android/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
f348ba2256
android_kernel_xiaomi_sm8450/scripts/module.lds.S
Eric Biggers 109f31ac23 ANDROID: fips140: add userspace interface for evaluation testing 
The FIPS lab is required to test the service indicators and version
information services of the module, i.e. the
fips140_is_approved_service() and fips140_module_version() functions.
There are several ways we could support this:

- Implement the tests in the module ourselves.  However it's unclear
  that CMVP would allow this, and we would need the full list of tests,
  which could change over time depending on what the lab decides to do.

- Support the lab writing, building, and loading a custom kernel module
  (or a custom kernel image) that tests these functions.

- Provide a userspace interface to these services, restricted to builds
  with CONFIG_CRYPTO_FIPS140_MOD_EVAL_TESTING=y.  This would allow
  writing the tests in userspace, which would be much easier.

Implement the last solution, since it's the easier of the two solutions
that are "guaranteed" to be allowed.  Make the module register a char
device which supports some ioctls, one per function that needs to be
tested.  Also provide some sample userspace code in samples/crypto/.

Note: copy_to_user() would break the integrity check, so take some care
to exclude it.  This is allowed since this is non-production code.

Bug: 188620248
Change-Id: Ic256d9c5bd4d0c57ede88a3e3e76e89554909b38
Signed-off-by: Eric Biggers <ebiggers@google.com>
2021-11-23 18:02:43 +00:00

81 lines
2.0 KiB
ArmAsm
Raw Blame History

/*
* Common module linker script, always used when linking a module.
* Archs are free to supply their own linker scripts. ld will
* combine them automatically.
*/
#include <asm/page.h>
SECTIONS {
/DISCARD/ : {
*(.discard)
*(.discard.*)
/*
* LLD may emit .eh_frame with CONFIG_CFI_CLANG despite
* -fno-asynchronous-unwind-tables. Discard the section.
*/
*(.eh_frame)
}
__ksymtab 0 : { *(SORT(___ksymtab+*)) }
__ksymtab_gpl 0 : { *(SORT(___ksymtab_gpl+*)) }
__ksymtab_unused 0 : { *(SORT(___ksymtab_unused+*)) }
__ksymtab_unused_gpl 0 : { *(SORT(___ksymtab_unused_gpl+*)) }
__ksymtab_gpl_future 0 : { *(SORT(___ksymtab_gpl_future+*)) }
__kcrctab 0 : { *(SORT(___kcrctab+*)) }
__kcrctab_gpl 0 : { *(SORT(___kcrctab_gpl+*)) }
__kcrctab_unused 0 : { *(SORT(___kcrctab_unused+*)) }
__kcrctab_unused_gpl 0 : { *(SORT(___kcrctab_unused_gpl+*)) }
__kcrctab_gpl_future 0 : { *(SORT(___kcrctab_gpl_future+*)) }
.init_array 0 : ALIGN(8) { *(SORT(.init_array.*)) *(.init_array) }
__jump_table 0 : ALIGN(8) { KEEP(*(__jump_table)) }
__patchable_function_entries : { *(__patchable_function_entries) }
#ifdef CONFIG_LTO_CLANG
/*
* With CONFIG_LTO_CLANG, LLD always enables -fdata-sections and
* -ffunction-sections, which increases the size of the final module.
* Merge the split sections in the final binary.
*/
.bss : {
*(.bss .bss.[0-9a-zA-Z_]*)
*(.bss..L*)
}
.data : {
*(.data .data.[0-9a-zA-Z_]*)
*(.data..L*)
}
.rodata : {
*(.rodata.._start)
*(.rodata .rodata.[0-9a-zA-Z_]*)
*(.rodata..L*)
*(.rodata.._end)
}
.text : ALIGN(PAGE_SIZE) {
*(.text.._start)
#ifdef CONFIG_CFI_CLANG
/*
* With CFI_CLANG, ensure __cfi_check is at the beginning of
* the .text section, and that the section is aligned to page
* size.
*/
*(.text.__cfi_check)
#endif
*(.text .text.[0-9a-zA-Z_]*)
__cfi_jt_start = .;
*(.text..L.cfi.jumptable .text..L.cfi.jumptable.*)
__cfi_jt_end = .;
*(.text.._end)
*(.text.._fips140_unchecked)
}
#endif
}
/* bring in arch-specific sections */
#include <asm/module.lds.h>
Reference in New Issue View Git Blame Copy Permalink