diff --git a/ArmPkg/ArmPkg.dsc b/ArmPkg/ArmPkg.dsc index 041751e36830..fde91a4efed6 100644 --- a/ArmPkg/ArmPkg.dsc +++ b/ArmPkg/ArmPkg.dsc @@ -93,8 +93,7 @@ OemMiscLib|ArmPkg/Universal/Smbios/OemMiscLibNull/OemMiscLibNull.inf -[LibraryClasses.common.SEC] - # ARM platforms have SEC modules with standard entry points, so we can generically link StackCheckLib + # Provides Stack Cookie Implementation NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf [LibraryClasses.common.PEIM] diff --git a/ArmPkg/Drivers/ArmCrashDumpDxe/ArmCrashDumpDxe.dsc b/ArmPkg/Drivers/ArmCrashDumpDxe/ArmCrashDumpDxe.dsc index 28ebe68b417e..b519dc8cc755 100644 --- a/ArmPkg/Drivers/ArmCrashDumpDxe/ArmCrashDumpDxe.dsc +++ b/ArmPkg/Drivers/ArmCrashDumpDxe/ArmCrashDumpDxe.dsc @@ -43,5 +43,8 @@ UefiLib|MdePkg/Library/UefiLib/UefiLib.inf UefiRuntimeServicesTableLib|MdePkg/Library/UefiRuntimeServicesTableLib/UefiRuntimeServicesTableLib.inf + # Provides Stack Cookie Implementation + NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf + [Components.common] ArmPkg/Drivers/ArmCrashDumpDxe/ArmCrashDumpDxe.inf diff --git a/ArmVirtPkg/ArmVirt.dsc.inc b/ArmVirtPkg/ArmVirt.dsc.inc index 890a056cd018..7a66dd013958 100644 --- a/ArmVirtPkg/ArmVirt.dsc.inc +++ b/ArmVirtPkg/ArmVirt.dsc.inc @@ -168,6 +168,9 @@ ReportStatusCodeLib|MdePkg/Library/BaseReportStatusCodeLibNull/BaseReportStatusCodeLibNull.inf + # Provides Stack Cookie Implementation + NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf + [LibraryClasses.common.SEC] PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf @@ -182,9 +185,6 @@ DebugLib|ArmVirtPkg/Library/DebugLibFdtPL011Uart/DebugLibFdtPL011UartFlash.inf !endif - # ARM platforms have SEC modules with standard entry points, so we can generically link StackCheckLib - NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf - [LibraryClasses.common.PEI_CORE] PcdLib|MdePkg/Library/PeiPcdLib/PeiPcdLib.inf BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf diff --git a/CryptoPkg/CryptoPkg.dsc b/CryptoPkg/CryptoPkg.dsc index f23fb6f945e1..481ef533d826 100644 --- a/CryptoPkg/CryptoPkg.dsc +++ b/CryptoPkg/CryptoPkg.dsc @@ -112,6 +112,9 @@ OpensslLib|CryptoPkg/Library/OpensslLib/OpensslLib.inf IntrinsicLib|CryptoPkg/Library/IntrinsicLib/IntrinsicLib.inf + # Provides Stack Cookie Implementation + NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf + [LibraryClasses.IA32, LibraryClasses.X64, LibraryClasses.AARCH64] RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf @@ -124,8 +127,6 @@ [LibraryClasses.common.SEC] BaseCryptLib|CryptoPkg/Library/BaseCryptLib/SecCryptLib.inf TlsLib|CryptoPkg/Library/TlsLibNull/TlsLibNull.inf - # StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules - NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf [LibraryClasses.common.PEIM] PeimEntryPoint|MdePkg/Library/PeimEntryPoint/PeimEntryPoint.inf diff --git a/CryptoPkg/CryptoPkgMbedTls.dsc b/CryptoPkg/CryptoPkgMbedTls.dsc index 17f41c4f3612..49e3b1012a49 100644 --- a/CryptoPkg/CryptoPkgMbedTls.dsc +++ b/CryptoPkg/CryptoPkgMbedTls.dsc @@ -51,6 +51,9 @@ RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf SynchronizationLib|MdePkg/Library/BaseSynchronizationLib/BaseSynchronizationLib.inf + # Provides Stack Cookie Implementation + NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf + [LibraryClasses.common.PEIM] PeimEntryPoint|MdePkg/Library/PeimEntryPoint/PeimEntryPoint.inf