Enable ASLR by default
With this patch both CFG_TA_ASLR and CFG_CORE_ASLR are set to 'y' by
default.
Removes CFG_TA_ASLR?=y for plat-hikey and plat-vexpress (qemu_virt).
If the current platform doesn't use CFG_DT=y and hasn't overridden
get_aslr_seed() a warning message will be printed on the secure uart and
execution will resume with the default load address.
Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
diff --git a/core/arch/arm/plat-hikey/conf.mk b/core/arch/arm/plat-hikey/conf.mk
index ddd1767..b5dc574 100644
--- a/core/arch/arm/plat-hikey/conf.mk
+++ b/core/arch/arm/plat-hikey/conf.mk
@@ -52,7 +52,6 @@
CFG_CONSOLE_UART ?= 6
CFG_DRAM_SIZE_GB ?= 3
CFG_CORE_BGET_BESTFIT ?= y
-CFG_TA_ASLR ?= y
ifeq ($(CFG_ARM32_core),y)
CFG_ASAN_SHADOW_OFFSET ?= 0x372E38E0
endif
diff --git a/core/arch/arm/plat-vexpress/conf.mk b/core/arch/arm/plat-vexpress/conf.mk
index e28c6d7..e8a9560 100644
--- a/core/arch/arm/plat-vexpress/conf.mk
+++ b/core/arch/arm/plat-vexpress/conf.mk
@@ -88,7 +88,6 @@
$(call force,CFG_PSCI_ARM32,y)
$(call force,CFG_DT,y)
CFG_DTB_MAX_SIZE ?= 0x100000
-CFG_TA_ASLR ?= y
endif
ifeq ($(PLATFORM_FLAVOR),qemu_armv8a)
diff --git a/mk/config.mk b/mk/config.mk
index 258ea75..ff70438 100644
--- a/mk/config.mk
+++ b/mk/config.mk
@@ -213,7 +213,7 @@
# When this flag is enabled, the ELF loader will introduce a random offset
# when mapping the application in user space. ASLR makes the exploitation of
# memory corruption vulnerabilities more difficult.
-CFG_TA_ASLR ?= n
+CFG_TA_ASLR ?= y
# How much ASLR may shift the base address (in pages). The base address is
# randomly shifted by an integer number of pages comprised between these two
@@ -227,7 +227,7 @@
# When this flag is enabled, the early init code will introduce a random
# offset when mapping TEE Core. ASLR makes the exploitation of memory
# corruption vulnerabilities more difficult.
-CFG_CORE_ASLR ?= n
+CFG_CORE_ASLR ?= y
# Load user TAs from the REE filesystem via tee-supplicant
CFG_REE_FS_TA ?= y
