tree 18bead052d414b7e184da512b5a2734b8450bc20
parent dd169649803211ba453a0ad435fc60c1b85740be
author Ard Biesheuvel <ardb@kernel.org> 1617786047 +0200
committer Ard Biesheuvel <ardb@google.com> 1622027251 +0000

ANDROID: arm64: module: preserve RELA sections FIPS140 module integrity selfcheck

The FIPS 140-2 integrity check compares the runtime code with a digest
that was created at build time. Given that the module's placement in
virtual memory is an a priori unknown, we cannot account for this at
build time, and so we need to do so at runtime instead.

In order to revert the code to the build time state, we need to know
which changes the module loader applied to it. These changes are based
on the RELA ELF section that describes the changes that the module
loader must apply, and so to unapply these changes, we need to preserve
the RELA section when loading the module.

So add a special case for a module called 'fips140' in the module
loader, and copy the RELA section applying to .text to a temporary
buffer that the fips140.ko init code can access.

Bug: 153614920
Bug: 188620248
Change-Id: I97d69053c6657b104a3a9ea10af78a53ce52c6e5
Signed-off-by: Ard Biesheuvel <ardb@google.com>