3 mainmenu "Buildroot $BR2_VERSION Configuration"
5 config BR2_HAVE_DOT_CONFIG
11 option env="BR2_VERSION_FULL"
21 # br2-external paths definitions
22 source "$BR2_BASE_DIR/.br2-external.in.paths"
24 # Hidden config symbols for packages to check system gcc version
25 config BR2_HOST_GCC_VERSION
27 option env="HOST_GCC_VERSION"
29 config BR2_HOST_GCC_AT_LEAST_4_9
31 default y if BR2_HOST_GCC_VERSION = "4 9"
33 config BR2_HOST_GCC_AT_LEAST_5
35 default y if BR2_HOST_GCC_VERSION = "5"
36 select BR2_HOST_GCC_AT_LEAST_4_9
38 config BR2_HOST_GCC_AT_LEAST_6
40 default y if BR2_HOST_GCC_VERSION = "6"
41 select BR2_HOST_GCC_AT_LEAST_5
43 config BR2_HOST_GCC_AT_LEAST_7
45 default y if BR2_HOST_GCC_VERSION = "7"
46 select BR2_HOST_GCC_AT_LEAST_6
48 config BR2_HOST_GCC_AT_LEAST_8
50 default y if BR2_HOST_GCC_VERSION = "8"
51 select BR2_HOST_GCC_AT_LEAST_7
53 config BR2_HOST_GCC_AT_LEAST_9
55 default y if BR2_HOST_GCC_VERSION = "9"
56 select BR2_HOST_GCC_AT_LEAST_8
58 config BR2_HOST_GCC_AT_LEAST_10
60 default y if BR2_HOST_GCC_VERSION = "10"
61 select BR2_HOST_GCC_AT_LEAST_9
63 config BR2_HOST_GCC_AT_LEAST_11
65 default y if BR2_HOST_GCC_VERSION = "11"
66 select BR2_HOST_GCC_AT_LEAST_10
68 # When adding new entries above, be sure to update
69 # the HOSTCC_MAX_VERSION variable in the Makefile.
71 # Hidden boolean selected by packages in need of Java in order to build
73 config BR2_NEEDS_HOST_JAVA
76 # Hidden boolean selected by pre-built packages for x86, when they
77 # need to run on x86-64 machines (example: pre-built external
78 # toolchains, binary tools, etc.).
79 config BR2_HOSTARCH_NEEDS_IA32_LIBS
82 # Hidden boolean selected by packages that need to build 32 bits
83 # binaries with the host compiler, even on 64 bits build machines (e.g
85 config BR2_HOSTARCH_NEEDS_IA32_COMPILER
88 # Hidden boolean selected by packages that need the host to have an
90 config BR2_NEEDS_HOST_UTF8_LOCALE
93 # Hidden boolean selected by packages that need the host to have
94 # support for building gcc plugins
95 config BR2_NEEDS_HOST_GCC_PLUGIN_SUPPORT
98 source "arch/Config.in"
100 source "toolchain/Config.in"
107 string "Wget command"
108 default "wget --passive-ftp -nd -t 3"
111 string "Subversion (svn) command"
112 default "svn --non-interactive"
115 string "Bazaar (bzr) command"
126 config BR2_LOCALFILES
127 string "Local files retrieval command"
131 string "Secure copy (scp) command"
135 string "Secure file transfer (sftp) command"
139 string "Mercurial (hg) command"
143 string "zcat command"
146 Command to be used to extract a gzip'ed file to stdout. zcat
147 is identical to gunzip -c except that the former may not be
148 available on your system.
149 Default is "gzip -d -c"
150 Other possible values include "gunzip -c" or "zcat".
153 string "bzcat command"
156 Command to be used to extract a bzip2'ed file to stdout.
157 bzcat is identical to bunzip2 -c except that the former may
158 not be available on your system.
