moonjuice/kernel_arpi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
670c6da635802eb0975f995478c4e9c2d198d621
kernel_arpi/arch/arm64/Makefile.postlink
Nick Desaulniers 84572a0c79 ANDROID: fips140: split dump-section+add-section into 2 ops 
It looks like llvm-objcopy regressed the ability to simultaneously dump
then re-add a section with a new name.  Prefer 2 invocations of
$(OBJCOPY); dump-sections in the first, add-section and
set-section-flags in the second. This copies the sections rather than
rename them.

Test: BUILD_CONFIG=common-modules/virtual-device/build.config.virtual_device.i686 build/build.sh
Bug: 247603894
Link: https://reviews.llvm.org/D120486
Suggested-by: Eric Biggers <ebiggers@google.com>
Suggested-by: Fangrui Song <maskray@google.com>
Signed-off-by: Nick Desaulniers <ndesaulniers@google.com>
Change-Id: I7f102f05b048b6c5f7aaeb0e438af84c2d2b4d1a
2022-09-28 00:27:52 +00:00

50 lines
1.4 KiB
Makefile
Raw Blame History

# SPDX-License-Identifier: GPL-2.0
#
# This file is included by the generic Kbuild makefile to permit the
# architecture to perform postlink actions on vmlinux and any .ko module file.
# In this case, we only need it for fips140.ko, which needs some postprocessing
# for the integrity check mandated by FIPS. This involves making copies of the
# relocation sections so that the module will have access to them at
# initialization time, and calculating and injecting a HMAC digest into the
# module. All other targets are NOPs.
#
PHONY := __archpost
__archpost:
-include include/config/auto.conf
include scripts/Kbuild.include
CMD_FIPS140_GEN_HMAC = crypto/fips140_gen_hmac
quiet_cmd_gen_hmac = HMAC $@
cmd_gen_hmac = $(OBJCOPY) $@ \
--dump-section=$(shell $(READELF) -SW $@|grep -Eo '\.rela\.text\S*')=$@.rela.text \
--dump-section=$(shell $(READELF) -SW $@|grep -Eo '\.rela\.rodata\S*')=$@.rela.rodata && \
$(OBJCOPY) $@ \
--add-section=.init.rela.text=$@.rela.text \
--add-section=.init.rela.rodata=$@.rela.rodata \
--set-section-flags=.init.rela.text=alloc,readonly \
--set-section-flags=.init.rela.rodata=alloc,readonly && \
$(CMD_FIPS140_GEN_HMAC) $@
# `@true` prevents complaints when there is nothing to be done
vmlinux: FORCE
@true
$(objtree)/crypto/fips140.ko: FORCE
$(call cmd,gen_hmac)
%.ko: FORCE
@true
clean:
rm -f $(objtree)/crypto/fips140.ko.rela.*
PHONY += FORCE clean
FORCE:
.PHONY: $(PHONY)
Reference in New Issue View Git Blame Copy Permalink