1# SPDX-License-Identifier: GPL-2.0 2 3# 4# This file is included by the generic Kbuild makefile to permit the 5# architecture to perform postlink actions on vmlinux and any .ko module file. 6# In this case, we only need it for fips140.ko, which needs some postprocessing 7# for the integrity check mandated by FIPS. This involves making copies of the 8# relocation sections so that the module will have access to them at 9# initialization time, and calculating and injecting a HMAC digest into the 10# module. All other targets are NOPs. 11# 12 13PHONY := __archpost 14__archpost: 15 16-include include/config/auto.conf 17include scripts/Kbuild.include 18 19CMD_FIPS140_GEN_HMAC = crypto/fips140_gen_hmac 20quiet_cmd_gen_hmac = HMAC $@ 21 cmd_gen_hmac = $(OBJCOPY) $@ \ 22 --dump-section=$(shell $(READELF) -SW $@|grep -Eo '\.rela\.text\S*')=$@.rela.text \ 23 --dump-section=$(shell $(READELF) -SW $@|grep -Eo '\.rela\.rodata\S*')=$@.rela.rodata && \ 24 $(OBJCOPY) $@ \ 25 --add-section=.init.rela.text=$@.rela.text \ 26 --add-section=.init.rela.rodata=$@.rela.rodata \ 27 --set-section-flags=.init.rela.text=alloc,readonly \ 28 --set-section-flags=.init.rela.rodata=alloc,readonly && \ 29 $(CMD_FIPS140_GEN_HMAC) $@ 30 31# `@true` prevents complaints when there is nothing to be done 32 33vmlinux: FORCE 34 @true 35 36$(objtree)/crypto/fips140.ko: FORCE 37 $(call cmd,gen_hmac) 38 39%.ko: FORCE 40 @true 41 42clean: 43 rm -f $(objtree)/crypto/fips140.ko.rela.* 44 45PHONY += FORCE clean 46 47FORCE: 48 49.PHONY: $(PHONY) 50