MemoryAllocationLib|MdePkg/Library/PeiMemoryAllocationLib/PeiMemoryAllocationLib.inf diff --git a/DynamicTablesPkg/DynamicTablesPkg.dsc b/DynamicTablesPkg/DynamicTablesPkg.dsc index 8cac9d579e37..cdf7cd6cbb58 100644 --- a/DynamicTablesPkg/DynamicTablesPkg.dsc +++ b/DynamicTablesPkg/DynamicTablesPkg.dsc @@ -34,8 +34,7 @@ UefiBootServicesTableLib|MdePkg/Library/UefiBootServicesTableLib/UefiBootServicesTableLib.inf UefiDriverEntryPoint|MdePkg/Library/UefiDriverEntryPoint/UefiDriverEntryPoint.inf -# StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules -[LibraryClasses.common.SEC] + # Provides Stack Cookie Implementation NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf [LibraryClasses.ARM, LibraryClasses.AARCH64] diff --git a/EmbeddedPkg/EmbeddedPkg.dsc b/EmbeddedPkg/EmbeddedPkg.dsc index 503d7cc6d506..92be5c752468 100644 --- a/EmbeddedPkg/EmbeddedPkg.dsc +++ b/EmbeddedPkg/EmbeddedPkg.dsc @@ -107,6 +107,9 @@ TimeBaseLib|EmbeddedPkg/Library/TimeBaseLib/TimeBaseLib.inf + # Provides Stack Cookie Implementation + NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf + [LibraryClasses.common.DXE_DRIVER] PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf ReportStatusCodeLib|MdeModulePkg/Library/DxeReportStatusCodeLib/DxeReportStatusCodeLib.inf @@ -122,8 +125,6 @@ [LibraryClasses.common.SEC] ExtractGuidedSectionLib|EmbeddedPkg/Library/PrePiExtractGuidedSectionLib/PrePiExtractGuidedSectionLib.inf - # StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules - NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf [LibraryClasses.ARM, LibraryClasses.AARCH64] ArmGicLib|ArmPkg/Drivers/ArmGic/ArmGicLib.inf diff --git a/EmulatorPkg/EmulatorPkg.dsc b/EmulatorPkg/EmulatorPkg.dsc index e4bf3ce4165e..378decf5e238 100644 --- a/EmulatorPkg/EmulatorPkg.dsc +++ b/EmulatorPkg/EmulatorPkg.dsc @@ -142,6 +142,9 @@ AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf !endif + # Provides Stack Cookie Implementation + NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf + [LibraryClasses.common.SEC] PeiServicesLib|EmulatorPkg/Library/SecPeiServicesLib/SecPeiServicesLib.inf PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf @@ -151,8 +154,6 @@ PpiListLib|EmulatorPkg/Library/SecPpiListLib/SecPpiListLib.inf DebugLib|MdePkg/Library/BaseDebugLibSerialPort/BaseDebugLibSerialPort.inf TimerLib|EmulatorPkg/Library/PeiTimerLib/PeiTimerLib.inf - # StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules - NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf [LibraryClasses.common.USER_DEFINED, LibraryClasses.common.BASE] DebugLib|MdePkg/Library/BaseDebugLibNull/BaseDebugLibNull.inf diff --git a/FatPkg/FatPkg.dsc b/FatPkg/FatPkg.dsc index 76dddaa6907e..553d2541606f 100644 --- a/FatPkg/FatPkg.dsc +++ b/FatPkg/FatPkg.dsc @@ -49,8 +49,7 @@ DebugPrintErrorLevelLib|MdePkg/Library/BaseDebugPrintErrorLevelLib/BaseDebugPrintErrorLevelLib.inf DevicePathLib|MdePkg/Library/UefiDevicePathLib/UefiDevicePathLib.inf -# StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules -[LibraryClasses.common.SEC] + # Provides Stack Cookie Implementation NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf [LibraryClasses.common.PEIM] diff --git a/FmpDevicePkg/FmpDevicePkg.dsc b/FmpDevicePkg/FmpDevicePkg.dsc index c38cbc480b72..7df46f940780 100644 --- a/FmpDevicePkg/FmpDevicePkg.dsc +++ b/FmpDevicePkg/FmpDevicePkg.dsc @@ -72,8 +72,7 @@ FmpDependencyDeviceLib|FmpDevicePkg/Library/FmpDependencyDeviceLibNull/FmpDependencyDeviceLibNull.inf TimerLib|MdePkg/Library/BaseTimerLibNullTemplate/BaseTimerLibNullTemplate.inf -# StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules -[LibraryClasses.common.SEC] + # Provides Stack Cookie Implementation NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf [LibraryClasses.ARM] diff --git a/IntelFsp2Pkg/IntelFsp2Pkg.dsc b/IntelFsp2Pkg/IntelFsp2Pkg.dsc index ea61c5d9b447..0a5b552af460 100644 --- a/IntelFsp2Pkg/IntelFsp2Pkg.dsc +++ b/IntelFsp2Pkg/IntelFsp2Pkg.dsc @@ -46,8 +46,7 @@ FspSecPlatformLib|IntelFsp2Pkg/Library/SecFspSecPlatformLibNull/SecFspSecPlatformLibNull.inf FspMultiPhaseLib|IntelFsp2Pkg/Library/BaseFspMultiPhaseLib/BaseFspMultiPhaseLib.inf -# StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules -[LibraryClasses.common.SEC] + # Provides Stack Cookie Implementation NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf [LibraryClasses.common.PEIM, LibraryClasses.common.SEC] diff --git a/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc b/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc index f904e6f258fe..2ead126e30fe 100644 --- a/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc +++ b/IntelFsp2WrapperPkg/IntelFsp2WrapperPkg.dsc @@ -57,9 +57,8 @@ Tpm2CommandLib|SecurityPkg/Library/Tpm2CommandLib/Tpm2CommandLib.inf -# StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules -[LibraryClasses.common.SEC] - NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf + # Provides Stack Cookie Implementation + NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf [LibraryClasses.common.PEIM,LibraryClasses.common.PEI_CORE] PeimEntryPoint|MdePkg/Library/PeimEntryPoint/PeimEntryPoint.inf diff --git a/MdeModulePkg/MdeModulePkg.dsc b/MdeModulePkg/MdeModulePkg.dsc index f8204f787553..3e64f3c76b95 100644 --- a/MdeModulePkg/MdeModulePkg.dsc +++ b/MdeModulePkg/MdeModulePkg.dsc @@ -109,8 +109,7 @@ IpmiCommandLib|MdeModulePkg/Library/BaseIpmiCommandLibNull/BaseIpmiCommandLibNull.inf SpiHcPlatformLib|MdeModulePkg/Library/BaseSpiHcPlatformLibNull/BaseSpiHcPlatformLibNull.inf -# StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules -[LibraryClasses.common.SEC] + # Provides Stack Cookie Implementation NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf [LibraryClasses.EBC.PEIM] diff --git a/MdePkg/MdeLibs.dsc.inc b/MdePkg/MdeLibs.dsc.inc index 4e3858edb627..e40ff7d95e04 100644 --- a/MdePkg/MdeLibs.dsc.inc +++ b/MdePkg/MdeLibs.dsc.inc @@ -30,9 +30,3 @@ # definitions for the intrinsic functions. # NULL|MdePkg/Library/CompilerIntrinsicsLib/CompilerIntrinsicsLib.inf - -# Stack Cookies cannot be generically applied to SEC modules because they may not define _ModuleEntryPoint and when we -# link a library in, we have to be able to define the entry point. SEC modules that do define _ModuleEntryPoint can -# apply a library class override to get StackCheckLibNull.inf -[LibraryClasses.common.PEI_CORE, LibraryClasses.common.PEIM, LibraryClasses.common.DXE_CORE, LibraryClasses.common.SMM_CORE, LibraryClasses.common.MM_CORE_STANDALONE, LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.DXE_RUNTIME_DRIVER, LibraryClasses.common.DXE_SMM_DRIVER, LibraryClasses.common.MM_STANDALONE, LibraryClasses.common.UEFI_DRIVER, LibraryClasses.common.UEFI_APPLICATION] - NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf