MeTee: CMake: add secure compile and link flags

Add secure flags in CMake compile
-no-strict-overflow: tells the compiler NOT to assume
  that signed overflow does not occur.
-no-delete-null-pointer-checks: tells the compiler NOT to
  assume that null pointer deference does not exist.
-wrapv tells the compiler that signed overflow always wraps.
Add -z noexecstack -z relro -z now linker flags.

Signed-off-by: Alexander Usyskin <alexander.usyskin@intel.com>
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>

linux.cmake

@@ -1,5 +1,5 @@
 # SPDX-License-Identifier: Apache-2.0
-# Copyright (C) 2014-2020 Intel Corporation
+# Copyright (C) 2014-2021 Intel Corporation
 set(TEE_SOURCES src/linux/metee_linux.c src/linux/mei.c)
 
 add_library(${PROJECT_NAME} ${TEE_SOURCES})
@@ -14,9 +14,18 @@ target_compile_definitions(${PROJECT_NAME} PRIVATE
 target_compile_options(
   ${PROJECT_NAME}
   PRIVATE -Wall -Werror
+
+)
+# Security options
+target_compile_options(
+  ${PROJECT_NAME}
   PRIVATE -fstack-protector-strong -D_FORTIFY_SOURCE=2 -O2 -Wformat
           -Wformat-security
+  PRIVATE $<$<C_COMPILER_ID:GNU>:-fno-strict-overflow>
+  PRIVATE $<$<C_COMPILER_ID:GNU>:-fno-delete-null-pointer-checks>
+  PRIVATE -fwrapv
 )
+set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} -z noexecstack -z relro -z now")
 set_target_properties(${PROJECT_NAME} PROPERTIES C_VISIBILITY_PRESET hidden)
 
 if(NOT CONSOLE_OUTPUT)