android_kernel_xiaomi_sm8450

Author SHA1 Message Date

Author	SHA1	Message	Date
Eric Biggers	cf721d6c46	ANDROID: ABI: add new symbols required by fips140.ko Add KMI_SYMBOL_LIST_ADD_ONLY=1 to build.config.gki.aarch64.fips140, then regenerate the fips140 symbol list and ABI XML as follows: BUILD_CONFIG=common/build.config.gki.aarch64.fips140 build/build_abi.sh --update-symbol-list BUILD_CONFIG=common/build.config.gki.aarch64 build/build_abi.sh --update --print-report Leaf changes summary: 7 artifacts changed Changed leaf types summary: 0 leaf type changed Removed/Changed/Added functions summary: 0 Removed, 0 Changed, 7 Added functions Removed/Changed/Added variables summary: 0 Removed, 0 Changed, 0 Added variable 7 Added functions: [A] 'function int ahash_register_instance(crypto_template, ahash_instance)' [A] 'function int crypto_grab_spawn(crypto_spawn, crypto_instance, const char, u32, u32)' [A] 'function int crypto_register_aeads(aead_alg, int)' [A] 'function int crypto_register_ahashes(ahash_alg, int)' [A] 'function int crypto_register_rng(rng_alg)' [A] 'function crypto_tfm* crypto_spawn_tfm(crypto_spawn, u32, u32)' [A] 'function void crypto_unregister_rng(rng_alg)' Bug: 188620248 Change-Id: Ibc066a431decc123f428ecf5ae0b51b1ad838a8a Signed-off-by: Eric Biggers <ebiggers@google.com>	2021-10-29 14:32:49 -07:00
Matthias Maennich	b9ae3287e3	ANDROID: Fips 140: move fips symbols entirely in own list Since the fips140 module is not built during the regular GKI kernel build, it will also not be participating in the symbol list generation. Yet the symbols were added as if it were built. Fix that by moving the symbols over to the module specific list for now. Also, update the symbol list that is updated when using BUILD_CONFIG=common/build.config.gki.aarch64.fips140 build/build_abi.sh --update-symbol-list Fixes: `a11dacedd6` ("ANDROID: add fips140.ko symbols to module ABI") Change-Id: I35730ab72941576d8da699d82b265b2ed1ae6b2b Signed-off-by: Matthias Maennich <maennich@google.com>	2021-06-11 15:04:07 +00:00
Ard Biesheuvel	6be141eb36	ANDROID: crypto: fips140 - perform load time integrity check In order to comply with FIPS 140-2 requirements, implement a fips140 module that carries all AES, SHA-xxx and DRBG implementations with the associated chaining mode templates, and perform an integrity selfcheck at load time. The algorithms contained in the module will be registered with the crypto API, and will supersede any existing copies of the same algorithms that were already being provided by the core kernel. Bug: 153614920 Bug: 188620248 Test: boot tested on Pixel hw both with and without a live algo ('hmac(sha1-ce)') Change-Id: Ia893d9992fc12e2617d1ed2899c9794859c389d1 Signed-off-by: Ard Biesheuvel <ardb@google.com>	2021-06-11 07:49:58 +00:00

Eric Biggers

cf721d6c46

ANDROID: ABI: add new symbols required by fips140.ko

Add KMI_SYMBOL_LIST_ADD_ONLY=1 to build.config.gki.aarch64.fips140, then
regenerate the fips140 symbol list and ABI XML as follows:

    BUILD_CONFIG=common/build.config.gki.aarch64.fips140 build/build_abi.sh --update-symbol-list
    BUILD_CONFIG=common/build.config.gki.aarch64 build/build_abi.sh --update --print-report

Leaf changes summary: 7 artifacts changed
Changed leaf types summary: 0 leaf type changed
Removed/Changed/Added functions summary: 0 Removed, 0 Changed, 7 Added functions
Removed/Changed/Added variables summary: 0 Removed, 0 Changed, 0 Added variable

7 Added functions:

  [A] 'function int ahash_register_instance(crypto_template*, ahash_instance*)'
  [A] 'function int crypto_grab_spawn(crypto_spawn*, crypto_instance*, const char*, u32, u32)'
  [A] 'function int crypto_register_aeads(aead_alg*, int)'
  [A] 'function int crypto_register_ahashes(ahash_alg*, int)'
  [A] 'function int crypto_register_rng(rng_alg*)'
  [A] 'function crypto_tfm* crypto_spawn_tfm(crypto_spawn*, u32, u32)'
  [A] 'function void crypto_unregister_rng(rng_alg*)'

Bug: 188620248
Change-Id: Ibc066a431decc123f428ecf5ae0b51b1ad838a8a
Signed-off-by: Eric Biggers <ebiggers@google.com>

2021-10-29 14:32:49 -07:00

Matthias Maennich

b9ae3287e3

ANDROID: Fips 140: move fips symbols entirely in own list

Since the fips140 module is not built during the regular GKI kernel
build, it will also not be participating in the symbol list generation.
Yet the symbols were added as if it were built. Fix that by moving the
symbols over to the module specific list for now. Also, update the
symbol list that is updated when using

  BUILD_CONFIG=common/build.config.gki.aarch64.fips140 build/build_abi.sh --update-symbol-list

Fixes: a11dacedd6 ("ANDROID: add fips140.ko symbols to module ABI")
Change-Id: I35730ab72941576d8da699d82b265b2ed1ae6b2b
Signed-off-by: Matthias Maennich <maennich@google.com>

2021-06-11 15:04:07 +00:00

Ard Biesheuvel

6be141eb36

ANDROID: crypto: fips140 - perform load time integrity check

In order to comply with FIPS 140-2 requirements, implement a fips140
module that carries all AES, SHA-xxx and DRBG implementations with the
associated chaining mode templates, and perform an integrity selfcheck
at load time. The algorithms contained in the module will be registered
with the crypto API, and will supersede any existing copies of the same
algorithms that were already being provided by the core kernel.

Bug: 153614920
Bug: 188620248
Test: boot tested on Pixel hw both with and without a live algo ('hmac(sha1-ce)')
Change-Id: Ia893d9992fc12e2617d1ed2899c9794859c389d1
Signed-off-by: Ard Biesheuvel <ardb@google.com>

2021-06-11 07:49:58 +00:00

3 Commits