| 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849 |
- # SPDX-License-Identifier: GPL-2.0
- #
- # This file is included by the generic Kbuild makefile to permit the
- # architecture to perform postlink actions on vmlinux and any .ko module file.
- # In this case, we only need it for fips140.ko, which needs some postprocessing
- # for the integrity check mandated by FIPS. This involves making copies of the
- # relocation sections so that the module will have access to them at
- # initialization time, and calculating and injecting a HMAC digest into the
- # module. All other targets are NOPs.
- #
- PHONY := __archpost
- __archpost:
- -include include/config/auto.conf
- include scripts/Kbuild.include
- CMD_FIPS140_GEN_HMAC = crypto/fips140_gen_hmac
- quiet_cmd_gen_hmac = HMAC $@
- cmd_gen_hmac = $(OBJCOPY) $@ \
- --dump-section=$(shell $(READELF) -SW $@|grep -Eo '\.rela\.text\S*')[email protected] \
- --dump-section=$(shell $(READELF) -SW $@|grep -Eo '\.rela\.rodata\S*')[email protected] && \
- $(OBJCOPY) $@ \
- [email protected] \
- [email protected] \
- --set-section-flags=.init.rela.text=alloc,readonly \
- --set-section-flags=.init.rela.rodata=alloc,readonly && \
- $(CMD_FIPS140_GEN_HMAC) $@
- # `@true` prevents complaints when there is nothing to be done
- vmlinux: FORCE
- @true
- $(objtree)/crypto/fips140.ko: FORCE
- $(call cmd,gen_hmac)
- %.ko: FORCE
- @true
- clean:
- rm -f $(objtree)/crypto/fips140.ko.rela.*
- PHONY += FORCE clean
- FORCE:
- .PHONY: $(PHONY)
|
