ANDROID: fips140: change linker script guard

Currently, the linker script's support for merging module's section is
guarded by either CONFIG_LTO_CLANG or CONFIG_CRYPTO_FIPS140_MOD. This
functionally is also needed by additional fips140 modules built out of
tree. So, have an explicit config (CRYPTO_FIPS140_MERGE_MOD_SECTIONS)
that can be selected by the various fips140 modules without having to
depend on and enabling CONFIG_CRYPTO_FIPS140_MOD.

Bug: 281657135
Change-Id: I2af727813151ba839a95696bc847e2a841a7175a
Signed-off-by: Konstantin Vyshetsky <vkon@google.com>

crypto/Kconfig

@@ -58,6 +58,7 @@ config CRYPTO_FIPS140_MOD
 	tristate "Enable FIPS 140 cryptographic module"
 	depends on ARM64 && ARM64_MODULE_PLTS
 	depends on m
+	select CRYPTO_FIPS140_MERGE_MOD_SECTIONS
 	help
 	  This option enables building a loadable module fips140.ko, which
 	  contains various crypto algorithms that are also built into vmlinux.
@@ -79,6 +80,15 @@ config CRYPTO_FIPS140_MOD_EVAL_TESTING
 	  errors and support for a userspace interface to some of the module's
 	  services.  This option should not be enabled in production builds.
 
+config CRYPTO_FIPS140_MERGE_MOD_SECTIONS
+	bool
+	help
+	  This option causes the module linker script to place the delimeters
+	  of the text and rodata sections at the appropriate places so that
+	  the FIPS 140 integrity check can be performed. This option is required
+	  by the Crypto FIPS 140 module, and can be enabled by other FIPS 140
+	  modules using the same logic to perform the self integrity check.
+
 config CRYPTO_FIPS140_MOD_DEBUG_INTEGRITY_CHECK
 	bool "Debug the integrity check in FIPS 140 module"
 	depends on CRYPTO_FIPS140_MOD

scripts/module.lds.S

@@ -62,7 +62,7 @@ SECTIONS {
 	}
 #endif
 
-#if defined(CONFIG_LTO_CLANG) || IS_ENABLED(CONFIG_CRYPTO_FIPS140_MOD)
+#if defined(CONFIG_LTO_CLANG) || defined(CONFIG_CRYPTO_FIPS140_MERGE_MOD_SECTIONS)
 	/*
 	 * With CONFIG_LTO_CLANG, LLD always enables -fdata-sections and
 	 * -ffunction-sections, which increases the size of the final module.