Commit a4d14486 authored by Ard Biesheuvel's avatar Ard Biesheuvel Committed by Treehugger Robot
Browse files

ANDROID: kbuild: customize module linker script for fips140 module 



To meet FIPS requirements, fips140.ko must check its own integrity at
load time.  This requires that it know where its .text and .rodata
sections are.  To allow this, make the module linker script support
defining symbols that enclose these sections.

In addition, support creating an .initcalls section, so that fips140.ko
can include code from what would normally be multiple modules by
compiling it as "built-in" code.

[ebiggers: Separated this out from the original commit
 "ANDROID: crypto: fips140 - perform load time integrity check" and
 folded in later changes to the script.  See below.]

Original commits:
  android12-5.10:
    6be141eb ("ANDROID: crypto: fips140 - perform load time integrity check")
    e8d56bd7 ("ANDROID: module: apply special LTO treatment to .text even if CFI is disabled")
    109f31ac ("ANDROID: fips140: add userspace interface for evaluation testing")
  android14-5.15:
    57be8919 ("ANDROID: fips140: consolidate linker script changes into module.lds.S")
    d4966a82 ("ANDROID: fips140: remove CONFIG_CRYPTO_FIPS140 option")
    6da26b87 ("ANDROID: fips140: require 'm' to enable CRYPTO_FIPS140_MOD")
    ae4ca7a0 ("ANDROID: fips140: allow building without LTO")
  android14-6.1:
    3f5807c5 ("ANDROID: fips140: change linker script guard")

Bug: 153614920
Bug: 188620248
Change-Id: I22209ff4e6444f9115eca6909bcb653fd5d14aec
Signed-off-by: default avatarArd Biesheuvel <ardb@google.com>
Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
parent f93d3223
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment