From 2f9b98535ef6760e0fcbde879b25cbab42c96105 Mon Sep 17 00:00:00 2001
From: Vadim Sukhomlinov <sukhomlinov@google.com>
Date: Thu, 13 Apr 2023 19:00:39 -0700
Subject: cr50: set compiler options to ensure reproducible FIPS module

As per b/277777628 FIPS module build depends on value of `CC` env var,
which is not a desirable behavior.

1. Add -fconserve-stack to FIPS module builds explicitly to make sure
   its digest is same as reported and doesn't depend on environment.
2. gcc specific option moved to core/cortex-m/build.mk
3. Verified that binutils workaround is still needed (b/238039591)

BUG=b:277777628, b:238039591
TEST=make BOARD=cr50; tpm_test.py, FIPS digest is the same

Change-Id: I664cee178de400efed3fe2e06b9b4b72f6ce6067
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/4425068
Commit-Queue: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Mary Ruthven <mruthven@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Code-Coverage: Vadim Sukhomlinov <sukhomlinov@chromium.org>
---
 Makefile.toolchain     | 7 -------
 board/cr50/build.mk    | 2 +-
 core/cortex-m/build.mk | 4 ++++
 3 files changed, 5 insertions(+), 8 deletions(-)

diff --git a/Makefile.toolchain b/Makefile.toolchain
index c0ffc5a715..27d40a80ee 100644
--- a/Makefile.toolchain
+++ b/Makefile.toolchain
@@ -102,13 +102,6 @@ CFLAGS=$(CPPFLAGS) $(CFLAGS_CPU) $(CFLAGS_DEBUG) $(COMMON_WARN) $(CFLAGS_y)
 CFLAGS+= -ffunction-sections -fshort-wchar
 CFLAGS+= -fno-delete-null-pointer-checks
 CFLAGS+= -fno-PIC
-ifneq ($(cc-name),clang)
-CFLAGS+= -ffat-lto-objects
-CFLAGS+= -fconserve-stack
-# Disable assembler warnings
-# TODO (b/238039591) Remove this when binutils updates to 2.37+
-CFLAGS+= -Wa,-W
-endif
 CFLAGS+=$(CFLAGS_CHIP) $(CFLAGS_BOARD)
 
 CXXFLAGS+=-DPROTOBUF_INLINE_NOT_IN_HEADERS=0
diff --git a/board/cr50/build.mk b/board/cr50/build.mk
index a62a43bd1e..45301733f9 100644
--- a/board/cr50/build.mk
+++ b/board/cr50/build.mk
@@ -201,7 +201,7 @@ FIPS_MODULE=dcrypto/fips_module.o
 FIPS_LD_SCRIPT=$(BDIR)/dcrypto/fips_module.ld
 RW_FIPS_OBJS=$(patsubst %.o, $(RW_BD_OUT)/%.o, $(fips-y))
 $(RW_FIPS_OBJS): CFLAGS += -frandom-seed=0 -fno-fat-lto-objects -Wswitch\
-			   -Wsign-compare -Wuninitialized
+			   -Wsign-compare -Wuninitialized -fconserve-stack
 
 $(RW_FIPS_OBJS): | $(out)/ec_version.h $(out)/env_config.h
 rw_board_deps := $(addsuffix .d, $(RW_FIPS_OBJS))
diff --git a/core/cortex-m/build.mk b/core/cortex-m/build.mk
index b18d01e114..cf2d851c77 100644
--- a/core/cortex-m/build.mk
+++ b/core/cortex-m/build.mk
@@ -34,6 +34,10 @@ CFLAGS_CPU += -fno-ipa-modref
 
 # Set an option to force LTO to generate target machine code
 export CFLAGS_LTO_PARTIAL_LINK := -flinker-output=nolto-rel
+# -ffat-lto-objects is a workaround for b/134623681
+# Disable assembler warnings
+# TODO (b/238039591) Remove `-Wa,W` when binutils is fixed.
+CFLAGS_CPU += -Wa,-W -ffat-lto-objects -fconserve-stack
 endif
 
 core-y=cpu.o init.o ldivmod.o llsr.o uldivmod.o vecttable.o
-- 
cgit v1.2.1