160 Other possible values include "bunzip2 -c" or "bzip2 -d -c".
163 string "xzcat command"
166 Command to be used to extract a xz'ed file to stdout.
170 string "lzcat command"
173 Command to be used to extract a lzip'ed file to stdout.
174 Default is "lzip -d -c"
176 config BR2_TAR_OPTIONS
180 Options to pass to tar when extracting the sources.
181 E.g. " -v --exclude='*.svn*'" to exclude all .svn internal
182 files and to be verbose.
186 config BR2_DEFCONFIG_FROM_ENV
188 option env="BR2_DEFCONFIG"
191 string "Location to save buildroot config"
192 default BR2_DEFCONFIG_FROM_ENV if BR2_DEFCONFIG_FROM_ENV != ""
193 default "$(CONFIG_DIR)/defconfig"
195 When running 'make savedefconfig', the defconfig file will be
196 saved in this location.
199 string "Download dir"
200 default "$(TOPDIR)/dl"
202 Directory to store all the source files that we need to fetch.
203 If the Linux shell environment has defined the BR2_DL_DIR
204 environment variable, then this overrides this configuration
206 The directory is organized with a subdirectory for each
207 package. Each package has its own $(LIBFOO_DL_DIR) variable
208 that can be used to find the correct path.
210 The default is $(TOPDIR)/dl
214 default "$(BASE_DIR)/host"
216 Directory to store all the binary files that are built for the
217 host. This includes the cross compilation toolchain when
218 building the internal buildroot toolchain.
220 The default is $(BASE_DIR)/host
222 menu "Mirrors and Download locations"
224 config BR2_PRIMARY_SITE
225 string "Primary download site"
228 Primary site to download from. If this option is set then
229 buildroot will try to download package source first from this
230 site and try the default if the file is not found.
232 - URIs recognized by $(WGET)
233 - local URIs of the form file://absolutepath
234 - scp URIs of the form scp://[user@]host:path.
236 config BR2_PRIMARY_SITE_ONLY
237 bool "Only allow downloads from primary download site"
238 depends on BR2_PRIMARY_SITE != ""
240 If this option is enabled, downloads will only be attempted
241 from the primary download site. Other locations, like the
242 package's official download location or the backup download
243 site, will not be considered. Therefore, if the package is not
244 present on the primary site, the download fails.
246 This is useful for project developers who want to ensure that
247 the project can be built even if the upstream tarball
250 if !BR2_PRIMARY_SITE_ONLY
252 config BR2_BACKUP_SITE
253 string "Backup download site"
254 default "https://sources.buildroot.net"
256 Backup site to download from. If this option is set then
257 buildroot will fall back to download package sources from here
258 if the normal location fails.
260 config BR2_KERNEL_MIRROR
261 string "Kernel.org mirror"
262 default "https://cdn.kernel.org/pub"
264 kernel.org is mirrored on a number of servers around the
265 world. The following allows you to select your preferred
266 mirror. By default, a CDN is used, which automatically
267 redirects to a mirror geographically close to you.
269 Have a look on the kernel.org site for a list of mirrors, then
270 enter the URL to the base directory. Examples:
272 http://www.XX.kernel.org/pub (XX = country code)
273 http://mirror.aarnet.edu.au/pub/ftp.kernel.org
275 config BR2_GNU_MIRROR
276 string "GNU Software mirror"
277 default "http://ftpmirror.gnu.org"
279 GNU has multiple software mirrors scattered around the
280 world. The following allows you to select your preferred
281 mirror. By default, a generic address is used, which
282 automatically selects an up-to-date and local mirror.
284 Have a look on the gnu.org site for a list of mirrors, then
285 enter the URL to the base directory. Examples:
287 http://ftp.gnu.org/pub/gnu
288 http://mirror.aarnet.edu.au/pub/gnu
290 config BR2_LUAROCKS_MIRROR
291 string "LuaRocks mirror"
292 default "http://rocks.moonscript.org"
296 See http://luarocks.org
298 config BR2_CPAN_MIRROR
299 string "CPAN mirror (Perl packages)"
300 default "https://cpan.metacpan.org"
302 CPAN (Comprehensive Perl Archive Network) is a repository of
303 Perl packages. It has multiple software mirrors scattered
304 around the world. This option allows you to select a mirror.
