVE_ASM_GOTO
>
> try 1
> I tried removing -march statement out and rely on -mcpu option. So the flags
> I used were:
>
> LOCAL_CFLAGS := -mtune=cortex-a15 -D__ASSEMBLY__ -mabi=aapcs-linux -gdwarf-2
> -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs -fno-strict-aliasing
> -fno-common -Werror-implicit-function-declaration -Wno-format-security
> -fno-delete-null-pointer-checks -Os -Wno-maybe-uninitialized -marm
> -fno-dwarf2-cfi-asm -fstack-protector -mabi=aapcs-linux -mno-thumb-interwork
> -funwind-tables -D__LINUX_ARM_ARCH__=7 -mcpu=cortex-a15 -msoft-float -Uarm
> -Wframe-larger-than=1024 -Wno-unused-but-set-variable -fomit-frame-pointer
> -g -Wdeclaration-after-statement -Wno-pointer-sign -fno-strict-overflow
> -fconserve-stack -DCC_HAVE_ASM_GOTO
>
> result:
> [armeabi-v7a] AsmFilter : hello_tz <= main_normal.s
> [armeabi-v7a] Assembly : hello_tz <= main_normal.filtered.s
> ./obj/local/armeabi-v7a/objs-debug/hello_tz/main_normal.filtered.s:
> Assembler messages:
> ./obj/local/armeabi-v7a/objs-debug/hello_tz/main_normal.filtered.s:16:
> Error: selected processor does not support ARM mode `smc #0'
> make: *** [obj/local/armeabi-v7a/objs-debug/hello_tz/main_normal.o] Error 1
>
> try 2
> I tried to use -march=armv7-a+sec and removed the -mcpu=cortex-a15 statment
> as follows:
>
> LOCAL_CFLAGS := -march=armv7-a+sec -mtune=cortex-a15 -D__ASSEMBLY__
> -mabi=aapcs-linux -gdwarf-2 -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs
> -fno-strict-aliasing -fno-common -Werror-implicit-function-declaration
> -Wno-format-security -fno-delete-null-pointer-checks -Os
> -Wno-maybe-uninitialized -marm -fno-dwarf2-cfi-asm -fstack-protector
> -mabi=aapcs-linux -mno-thumb-interwork -funwind-tables
> -D__LINUX_ARM_ARCH__=7 -msoft-float -Uarm -Wframe-larger-than=1024
> -Wno-unused-but-set-variable -fomit-frame-pointer -g
> -Wdeclaration-after-statement -Wno-pointer-sign -fno-strict-overflow
> -fconserve-stack -DCC_HAVE_ASM_GOTO
>
> Result:
> sansari@ubuntu:~/android/gas$ ndk-build
> jni/Android.mk:6: This is in NDK_ROOT /home/sansari/android/android-ndk-r10d
> [armeabi-v7a] Compile arm : hello_tz <= main_normal.c
> arm-linux-androideabi-gcc: error: unrecognized argument in option
> '-march=armv7-a+sec'
> arm-linux-androideabi-gcc: note: valid arguments to '-march=' are: armv2
> armv2a armv3 armv3m armv4 armv4t armv5 armv5e armv5t armv5te armv6 armv6-m
> armv6j armv6k armv6s-m armv6t2 armv6z armv6zk armv7 armv7-a armv7-m armv7-r
> armv7e-m armv8-a iwmmxt iwmmxt2 native
> make: *** [obj/local/armeabi-v7a/objs-debug/hello_tz/main_normal.s] Error 1
>
> Try 3
> I changed armv7-a+sec to armv7ve as follows:
>
> LOCAL_CFLAGS := -march=armv7ve -mtune=cortex-a15 -D__ASSEMBLY__
> -mabi=aapcs-linux -gdwarf-2 -Wall -Wundef -Wstrict-prototypes -Wno-trigraphs
> -fno-strict-aliasing -fno-common -Werror-implicit-function-declaration
> -Wno-format-security -fno-delete-null-pointer-checks -Os
> -Wno-maybe-uninitialized -marm -fno-dwarf2-cfi-asm -fstack-protector
> -mabi=aapcs-linux -mno-thumb-interwork -funwind-tables
> -D__LINUX_ARM_ARCH__=7 -msoft-float -Uarm -Wframe-larger-than=1024
> -Wno-unused-but-set-variable -fomit-frame-pointer -g
> -Wdeclaration-after-statement -Wno-pointer-sign -fno-strict-overflow
> -fconserve-stack -DCC_HAVE_ASM_GOTO
>
> Result:
>
> jni/Android.mk:6: This is in NDK_ROOT /home/sansari/android/android-ndk-r10d
> [armeabi-v7a] Compile arm : hello_tz <= main_normal.c
> arm-linux-androideabi-gcc: error: unrecognized argument in option
> '-march=armv7ve'
> arm-linux-androideabi-gcc: note: valid arguments to '-march=' are: armv2
> armv2a armv3 armv3m armv4 armv4t armv5 armv5e armv5t armv5te armv6 armv6-m
> armv6j armv6k armv6s-m armv6t2 armv6z armv6zk armv7 armv7-a armv7-m armv7-r
> armv7e-m armv8-a iwmmxt iwmmxt2 native
> make: *** [obj/local/armeabi-v7a/objs-debug/hello_tz/main_normal.s] Error 1
>
> I am starting to agree that the toolchain I am using may not support
> security extension. Do you think I should look into building my own
> toolchain? I have little experience with this, but if it fixes my issue I
> would do it. Do you think the reason for "unrecognized argument errors above
> is lack of support by the toolchain? I think the toolchain I use is provided
> my ndk. It seems to me NDK simply passes the files and switches to gcc; I do
> not see what sort of support may be required here. Do you know of other
> toolchains I can use? I know codesourcery makes toolchains? Do you know of a
> toolchain that supports security extensions, and provides a choice between
> arm and gnu syntax perhaps?
