OvmfPkg: strip build paths in release builds
GenFw will embed a NB10 section which contains the path to the input file, which means the output files have build paths embedded in them. To reduce information leakage and ensure reproducible builds, pass --zero in release builds to remove this information. Ref: https://bugzilla.tianocore.org/show_bug.cgi?id=3256 Signed-off-by: Ross Burton <ross.burton@arm.com> Message-Id: <20210324115819.605436-1-ross.burton@arm.com> Reviewed-by: Laszlo Ersek <lersek@redhat.com>
This commit is contained in:
Ross Burton
committed by
mergify[bot]
mergify[bot]
parent
0ecdcb6142
commit
f037af6ecb
@@ -74,6 +74,7 @@
|
||||
GCC:*_*_X64_GENFW_FLAGS = --keepexceptiontable
|
||||
INTEL:*_*_X64_GENFW_FLAGS = --keepexceptiontable
|
||||
!endif
|
||||
RELEASE_*_*_GENFW_FLAGS = --zero
|
||||
|
||||
#
|
||||
# Disable deprecated APIs.
|
||||
|
||||
Reference in New Issue
Block a user