306 The list of mirrors is available at:
307 http://mirrors.cpan.org/ (tabular)
308 http://mirrors.cpan.org/map.html (clickable world map)
315 int "Number of jobs to run simultaneously (0 for auto)"
318 Number of jobs to run simultaneously. If 0, determine
319 automatically according to number of CPUs on the host system.
322 bool "Enable compiler cache"
324 This option will enable the use of ccache, a compiler cache.
325 It will cache the result of previous builds to speed up future
326 builds. By default, the cache is stored in
327 $HOME/.buildroot-ccache.
329 Note that Buildroot does not try to invalidate the cache
330 contents when the compiler changes in an incompatible way.
331 Therefore, if you make a change to the compiler version and/or
332 configuration, you are responsible for purging the ccache
333 cache by removing the $HOME/.buildroot-ccache directory.
337 config BR2_CCACHE_DIR
338 string "Compiler cache location"
339 default "$(HOME)/.buildroot-ccache"
341 Where ccache should store cached files.
342 If the Linux shell environment has defined the BR2_CCACHE_DIR
343 environment variable, then this overrides this configuration
346 config BR2_CCACHE_INITIAL_SETUP
347 string "Compiler cache initial setup"
349 Initial ccache settings to apply, such as --max-files or
352 For example, if your project is known to require more space
353 than the default max cache size, then you might want to
354 increase the cache size to a suitable amount using the -M
357 The string you specify here is passed verbatim to ccache.
358 Refer to ccache documentation for more details.
360 These initial settings are applied after ccache has been
363 config BR2_CCACHE_USE_BASEDIR
364 bool "Use relative paths"
367 Allow ccache to convert absolute paths within the output
368 directory into relative paths.
370 During the build, many -I include directives are given with an
371 absolute path. These absolute paths end up in the hashes that
372 are computed by ccache. Therefore, when you build from a
373 different directory, the hash will be different and the cached
374 object will not be used.
376 To improve cache performance, set this option to y. This
377 allows ccache to rewrite absolute paths within the output
378 directory into relative paths. Note that only paths within the
379 output directory will be rewritten; therefore, if you change
380 BR2_HOST_DIR to point outside the output directory and
381 subsequently move it to a different location, this will lead
384 This option has as a result that the debug information in the
385 object files also has only relative paths. Therefore, make
386 sure you cd to the build directory before starting gdb. See
387 the section "COMPILING IN DIFFERENT DIRECTORIES" in the ccache
388 manual for more information.
392 config BR2_ENABLE_DEBUG
393 bool "build packages with debugging symbols"
395 Build packages with debugging symbols enabled. All libraries
396 and binaries in the 'staging' directory will have debugging
397 symbols, which allows remote debugging even if libraries and
398 binaries are stripped on the target. Whether libraries and
399 binaries are stripped on the target is controlled by the
400 BR2_STRIP_* options below.
404 prompt "gcc debug level"
407 Set the debug level for gcc
412 Debug level 1 produces minimal information, enough for making
413 backtraces in parts of the program that you don't plan to
414 debug. This includes descriptions of functions and external
415 variables, but no information about local variables and no
421 The default gcc debug level is 2
426 Level 3 includes extra information, such as all the macro
427 definitions present in the program. Some debuggers support
428 macro expansion when you use -g3.
432 config BR2_ENABLE_RUNTIME_DEBUG
433 bool "build packages with runtime debugging info"
435 Some packages may have runtime assertions, extra traces, and
436 similar runtime elements that can help debugging. However,
437 these elements may negatively influence performance so should
438 normally not be enabled on production systems.
440 Enable this option to enable such runtime debugging.
442 Note: disabling this option is not a guarantee that all
443 packages effectively removed these runtime debugging elements.