diff --git a/MdePkg/MdePkg.dsc b/MdePkg/MdePkg.dsc index 0f00172be100..503fc9149ec7 100644 --- a/MdePkg/MdePkg.dsc +++ b/MdePkg/MdePkg.dsc @@ -35,6 +35,9 @@ [LibraryClasses] SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf + # Provides Stack Cookie Implementation + NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf + [Components] MdePkg/Library/UefiFileHandleLib/UefiFileHandleLib.inf MdePkg/Library/BaseCacheMaintenanceLib/BaseCacheMaintenanceLib.inf diff --git a/NetworkPkg/NetworkPkg.dsc b/NetworkPkg/NetworkPkg.dsc index f008790f30f8..c5b739d83e7b 100644 --- a/NetworkPkg/NetworkPkg.dsc +++ b/NetworkPkg/NetworkPkg.dsc @@ -62,8 +62,7 @@ FileExplorerLib|MdeModulePkg/Library/FileExplorerLib/FileExplorerLib.inf SortLib|MdeModulePkg/Library/UefiSortLib/UefiSortLib.inf -# StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules -[LibraryClasses.common.SEC] + # Provides Stack Cookie Implementation NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf [LibraryClasses.common.UEFI_DRIVER] diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc index 1f5837d6e723..6174a726ca45 100644 --- a/OvmfPkg/AmdSev/AmdSevX64.dsc +++ b/OvmfPkg/AmdSev/AmdSevX64.dsc @@ -204,6 +204,9 @@ !include OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc !include OvmfPkg/Include/Dsc/ShellLibs.dsc.inc + # Provides Stack Cookie Implementation + NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf + [LibraryClasses.common] AmdSvsmLib|OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.inf BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -232,9 +235,6 @@ CcExitLib|OvmfPkg/Library/CcExitLib/SecCcExitLib.inf MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf - # StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules - NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf - [LibraryClasses.common.PEI_CORE] HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLibIdt/PeiServicesTablePointerLibIdt.inf diff --git a/OvmfPkg/Bhyve/BhyveX64.dsc b/OvmfPkg/Bhyve/BhyveX64.dsc index 2f5fb46a2e67..e0ec700de596 100644 --- a/OvmfPkg/Bhyve/BhyveX64.dsc +++ b/OvmfPkg/Bhyve/BhyveX64.dsc @@ -232,6 +232,9 @@ !include OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc + # Provides Stack Cookie Implementation + NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf + [LibraryClasses.common] AmdSvsmLib|UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -256,9 +259,6 @@ CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf - # StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules - NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf - [LibraryClasses.common.PEI_CORE] HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLibIdt/PeiServicesTablePointerLibIdt.inf diff --git a/OvmfPkg/CloudHv/CloudHvX64.dsc b/OvmfPkg/CloudHv/CloudHvX64.dsc index 1a8d3c4911cf..f6e9bb86bb86 100644 --- a/OvmfPkg/CloudHv/CloudHvX64.dsc +++ b/OvmfPkg/CloudHv/CloudHvX64.dsc @@ -242,6 +242,9 @@ !include OvmfPkg/Include/Dsc/OvmfTpmLibs.dsc.inc + # Provides Stack Cookie Implementation + NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf + [LibraryClasses.common] AmdSvsmLib|OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.inf BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -269,9 +272,6 @@ CcExitLib|OvmfPkg/Library/CcExitLib/SecCcExitLib.inf MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf - # StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules - NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf - [LibraryClasses.common.PEI_CORE] HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLibIdt/PeiServicesTablePointerLibIdt.inf diff --git a/OvmfPkg/Include/Dsc/OvmfPkg.dsc.inc b/OvmfPkg/Include/Dsc/OvmfPkg.dsc.inc index 585545e106c9..9484083ee20f 100644 --- a/OvmfPkg/Include/Dsc/OvmfPkg.dsc.inc +++ b/OvmfPkg/Include/Dsc/OvmfPkg.dsc.inc @@ -2,6 +2,14 @@ # SPDX-License-Identifier: BSD-2-Clause-Patent ## +# +# Stack Cookies cannot be generically applied to SEC modules because they may not define _ModuleEntryPoint and when we +# link a library in, we have to be able to define the entry point. SEC modules that do define _ModuleEntryPoint can +# apply a library class override to get StackCheckLibNull.inf +# +[LibraryClasses.common.PEI_CORE, LibraryClasses.common.PEIM, LibraryClasses.common.DXE_CORE, LibraryClasses.common.SMM_CORE, LibraryClasses.common.MM_CORE_STANDALONE, LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.DXE_RUNTIME_DRIVER, LibraryClasses.common.DXE_SMM_DRIVER, LibraryClasses.common.MM_STANDALONE, LibraryClasses.common.UEFI_DRIVER, LibraryClasses.common.UEFI_APPLICATION] + NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf + [PcdsFixedAtBuild.common] !ifdef $(FIRMWARE_VER) gEfiMdeModulePkgTokenSpaceGuid.PcdFirmwareVersionString|L"$(FIRMWARE_VER)" diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.dsc b/OvmfPkg/IntelTdx/IntelTdxX64.dsc index fbda01bd7582..95783c7d36fe 100644 --- a/OvmfPkg/IntelTdx/IntelTdxX64.dsc +++ b/OvmfPkg/IntelTdx/IntelTdxX64.dsc @@ -211,6 +211,9 @@ !include OvmfPkg/Include/Dsc/ShellLibs.dsc.inc + # Provides Stack Cookie Implementation + NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf + [LibraryClasses.common] AmdSvsmLib|UefiCpuPkg/Library/AmdSvsmLibNull/AmdSvsmLibNull.inf BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -240,9 +243,6 @@ PeilessStartupLib|OvmfPkg/Library/PeilessStartupLib/PeilessStartupLib.inf CcProbeLib|OvmfPkg/Library/CcProbeLib/SecPeiCcProbeLib.inf - # StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules - NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf - [LibraryClasses.common.DXE_CORE] HobLib|MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf DxeCoreEntryPoint|MdePkg/Library/DxeCoreEntryPoint/DxeCoreEntryPoint.inf diff --git a/OvmfPkg/LoongArchVirt/LoongArchVirtQemu.dsc b/OvmfPkg/LoongArchVirt/LoongArchVirtQemu.dsc index 755892737b12..a30417cee478 100644 --- a/OvmfPkg/LoongArchVirt/LoongArchVirtQemu.dsc +++ b/OvmfPkg/LoongArchVirt/LoongArchVirtQemu.dsc @@ -185,6 +185,11 @@ VariableFlashInfoLib | MdeModulePkg/Library/BaseVariableFlashInfoLib/BaseVariableFlashInfoLib.inf VirtNorFlashPlatformLib | OvmfPkg/Library/FdtNorFlashQemuLib/FdtNorFlashQemuLib.inf + # + # Provides Stack Cookie Implementation + # + NULL | MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf + [LibraryClasses.common.SEC] PcdLib | MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf ReportStatusCodeLib | MdeModulePkg/Library/PeiReportStatusCodeLib/PeiReportStatusCodeLib.inf @@ -194,9 +199,6 @@ PlatformHookLib | OvmfPkg/LoongArchVirt/Library/Fdt16550SerialPortHookLib/EarlyFdt16550SerialPortHookLib.inf CpuExceptionHandlerLib | UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf - # StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules - NULL | MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf - [LibraryClasses.common.PEI_CORE] PcdLib | MdePkg/Library/PeiPcdLib/PeiPcdLib.inf HobLib | MdePkg/Library/PeiHobLib/PeiHobLib.inf diff --git a/OvmfPkg/Microvm/MicrovmX64.dsc b/OvmfPkg/Microvm/MicrovmX64.dsc index 6fe8dfd2880e..76b605f7e03b 100644 --- a/OvmfPkg/Microvm/MicrovmX64.dsc +++ b/OvmfPkg/Microvm/MicrovmX64.dsc @@ -246,6 +246,9 @@ !include OvmfPkg/Include/Dsc/ShellLibs.dsc.inc + # Provides Stack Cookie Implementation + NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf + [LibraryClasses.common] AmdSvsmLib|OvmfPkg/Library/AmdSvsmLib/AmdSvsmLib.inf BaseCryptLib|CryptoPkg/Library/BaseCryptLib/BaseCryptLib.inf @@ -277,9 +280,6 @@ CcExitLib|OvmfPkg/Library/CcExitLib/SecCcExitLib.inf MemEncryptSevLib|OvmfPkg/Library/BaseMemEncryptSevLib/SecMemEncryptSevLib.inf - # StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules - NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf - [LibraryClasses.common.PEI_CORE] HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf PeiServicesTablePointerLib|MdePkg/Library/PeiServicesTablePointerLibIdt/PeiServicesTablePointerLibIdt.inf diff --git a/OvmfPkg/OvmfXen.dsc b/OvmfPkg/OvmfXen.dsc index ac7d18196909..9a87fc3f6a26 100644 --- a/OvmfPkg/OvmfXen.dsc +++ b/OvmfPkg/OvmfXen.dsc @@ -238,6 +238,14 @@ CcExitLib|UefiCpuPkg/Library/CcExitLibNull/CcExitLibNull.inf TdxLib|MdePkg/Library/TdxLib/TdxLib.inf +# +# Stack Cookies cannot be generically applied to SEC modules here because not all define _ModuleEntryPoint and when we +# link a library in, we have to be able to define the entry point. SEC modules that do define _ModuleEntryPoint can +# apply a library class override to get StackCheckLibNull.inf +# +[LibraryClasses.common.PEIM, LibraryClasses.common.PEI_CORE, LibraryClasses.common.DXE_CORE, LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.DXE_RUNTIME_DRIVER, LibraryClasses.common.UEFI_DRIVER, LibraryClasses.common.UEFI_APPLICATION] + NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf + [LibraryClasses.common.SEC] QemuFwCfgLib|OvmfPkg/Library/QemuFwCfgLib/QemuFwCfgSecLib.inf !ifndef $(DEBUG_ON_HYPERVISOR_CONSOLE) diff --git a/OvmfPkg/RiscVVirt/RiscVVirt.dsc.inc b/OvmfPkg/RiscVVirt/RiscVVirt.dsc.inc index 9cf743c842bc..d7227d88c7a9 100644 --- a/OvmfPkg/RiscVVirt/RiscVVirt.dsc.inc +++ b/OvmfPkg/RiscVVirt/RiscVVirt.dsc.inc @@ -141,6 +141,9 @@ PcdLib|MdePkg/Library/DxePcdLib/DxePcdLib.inf HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf + # Provides Stack Cookie Implementation + NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf + [LibraryClasses.common.SEC] PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf BaseMemoryLib|MdePkg/Library/BaseMemoryLib/BaseMemoryLib.inf @@ -152,9 +155,6 @@ PrePiHobListPointerLib|OvmfPkg/RiscVVirt/Library/PrePiHobListPointerLib/PrePiHobListPointerLib.inf MemoryAllocationLib|EmbeddedPkg/Library/PrePiMemoryAllocationLib/PrePiMemoryAllocationLib.inf - # StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules - NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf - [LibraryClasses.common.DXE_CORE] PerformanceLib|MdeModulePkg/Library/DxeCorePerformanceLib/DxeCorePerformanceLib.inf HobLib|MdePkg/Library/DxeCoreHobLib/DxeCoreHobLib.inf diff --git a/PcAtChipsetPkg/PcAtChipsetPkg.dsc