• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# SPDX-License-Identifier: GPL-2.0
2
3#
4# This file is included by the generic Kbuild makefile to permit the
5# architecture to perform postlink actions on vmlinux and any .ko module file.
6# In this case, we only need it for fips140.ko, which needs some postprocessing
7# for the integrity check mandated by FIPS. This involves making copies of the
8# relocation sections so that the module will have access to them at
9# initialization time, and calculating and injecting a HMAC digest into the
10# module. All other targets are NOPs.
11#
12
13PHONY := __archpost
14__archpost:
15
16-include include/config/auto.conf
17include scripts/Kbuild.include
18
19CMD_FIPS140_GEN_HMAC = crypto/fips140_gen_hmac
20quiet_cmd_gen_hmac = HMAC    $@
21      cmd_gen_hmac = $(OBJCOPY) $@ \
22	--dump-section=$(shell $(READELF) -SW $@|grep -Eo '\.rela\.text\S*')=$@.rela.text \
23	--dump-section=$(shell $(READELF) -SW $@|grep -Eo '\.rela\.rodata\S*')=$@.rela.rodata \
24	--add-section=.init.rela.text=$@.rela.text \
25	--add-section=.init.rela.rodata=$@.rela.rodata \
26	--set-section-flags=.init.rela.text=alloc,readonly \
27	--set-section-flags=.init.rela.rodata=alloc,readonly && \
28	$(CMD_FIPS140_GEN_HMAC) $@
29
30# `@true` prevents complaints when there is nothing to be done
31
32vmlinux: FORCE
33	@true
34
35$(objtree)/crypto/fips140.ko: FORCE
36	$(call cmd,gen_hmac)
37
38%.ko: FORCE
39	@true
40
41clean:
42	rm -f $(objtree)/crypto/fips140.ko.rela.*
43
44PHONY += FORCE clean
45
46FORCE:
47
48.PHONY: $(PHONY)
49