445 config BR2_STRIP_strip
446 bool "strip target binaries"
448 depends on BR2_BINFMT_ELF
450 Binaries and libraries in the target filesystem will be
451 stripped using the normal 'strip' command. This allows to save
452 space, mainly by removing debugging symbols. Debugging symbols
453 on the target are needed for native debugging, but not when
454 remote debugging is used.
456 config BR2_STRIP_EXCLUDE_FILES
457 string "executables that should not be stripped"
459 depends on BR2_STRIP_strip
461 You may specify a space-separated list of binaries and
462 libraries here that should not be stripped on the target.
464 config BR2_STRIP_EXCLUDE_DIRS
465 string "directories that should be skipped when stripping"
467 depends on BR2_STRIP_strip
469 You may specify a space-separated list of directories that
470 should be skipped when stripping. Binaries and libraries in
471 these directories will not be touched. The directories should
472 be specified relative to the target directory, without leading
476 prompt "gcc optimization level"
477 default BR2_OPTIMIZE_S
479 Set the optimization level for gcc
481 config BR2_OPTIMIZE_0
482 bool "optimization level 0"
486 config BR2_OPTIMIZE_1
487 bool "optimization level 1"
489 Optimize. Optimizing compilation takes somewhat more time, and
490 a lot more memory for a large function. With -O, the compiler
491 tries to reduce code size and execution time, without
492 performing any optimizations that take a great deal of
493 compilation time. -O turns on the following optimization
494 flags: -fdefer-pop -fdelayed-branch -fguess-branch-probability
495 -fcprop-registers -floop-optimize -fif-conversion
496 -fif-conversion2 -ftree-ccp -ftree-dce -ftree-dominator-opts
497 -ftree-dse -ftree-ter -ftree-lrs -ftree-sra -ftree-copyrename
498 -ftree-fre -ftree-ch -funit-at-a-time -fmerge-constants. -O
499 also turns on -fomit-frame-pointer on machines where doing so
500 does not interfere with debugging.
502 config BR2_OPTIMIZE_2
503 bool "optimization level 2"
505 Optimize even more. GCC performs nearly all supported
506 optimizations that do not involve a space-speed tradeoff. The
507 compiler does not perform loop unrolling or function inlining
508 when you specify -O2. As compared to -O, this option increases
509 both compilation time and the performance of the generated
510 code. -O2 turns on all optimization flags specified by -O. It
511 also turns on the following optimization flags:
512 -fthread-jumps -fcrossjumping -foptimize-sibling-calls
513 -fcse-follow-jumps -fcse-skip-blocks -fgcse -fgcse-lm
514 -fexpensive-optimizations -fstrength-reduce
515 -frerun-cse-after-loop -frerun-loop-opt -fcaller-saves
516 -fpeephole2 -fschedule-insns -fschedule-insns2
517 -fsched-interblock -fsched-spec -fregmove -fstrict-aliasing
518 -fdelete-null-pointer-checks -freorder-blocks
519 -freorder-functions -falign-functions -falign-jumps
520 -falign-loops -falign-labels -ftree-vrp -ftree-pre. Please
521 note the warning under -fgcse about invoking -O2 on programs
522 that use computed gotos.
524 config BR2_OPTIMIZE_3
525 bool "optimization level 3"
527 Optimize yet more. -O3 turns on all optimizations specified by
528 -O2 and also turns on the -finline-functions, -funswitch-loops
529 and -fgcse-after-reload options.
531 config BR2_OPTIMIZE_G
532 bool "optimize for debugging"
533 depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_8
535 Optimize for debugging. This enables optimizations that do not
536 interfere with debugging. It should be the optimization level
537 of choice for the standard edit-compile-debug cycle, offering
538 a reasonable level of optimization while maintaining fast
539 compilation and a good debugging experience.
