[PATCH] firmware: generate __stack_chk_guard at compile time
Anup Patel
anup at brainfault.org
Thu Feb 19 21:23:46 PST 2026
On Sun, Jan 4, 2026 at 12:08 PM Xiang W <wxjstz at 126.com> wrote:
>
> Replace 0x95B5FF5A with a random number generated by Python during
> compilation as the __stack_chk_guard.
>
> Signed-off-by: Xiang W <wangxiang at iscas.ac.cn>
We are trying to support reproducible builds [1] for OpenSBI
firmwares. This patch breaks reproducible builds.
Regards,
Anup
[1] https://en.wikipedia.org/wiki/Reproducible_builds
> ---
> firmware/fw_base.S | 2 +-
> firmware/objects.mk | 7 +++++++
> firmware/payloads/test_head.S | 2 +-
> 3 files changed, 9 insertions(+), 2 deletions(-)
>
> diff --git a/firmware/fw_base.S b/firmware/fw_base.S
> index 63bb4473..040fbd2b 100644
> --- a/firmware/fw_base.S
> +++ b/firmware/fw_base.S
> @@ -779,7 +779,7 @@ __stack_chk_fail:
> .globl __stack_chk_guard
> .type __stack_chk_guard, %object
> __stack_chk_guard:
> - RISCV_PTR 0x95B5FF5A
> + RISCV_PTR STACK_CHK_GUARD
>
> #ifdef FW_FDT_PATH
> .section .rodata
> diff --git a/firmware/objects.mk b/firmware/objects.mk
> index bfec4671..c4dad9ba 100644
> --- a/firmware/objects.mk
> +++ b/firmware/objects.mk
> @@ -75,3 +75,10 @@ else
> stack-protector-cflags-y := -fno-stack-protector
> endif
> firmware-cflags-y += $(stack-protector-cflags-y)
> +
> +ifeq ($(PLATFORM_RISCV_XLEN),32)
> +STACK_CHK_GUARD := $(shell python3 -c 'import random; print(random.randint(1, 0xffffffff))')
> +else
> +STACK_CHK_GUARD := $(shell python3 -c 'import random; print(random.randint(1, 0xffffffffffffffff))')
> +endif
> +firmware-genflags-y += -DSTACK_CHK_GUARD=$(STACK_CHK_GUARD)
> diff --git a/firmware/payloads/test_head.S b/firmware/payloads/test_head.S
> index 9a87e56f..fdc1deb9 100644
> --- a/firmware/payloads/test_head.S
> +++ b/firmware/payloads/test_head.S
> @@ -111,4 +111,4 @@ _boot_a1:
> .globl __stack_chk_guard
> .type __stack_chk_guard, %object
> __stack_chk_guard:
> - RISCV_PTR 0x95B5FF5A
> + RISCV_PTR STACK_CHK_GUARD
> --
> 2.47.3
>
More information about the opensbi
mailing list