GenFw will embed a NB10 section which contains the path to the input file,
which means the output files have build paths embedded in them. To reduce
information leakage and ensure reproducible builds, pass --zero in release
builds to remove this information.
Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3256
Signed-off-by: Ross Burton <ross.burton@arm.com>
Message-Id: <
20210324115819.605436-1-ross.burton@arm.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
GCC:*_*_X64_GENFW_FLAGS = --keepexceptiontable\r
INTEL:*_*_X64_GENFW_FLAGS = --keepexceptiontable\r
!endif\r
+ RELEASE_*_*_GENFW_FLAGS = --zero\r
\r
#\r
# Disable deprecated APIs.\r
GCC:*_*_X64_GENFW_FLAGS = --keepexceptiontable\r
INTEL:*_*_X64_GENFW_FLAGS = --keepexceptiontable\r
!endif\r
+ RELEASE_*_*_GENFW_FLAGS = --zero\r
\r
#\r
# Disable deprecated APIs.\r
!if $(TOOL_CHAIN_TAG) != "XCODE5" && $(TOOL_CHAIN_TAG) != "CLANGPDB"\r
GCC:*_*_*_CC_FLAGS = -mno-mmx -mno-sse\r
!endif\r
+ RELEASE_*_*_GENFW_FLAGS = --zero\r
\r
#\r
# Disable deprecated APIs.\r
GCC:*_*_X64_GENFW_FLAGS = --keepexceptiontable\r
INTEL:*_*_X64_GENFW_FLAGS = --keepexceptiontable\r
!endif\r
+ RELEASE_*_*_GENFW_FLAGS = --zero\r
\r
#\r
# Disable deprecated APIs.\r
GCC:*_*_X64_GENFW_FLAGS = --keepexceptiontable\r
INTEL:*_*_X64_GENFW_FLAGS = --keepexceptiontable\r
!endif\r
+ RELEASE_*_*_GENFW_FLAGS = --zero\r
\r
#\r
# Disable deprecated APIs.\r
GCC:*_*_X64_GENFW_FLAGS = --keepexceptiontable\r
INTEL:*_*_X64_GENFW_FLAGS = --keepexceptiontable\r
!endif\r
+ RELEASE_*_*_GENFW_FLAGS = --zero\r
\r
#\r
# Disable deprecated APIs.\r