541 config BR2_OPTIMIZE_S
542 bool "optimize for size"
544 Optimize for size. -Os enables all -O2 optimizations that do
545 not typically increase code size. It also performs further
546 optimizations designed to reduce code size. -Os disables the
547 following optimization flags: -falign-functions -falign-jumps
548 -falign-loops -falign-labels -freorder-blocks
549 -freorder-blocks-and-partition -fprefetch-loop-arrays
550 -ftree-vect-loop-version
553 config BR2_OPTIMIZE_FAST
554 bool "optimize for fast (may break packages!)"
555 depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_6
557 Optimize for fast. Disregard strict standards
558 compliance. -Ofast enables all -O3 optimizations. It also
559 enables optimizations that are not valid for all
560 standard-compliant programs, so be careful, as it may break
561 some packages. It turns on -ffast-math and the
562 Fortran-specific -fstack-arrays, unless -fmax-stack-var-size
563 is specified, and -fno-protect-parens.
567 config BR2_ENABLE_LTO
568 bool "build packages with link-time optimisation"
570 Enable the link-time optimisation (LTO) option when building
571 packages. Link-time optimisation re-runs optimisations at
572 link time, which allows the compiler to do interprocedural
573 analysis across compilation units and thus come with better
574 results: smaller size and better performance.
576 Note that this analysis is limited to statically linked
577 object files and libraries.
579 This option may significantly increase build times,
580 sometimes 5 times longer, with only limited gains.
582 At this time, this option only enables LTO in packages that
583 have an explicit configuration option for it. Other packages
584 always enable LTO, but most packages never enable LTO.
586 config BR2_GOOGLE_BREAKPAD_ENABLE
587 bool "Enable google-breakpad support"
588 depends on BR2_INSTALL_LIBSTDCPP
589 depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_8 # C++11
590 depends on BR2_USE_WCHAR
591 depends on BR2_TOOLCHAIN_HAS_THREADS
592 depends on (BR2_TOOLCHAIN_USES_GLIBC || BR2_TOOLCHAIN_USES_UCLIBC)
593 depends on BR2_PACKAGE_GOOGLE_BREAKPAD_ARCH_SUPPORTS
594 depends on BR2_PACKAGE_HOST_GOOGLE_BREAKPAD_ARCH_SUPPORTS
595 select BR2_PACKAGE_GOOGLE_BREAKPAD
597 This option will enable the use of google breakpad, a library
598 and tool suite that allows you to distribute an application to
599 users with compiler-provided debugging information removed,
600 record crashes in compact "minidump" files, send them back to
601 your server and produce C and C++ stack traces from these
602 minidumps. Breakpad can also write minidumps on request for
603 programs that have not crashed.
605 if BR2_GOOGLE_BREAKPAD_ENABLE
607 config BR2_GOOGLE_BREAKPAD_INCLUDE_FILES
608 string "List of executables and libraries to extract symbols from"
611 You may specify a space-separated list of binaries and
612 libraries with full paths relative to $(TARGET_DIR) of which
613 debug symbols will be dumped for further use with google
616 A directory structure that can be used by minidump-stackwalk
619 $(STAGING_DIR)/usr/share/google-breakpad-symbols
625 default BR2_SHARED_LIBS if BR2_BINFMT_SUPPORTS_SHARED
626 default BR2_STATIC_LIBS if !BR2_BINFMT_SUPPORTS_SHARED
628 Select the type of libraries you want to use on the target.
630 The default is to build dynamic libraries and use those on the
631 target filesystem, except when the architecture and/or the
632 selected binary format does not support shared libraries.
634 config BR2_STATIC_LIBS
636 depends on !BR2_TOOLCHAIN_USES_GLIBC
638 Build and use only static libraries. No shared libraries will
639 be installed on the target. This potentially increases your
640 code size and should only be used if you know what you are
641 doing. Note that some packages may not be available when this
642 option is enabled, due to their need for dynamic library
645 comment "static only needs a toolchain w/ uclibc or musl"
646 depends on BR2_TOOLCHAIN_USES_GLIBC
648 config BR2_SHARED_LIBS
650 depends on BR2_BINFMT_SUPPORTS_SHARED
652 Build and use only shared libraries. This is the recommended
653 solution as it saves space and build time.