b/PcAtChipsetPkg/PcAtChipsetPkg.dsc index 73f8198f68fd..b9a52b7040ba 100644 --- a/PcAtChipsetPkg/PcAtChipsetPkg.dsc +++ b/PcAtChipsetPkg/PcAtChipsetPkg.dsc @@ -45,8 +45,7 @@ ReportStatusCodeLib|MdePkg/Library/BaseReportStatusCodeLibNull/BaseReportStatusCodeLibNull.inf HobLib|MdePkg/Library/DxeHobLib/DxeHobLib.inf -# StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules -[LibraryClasses.common.SEC] + # Provides Stack Cookie Implementation NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf [Components] diff --git a/PrmPkg/PrmPkg.dsc b/PrmPkg/PrmPkg.dsc index 8eeb393cd19c..4b793dd5175e 100644 --- a/PrmPkg/PrmPkg.dsc +++ b/PrmPkg/PrmPkg.dsc @@ -40,8 +40,7 @@ UefiBootServicesTableLib|MdePkg/Library/UefiBootServicesTableLib/UefiBootServicesTableLib.inf UefiRuntimeServicesTableLib|MdePkg/Library/UefiRuntimeServicesTableLib/UefiRuntimeServicesTableLib.inf -# StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules -[LibraryClasses.common.SEC] + # Provides Stack Cookie Implementation NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf [LibraryClasses.IA32, LibraryClasses.X64] diff --git a/RedfishPkg/RedfishPkg.dsc b/RedfishPkg/RedfishPkg.dsc index 97f20597d244..03eeed4a3d83 100644 --- a/RedfishPkg/RedfishPkg.dsc +++ b/RedfishPkg/RedfishPkg.dsc @@ -52,8 +52,7 @@ IpmiLib|MdeModulePkg/Library/BaseIpmiLibNull/BaseIpmiLibNull.inf IpmiCommandLib|MdeModulePkg/Library/BaseIpmiCommandLibNull/BaseIpmiCommandLibNull.inf -# StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules -[LibraryClasses.common.SEC] + # Provides Stack Cookie Implementation NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf [LibraryClasses.ARM, LibraryClasses.AARCH64] diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc index f6a3f49f12aa..53d9d166f1dd 100644 --- a/SecurityPkg/SecurityPkg.dsc +++ b/SecurityPkg/SecurityPkg.dsc @@ -89,8 +89,7 @@ PlatformLibWrapper|SecurityPkg/DeviceSecurity/OsStub/PlatformLibWrapper/PlatformLibWrapper.inf MemLibWrapper|SecurityPkg/DeviceSecurity/OsStub/MemLibWrapper/MemLibWrapper.inf -# StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules -[LibraryClasses.common.SEC] + # Provides Stack Cookie Implementation NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf [LibraryClasses.ARM, LibraryClasses.AARCH64] diff --git a/ShellPkg/ShellPkg.dsc b/ShellPkg/ShellPkg.dsc index 029a22fc7997..3b2470780f00 100644 --- a/ShellPkg/ShellPkg.dsc +++ b/ShellPkg/ShellPkg.dsc @@ -65,8 +65,7 @@ DxeServicesLib|MdePkg/Library/DxeServicesLib/DxeServicesLib.inf ReportStatusCodeLib|MdePkg/Library/BaseReportStatusCodeLibNull/BaseReportStatusCodeLibNull.inf -# StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules -[LibraryClasses.common.SEC] + # Provides Stack Cookie Implementation NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf [PcdsFixedAtBuild] diff --git a/SignedCapsulePkg/SignedCapsulePkg.dsc b/SignedCapsulePkg/SignedCapsulePkg.dsc index 1217d24b8adc..267d5279cb5d 100644 --- a/SignedCapsulePkg/SignedCapsulePkg.dsc +++ b/SignedCapsulePkg/SignedCapsulePkg.dsc @@ -95,8 +95,7 @@ PlatformFlashAccessLib|SignedCapsulePkg/Library/PlatformFlashAccessLibNull/PlatformFlashAccessLibNull.inf RngLib|MdePkg/Library/BaseRngLib/BaseRngLib.inf -# StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules -[LibraryClasses.common.SEC] + # Provides Stack Cookie Implementation NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf [LibraryClasses.ARM] diff --git a/SourceLevelDebugPkg/SourceLevelDebugPkg.dsc b/SourceLevelDebugPkg/SourceLevelDebugPkg.dsc index 1b9a99b6ab57..da01df2b392d 100644 --- a/SourceLevelDebugPkg/SourceLevelDebugPkg.dsc +++ b/SourceLevelDebugPkg/SourceLevelDebugPkg.dsc @@ -52,8 +52,7 @@ !endif !endif -# StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules -[LibraryClasses.common.SEC] + # Provides Stack Cookie Implementation NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf [LibraryClasses.common.PEIM] diff --git a/StandaloneMmPkg/StandaloneMmPkg.dsc b/StandaloneMmPkg/StandaloneMmPkg.dsc index 51dd134ef9da..b3a5550e9b8c 100644 --- a/StandaloneMmPkg/StandaloneMmPkg.dsc +++ b/StandaloneMmPkg/StandaloneMmPkg.dsc @@ -64,6 +64,9 @@ ImagePropertiesRecordLib|MdeModulePkg/Library/ImagePropertiesRecordLib/ImagePropertiesRecordLib.inf PeCoffGetEntryPointLib|MdePkg/Library/BasePeCoffGetEntryPointLib/BasePeCoffGetEntryPointLib.inf + # Provides Stack Cookie Implementation + NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf + [LibraryClasses.common.PEIM] HobLib|MdePkg/Library/PeiHobLib/PeiHobLib.inf PeimEntryPoint|MdePkg/Library/PeimEntryPoint/PeimEntryPoint.inf diff --git a/UefiCpuPkg/UefiCpuPkg.dsc b/UefiCpuPkg/UefiCpuPkg.dsc index f173bba87e4b..5f21f2aa5772 100644 --- a/UefiCpuPkg/UefiCpuPkg.dsc +++ b/UefiCpuPkg/UefiCpuPkg.dsc @@ -72,6 +72,14 @@ HobLib|MdeModulePkg/Library/BaseHobLibNull/BaseHobLibNull.inf MemoryAllocationLib|MdeModulePkg/Library/BaseMemoryAllocationLibNull/BaseMemoryAllocationLibNull.inf +# +# Stack Cookies cannot be generically applied to SEC modules here because not all define _ModuleEntryPoint and when we +# link a library in, we have to be able to define the entry point. SEC modules that do define _ModuleEntryPoint can +# apply a library class override to get StackCheckLibNull.inf +# +[LibraryClasses.common.PEIM, LibraryClasses.common.DXE_DRIVER, LibraryClasses.common.DXE_RUNTIME_DRIVER, LibraryClasses.common.DXE_SMM_DRIVER, LibraryClasses.common.MM_STANDALONE, LibraryClasses.common.UEFI_DRIVER, LibraryClasses.common.UEFI_APPLICATION] + NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf + [LibraryClasses.common.SEC] PlatformSecLib|UefiCpuPkg/Library/PlatformSecLibNull/PlatformSecLibNull.inf CpuExceptionHandlerLib|UefiCpuPkg/Library/CpuExceptionHandlerLib/SecPeiCpuExceptionHandlerLib.inf diff --git a/UefiPayloadPkg/UefiPayloadPkg.dsc b/UefiPayloadPkg/UefiPayloadPkg.dsc index 3c0f2d699b0b..c0afce6a3b3f 100644 --- a/UefiPayloadPkg/UefiPayloadPkg.dsc +++ b/UefiPayloadPkg/UefiPayloadPkg.dsc @@ -321,6 +321,9 @@ HobPrintLib|MdeModulePkg/Library/HobPrintLib/HobPrintLib.inf BuildFdtLib|UefiPayloadPkg/Library/BuildFdtLib/BuildFdtLib.inf + # Provides Stack Cookie Implementation + NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf + [LibraryClasses.common] !if $(BOOTSPLASH_IMAGE) SafeIntLib|MdePkg/Library/BaseSafeIntLib/BaseSafeIntLib.inf @@ -352,9 +355,6 @@ SerialPortLib|UefiPayloadPkg/Library/BaseSerialPortLibHob/BaseSerialPortLibHob.inf !endif - # StackCheckLib is not linked for SEC modules by default, this package can link it against its SEC modules - NULL|MdePkg/Library/StackCheckLibNull/StackCheckLibNull.inf - [LibraryClasses.common.DXE_CORE] DxeHobListLib|UefiPayloadPkg/Library/DxeHobListLibNull/DxeHobListLibNull.inf PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf