From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by mx.groups.io with SMTP id smtpd.web12.1028.1615995564481033712 for ; Wed, 17 Mar 2021 08:39:24 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: arm.com, ip: 217.140.110.172, mailfrom: ross.burton@arm.com) Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id C6D93ED1 for ; Wed, 17 Mar 2021 08:39:22 -0700 (PDT) Received: from oss-tx204.lab.cambridge.arm.com (usa-sjc-imap-foss1.foss.arm.com [10.121.207.14]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 706423F792 for ; Wed, 17 Mar 2021 08:39:22 -0700 (PDT) From: "Ross Burton" To: devel@edk2.groups.io Subject: [PATCH] OvmfPkg: strip build paths in release builds Date: Wed, 17 Mar 2021 15:39:18 +0000 Message-Id: <20210317153918.591140-1-ross.burton@arm.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable GenFw will embed a NM10 section which contains the path to the input file, which means the output files have build paths embedded in them. To reduce information leakage and ensure reproducible builds, pass --zero in release builds to remove this information. Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3D3256 Change-Id: Ie607893b979674e237cf04ead5c7690d7b1aedaf Signed-off-by: Ross Burton --- OvmfPkg/AmdSev/AmdSevX64.dsc | 1 + OvmfPkg/Bhyve/BhyveX64.dsc | 1 + OvmfPkg/OvmfPkgIa32.dsc | 2 ++ OvmfPkg/OvmfPkgIa32X64.dsc | 1 + OvmfPkg/OvmfPkgX64.dsc | 1 + OvmfPkg/OvmfXen.dsc | 1 + 6 files changed, 7 insertions(+) diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc index 65c42284d9..69a05feea9 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc @@ -78,6 +78,7 @@ GCC:*_*_X64_GENFW_FLAGS =3D --keepexceptiontable=0D INTEL:*_*_X64_GENFW_FLAGS =3D --keepexceptiontable=0D !endif=0D + RELEASE_*_*_GENFW_FLAGS =3D --zero=0D =0D #=0D # Disable deprecated APIs.=0D diff --git a/OvmfPkg/Bhyve/BhyveX64.dsc b/OvmfPkg/Bhyve/BhyveX64.dsc index 4a1cdf5aca..132f55cf69 100644 --- a/OvmfPkg/Bhyve/BhyveX64.dsc +++ b/OvmfPkg/Bhyve/BhyveX64.dsc @@ -76,6 +76,7 @@ GCC:*_*_X64_GENFW_FLAGS =3D --keepexceptiontable=0D INTEL:*_*_X64_GENFW_FLAGS =3D --keepexceptiontable=0D !endif=0D + RELEASE_*_*_GENFW_FLAGS =3D --zero=0D =0D #=0D # Disable deprecated APIs.=0D diff --git a/OvmfPkg/OvmfPkgIa32.dsc b/OvmfPkg/OvmfPkgIa32.dsc index 1eaf3e99c6..ce20f09df8 100644 --- a/OvmfPkg/OvmfPkgIa32.dsc +++ b/OvmfPkg/OvmfPkgIa32.dsc @@ -90,6 +90,8 @@ =0D !include NetworkPkg/NetworkBuildOptions.dsc.inc=0D =0D + RELEASE_*_*_GENFW_FLAGS =3D --zero=0D +=0D [BuildOptions.common.EDKII.DXE_RUNTIME_DRIVER]=0D GCC:*_*_*_DLINK_FLAGS =3D -z common-page-size=3D0x1000=0D XCODE:*_*_*_DLINK_FLAGS =3D -seg1addr 0x1000 -segalign 0x1000=0D diff --git a/OvmfPkg/OvmfPkgIa32X64.dsc b/OvmfPkg/OvmfPkgIa32X64.dsc index 4a5a430147..97cc438250 100644 --- a/OvmfPkg/OvmfPkgIa32X64.dsc +++ b/OvmfPkg/OvmfPkgIa32X64.dsc @@ -84,6 +84,7 @@ GCC:*_*_X64_GENFW_FLAGS =3D --keepexceptiontable=0D INTEL:*_*_X64_GENFW_FLAGS =3D --keepexceptiontable=0D !endif=0D + RELEASE_*_*_GENFW_FLAGS =3D --zero=0D =0D #=0D # Disable deprecated APIs.=0D diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc index d4d601b444..f544fb04bf 100644 --- a/OvmfPkg/OvmfPkgX64.dsc +++ b/OvmfPkg/OvmfPkgX64.dsc @@ -84,6 +84,7 @@ GCC:*_*_X64_GENFW_FLAGS =3D --keepexceptiontable=0D INTEL:*_*_X64_GENFW_FLAGS =3D --keepexceptiontable=0D !endif=0D + RELEASE_*_*_GENFW_FLAGS =3D --zero=0D =0D #=0D # Disable deprecated APIs.=0D diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc index 507029404f..fcaa35acf1 100644 --- a/OvmfPkg/OvmfXen.dsc +++ b/OvmfPkg/OvmfXen.dsc @@ -74,6 +74,7 @@ GCC:*_*_X64_GENFW_FLAGS =3D --keepexceptiontable=0D INTEL:*_*_X64_GENFW_FLAGS =3D --keepexceptiontable=0D !endif=0D + RELEASE_*_*_GENFW_FLAGS =3D --zero=0D =0D #=0D # Disable deprecated APIs.=0D --=20 2.25.1