655 config BR2_SHARED_STATIC_LIBS
656 bool "both static and shared"
657 depends on BR2_BINFMT_SUPPORTS_SHARED
659 Build both shared and static libraries, but link executables
660 dynamically. While building both shared and static libraries
661 take more time and more disk space, having static libraries
662 may be useful to link some of the applications statically.
666 config BR2_PACKAGE_OVERRIDE_FILE
667 string "location of a package override file"
668 default "$(CONFIG_DIR)/local.mk"
670 A package override file is a short makefile that contains
671 variable definitions of the form <pkg>_OVERRIDE_SRCDIR, which
672 allows to tell Buildroot to use an existing directory as the
673 source directory for a particular package. See the Buildroot
674 documentation for more details on this feature.
676 config BR2_GLOBAL_PATCH_DIR
677 string "global patch and hash directories"
679 You may specify a space separated list of one or more
680 directories containing global package patches and/or hashes.
681 For a specific version <packageversion> of a specific package
682 <packagename>, patches are looked up as follows:
684 First, the default Buildroot patch set for the package is
685 applied from the package's directory in Buildroot.
687 Then for every directory - <global-patch-dir> - that exists in
688 BR2_GLOBAL_PATCH_DIR, if the directory
689 <global-patch-dir>/<packagename>/<packageversion>/ exists,
690 then all *.patch files in this directory will be applied.
692 Otherwise, if the directory <global-patch-dir>/<packagename>
693 exists, then all *.patch files in the directory will be
696 The hash files are looked up similarly to the patches.
700 config BR2_FORCE_HOST_BUILD
701 bool "Force the building of host dependencies"
703 Build all available host dependencies, even if they are
704 already installed on the system.
706 This option can be used to ensure that the download cache of
707 source archives for packages remain consistent between
708 different build hosts.
710 This option will increase build time.
712 config BR2_DOWNLOAD_FORCE_CHECK_HASHES
713 bool "Force all downloads to have a valid hash"
714 depends on BR2_GLOBAL_PATCH_DIR != ""
716 For packages where a custom version or location can be set,
717 Buildroot does not carry a hash for those custom versions or
718 locations, so the integrity of such downloads is not verified.
720 Say 'y' here to enforce downloads to have at least one valid
721 hash (and of course, that all hashes be valid).
723 Those hashes are looked in files in BR2_GLOBAL_PATCH_DIR,
726 comment "Forcing all downloads to have a valid hash needs a global patch and hash directory"
727 depends on BR2_GLOBAL_PATCH_DIR = ""
729 config BR2_REPRODUCIBLE
730 bool "Make the build reproducible (experimental)"
731 # SOURCE_DATE_EPOCH support in toolchain-wrapper requires GCC 4.4
732 depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_4
734 This option will remove all sources of non-reproducibility
735 from the build process. For a given Buildroot configuration,
736 this allows to generate exactly identical binaries from one
737 build to the other, including on different machines.
739 The current implementation is restricted to builds with the
740 same output directory. Many (absolute) paths are recorded in
741 intermediary files, and it is very likely that some of these
742 paths leak into the target rootfs. If you build with the
743 same O=... path, however, the result is identical.
745 This is labeled as an experimental feature, as not all
746 packages behave properly to ensure reproducibility.
748 config BR2_PER_PACKAGE_DIRECTORIES
749 bool "Use per-package directories (experimental)"
751 This option will change the build process of Buildroot
752 package to use per-package target and host directories.
754 This is useful for two related purposes:
756 - Cleanly isolate the build of each package, so that a
757 given package only "sees" the dependencies it has
758 explicitly expressed, and not other packages that may
759 have by chance been built before.
761 - Enable top-level parallel build.
763 This is labeled as an experimental feature, as not all
764 packages behave properly with per-package directories.
768 config BR2_TIME_BITS_64
769 bool "Build Y2038-ready code"
770 depends on BR2_TOOLCHAIN_USES_GLIBC && !BR2_ARCH_IS_64
772 This option will pass -D_TIME_BITS=64 in the compiler flags
773 to ensure the glibc C library uses a 64-bit representation
774 for time_t and other time types, which ensures that
775 programs/libraries will correctly handle time past year
778 This option only has an effect with glibc >= 2.34, as
779 earlier glibc versions did not have support for 64-bit
782 comment "Security Hardening Options"
784 config BR2_PIC_PIE_ARCH_SUPPORTS
787 # Microblaze glibc toolchains don't work with PIC/PIE enabled
788 depends on !BR2_microblaze
789 # Nios2 toolchains produce non working binaries with -fPIC
790 depends on !BR2_nios2
793 bool "Build code with PIC/PIE"
795 depends on BR2_PIC_PIE_ARCH_SUPPORTS
796 depends on BR2_SHARED_LIBS
797 depends on BR2_TOOLCHAIN_SUPPORTS_PIE
799 Generate Position-Independent Code (PIC) and link
800 Position-Independent Executables (PIE).
802 comment "PIC/PIE needs a toolchain w/ PIE"
803 depends on BR2_PIC_PIE_ARCH_SUPPORTS
804 depends on BR2_SHARED_LIBS
805 depends on !BR2_TOOLCHAIN_SUPPORTS_PIE
808 bool "Stack Smashing Protection"
809 default BR2_SSP_ALL if BR2_ENABLE_SSP # legacy
810 default BR2_SSP_STRONG if BR2_TOOLCHAIN_HAS_SSP_STRONG
811 default BR2_SSP_REGULAR
812 depends on BR2_TOOLCHAIN_HAS_SSP
814 Enable stack smashing protection support using GCC's
815 -fstack-protector option family.
818 http://www.linuxfromscratch.org/hints/downloads/files/ssp.txt
821 Note that this requires the toolchain to have SSP support.
822 This is always the case for glibc and eglibc toolchain, but is
823 optional in uClibc toolchains.
828 Disable stack-smashing protection.
830 config BR2_SSP_REGULAR
831 bool "-fstack-protector"
833 Emit extra code to check for buffer overflows, such as stack
834 smashing attacks. This is done by adding a guard variable to
835 functions with vulnerable objects. This includes functions
836 that call alloca, and functions with buffers larger than 8
837 bytes. The guards are initialized when a function is entered
838 and then checked when the function exits. If a guard check
839 fails, an error message is printed and the program exits.
841 config BR2_SSP_STRONG
842 bool "-fstack-protector-strong"
843 depends on BR2_TOOLCHAIN_HAS_SSP_STRONG
845 Like -fstack-protector but includes additional functions to be
846 protected - those that have local array definitions, or have
847 references to local frame addresses.
849 -fstack-protector-strong officially appeared in gcc 4.9, but
850 some vendors have backported -fstack-protector-strong to older
854 bool "-fstack-protector-all"
856 Like -fstack-protector except that all functions are
857 protected. This option might have a significant performance
858 impact on the compiled binaries.
862 config BR2_SSP_OPTION
864 default "-fstack-protector" if BR2_SSP_REGULAR
865 default "-fstack-protector-strong" if BR2_SSP_STRONG
866 default "-fstack-protector-all" if BR2_SSP_ALL
868 comment "Stack Smashing Protection needs a toolchain w/ SSP"
869 depends on !BR2_TOOLCHAIN_HAS_SSP
872 bool "RELRO Protection"
873 default BR2_RELRO_FULL if BR2_TOOLCHAIN_SUPPORTS_PIE
874 default BR2_RELRO_PARTIAL
875 depends on BR2_SHARED_LIBS
877 Enable a link-time protection know as RELRO (RELocation Read
878 Only) which helps to protect from certain type of exploitation
879 techniques altering the content of some ELF sections.