>
> Could this have anything to do with the version of gcc I run? Here is what I
> have:
> sansari@ubuntu:~/android/gas$ gcc -v
> Using built-in specs.
> COLLECT_GCC=gcc
> COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/4.9/lto-wrapper
> Target: x86_64-linux-gnu
> Configured with: ../src/configure -v --with-pkgversion='Ubuntu
> 4.9.2-10ubuntu13' --with-bugurl=file:///usr/share/doc/gcc-4.9/README.Bugs
> --enable-languages=c,c++,java,go,d,fortran,objc,obj-c++ --prefix=/usr
> --program-suffix=-4.9 --enable-shared --enable-linker-build-id
> --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix
> --with-gxx-include-dir=/usr/include/c++/4.9 --libdir=/usr/lib --enable-nls
> --with-sysroot=/ --enable-clocale=gnu --enable-libstdcxx-debug
> --enable-libstdcxx-time=yes --enable-gnu-unique-object
> --disable-vtable-verify --enable-plugin --with-system-zlib
> --disable-browser-plugin --enable-java-awt=gtk --enable-gtk-cairo
> --with-java-home=/usr/lib/jvm/java-1.5.0-gcj-4.9-amd64/jre
> --enable-java-home --with-jvm-root-dir=/usr/lib/jvm/java-1.5.0-gcj-4.9-amd64
> --with-jvm-jar-dir=/usr/lib/jvm-exports/java-1.5.0-gcj-4.9-amd64
> --with-arch-directory=amd64 --with-ecj-jar=/usr/share/java/eclipse-ecj.jar
> --enable-objc-gc --enable-multiarch --disable-werror --with-arch-32=i686
> --with-abi=m64 --with-multilib-list=m32,m64,mx32 --enable-multilib
> --with-tune=generic --enable-checking=release --build=x86_64-linux-gnu
> --host=x86_64-linux-gnu --target=x86_64-linux-gnu
> Thread model: posix
> gcc version 4.9.2 (Ubuntu 4.9.2-10ubuntu13)
This is your host compiler, not the cross compiler for android. You'll
need to run arm-linux-androideabi-gcc, which may be buried somewhere
deep within the android build system.
R.
>
> Please let me know if I should perhaps upgrade it.
>
> -----Original Message-----
> From: gcc-help-owner@gcc.gnu.org [mailto:gcc-help-owner@gcc.gnu.org] On
> Behalf Of Richard Earnshaw
> Sent: Friday, July 31, 2015 10:01 AM
> To: Shahin Ansari <shansari@verizon.net>; gcc-help@gcc.gnu.org
> Subject: Re: what options to pass to gcc for support of arm security
> extensions
>
> My apologies, my statement this morning was not quite accurate.
>
> SMC is only implemented as part of the security extensions feature. As such
> it is not part of the base-line ARMv7-A architecture.
>
> To enable this feature you need to specify -march=armv7-a+sec (provided your
> toolchain supports that). You should also be able to enable it if you build
> with -march=armv7ve (which includes SEC by default), or if you take the
> -march= statement out of the list of options below and rely on picking up
> the architecture from the -mcpu statement (your current command line options
> are slightly in conflict, since Cortex-A15 implements the ARMv7VE version of
> the architecture).
>
> Note that SMC will be treated as undefined if executed from user mode; user
> code cannot call directly into the monitor. But that's a different issue.
>
> Once again, apologies for misleading you earlier.
>
> R.
>
> On 31/07/15 14:10, Shahin Ansari wrote:
>> Thanks. The following are the flags I am using; I do not see what I am
>> doing wrong. Would you have a look?
>> LOCAL_CFLAGS := -march=armv7-a -mtune=cortex-a15 -D__ASSEMBLY__
>> -mabi=aapcs-linux -gdwarf-2 -Wall -Wundef -Wstrict-proto types
>> -Wno-trigraphs -fno-strict-aliasing -fno-common
>> -Werror-implicit-function-declaration -Wno-format-security -fno-de
>> lete-null-pointer-checks -Os -Wno-maybe-uninitialized -marm
>> -fno-dwarf2-cfi-asm -fstack-protector -mabi=aapcs-linux -mno
>> -thumb-interwork -funwind-tables -D__LINUX_ARM_ARCH__=7
>> -mcpu=cortex-a15 -msoft-float -Uarm -Wframe-larger-than=1024 -Wn
>> o-unused-but-set-variable -fomit-frame-pointer -g
>> -Wdeclaration-after-statement -Wno-pointer-sign -fno-strict-overflow -
>> fconserve-stack -DCC_HAVE_ASM_GOTO
>>
>> -----Original Message-----
>> From: gcc-help-owner@gcc.gnu.org [mailto:gcc-help-owner@gcc.gnu.org]
>> On Behalf Of Richard Earnshaw
>> Sent: Friday, July 31, 2015 5:46 AM
>> To: Shahin Ansari <shansari@verizon.net>; gcc-help@gcc.gnu.org
>> Subject: Re: what options to pass to gcc for support of arm security
>> extensions
>>
>> On 30/07/15 20:29, Shahin Ansari wrote:
>>> Greetings-
>>> According to the ARM documentation the SMC call should be supported
>>> at
>>> ARMv6 and above. However, I get the error message below when I try to
>>> use
>> it:
>>>
>>
>> Almost, it's ARMv6Z that introduced the SMC instruction. It will
>> certainly be recognized for ARMv7-a and above.
>>
>> GCC uses the -mcpu= (or if that's not specified the -march=) options
>> from the command line to tell the assembler what instructions should
>> be permitted.
>>
>> R.
>>
>
More information about the Gcc-help
mailing list