881 config BR2_RELRO_NONE
884 Disables Relocation link-time protections.
886 config BR2_RELRO_PARTIAL
889 This option makes the dynamic section not writeable after
890 initialization (with almost no performance penalty).
892 config BR2_RELRO_FULL
894 depends on BR2_PIC_PIE_ARCH_SUPPORTS
895 depends on BR2_TOOLCHAIN_SUPPORTS_PIE
898 This option includes the partial configuration, but also marks
899 the GOT as read-only at the cost of initialization time during
900 program loading, i.e every time an executable is started.
902 comment "RELRO Full needs a toolchain w/ PIE"
903 depends on BR2_PIC_PIE_ARCH_SUPPORTS
904 depends on !BR2_TOOLCHAIN_SUPPORTS_PIE
908 comment "RELocation Read Only (RELRO) needs shared libraries"
909 depends on !BR2_SHARED_LIBS
911 config BR2_FORTIFY_SOURCE_ARCH_SUPPORTS
914 # Microblaze glibc toolchains don't work with Fortify Source enabled
915 depends on !BR2_microblaze
918 bool "Buffer-overflow Detection (FORTIFY_SOURCE)"
919 default BR2_FORTIFY_SOURCE_1
920 depends on BR2_FORTIFY_SOURCE_ARCH_SUPPORTS
921 depends on BR2_TOOLCHAIN_USES_GLIBC
922 depends on !BR2_OPTIMIZE_0
924 Enable the _FORTIFY_SOURCE macro which introduces additional
925 checks to detect buffer-overflows in the following standard
926 library functions: memcpy, mempcpy, memmove, memset, strcpy,
927 stpcpy, strncpy, strcat, strncat, sprintf, vsprintf, snprintf,
930 NOTE: This feature requires an optimization level of s/1/2/3/g
932 Support for this feature has been present since GCC 4.x.
934 config BR2_FORTIFY_SOURCE_NONE
937 Disables additional checks to detect buffer-overflows.
939 config BR2_FORTIFY_SOURCE_1
941 # gcc bug https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61164
942 depends on !BR2_TOOLCHAIN_BUILDROOT || BR2_TOOLCHAIN_GCC_AT_LEAST_6
944 This option sets _FORTIFY_SOURCE to 1 and only introduces
945 checks that shouldn't change the behavior of conforming
946 programs. Adds checks at compile-time only.
948 config BR2_FORTIFY_SOURCE_2
950 # gcc bug https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61164
951 depends on !BR2_TOOLCHAIN_BUILDROOT || BR2_TOOLCHAIN_GCC_AT_LEAST_6
953 This option sets _FORTIFY_SOURCES to 2 and some more
954 checking is added, but some conforming programs might fail.
955 Also adds checks at run-time (detected buffer overflow
956 terminates the program)
958 config BR2_FORTIFY_SOURCE_3
960 depends on BR2_TOOLCHAIN_GCC_AT_LEAST_12
962 This option sets _FORTIFY_SOURCES to 3 and even more
963 checking is added compared to level 2. Extends checks at
964 run-time that can introduce an additional performance
969 comment "Fortify Source needs a glibc toolchain and optimization"
970 depends on BR2_FORTIFY_SOURCE_ARCH_SUPPORTS
971 depends on (!BR2_TOOLCHAIN_USES_GLIBC || BR2_OPTIMIZE_0)
974 source "system/Config.in"
976 source "linux/Config.in"
978 source "package/Config.in"
980 source "fs/Config.in"
982 source "boot/Config.in"
984 source "package/Config.in.host"
986 source "Config.in.legacy"
988 # br2-external menus definitions
989 source "$BR2_BASE_DIR/.br2-external.in.menus"
projects / buildroot-mgba.git / blob