2 files changed, 88 insertions, 4 deletions

diff --git a/board/cr50/build.mk b/board/cr50/build.mk
index 6f163e8c39..07f74f8686 100644
--- a/board/cr50/build.mk
+++ b/board/cr50/build.mk
@@ -48,8 +48,6 @@ board-y += power_button.o
 board-y += servo_state.o
 board-y += ap_uart_state.o
 board-y += factory_mode.o
-board-y += fips.o
-board-y += fips_rand.o
 board-${CONFIG_RDD} += rdd.o
 board-${CONFIG_USB_SPI} += usb_spi.o
 board-${CONFIG_USB_I2C} += usb_i2c.o
@@ -57,6 +55,8 @@ board-y += recovery_button.o
 
 # TODO(mruthven): add cryptoc the fips boundary
 fips-y=
+fips-y += fips.o
+fips-y += fips_rand.o
 fips-$(CONFIG_U2F) += u2f.o
 fips-${CONFIG_DCRYPTO_BOARD} += dcrypto/aes.o
 fips-${CONFIG_DCRYPTO_BOARD} += dcrypto/app_cipher.o
@@ -66,7 +66,6 @@ fips-${CONFIG_DCRYPTO_BOARD} += dcrypto/dcrypto_bn.o
 fips-${CONFIG_DCRYPTO_BOARD} += dcrypto/dcrypto_p256.o
 fips-${CONFIG_DCRYPTO_BOARD} += dcrypto/compare.o
 fips-${CONFIG_DCRYPTO_BOARD} += dcrypto/dcrypto_runtime.o
-fips-${CONFIG_DCRYPTO_BOARD} += dcrypto/gcm.o
 fips-${CONFIG_DCRYPTO_BOARD} += dcrypto/hkdf.o
 fips-${CONFIG_DCRYPTO_BOARD} += dcrypto/hmac.o
 fips-${CONFIG_DCRYPTO_BOARD} += dcrypto/hmac_drbg.o
@@ -117,11 +116,14 @@ endif
 ifneq ($(fips-y),)
 RW_BD_OUT=$(out)/RW/$(BDIR)
 FIPS_MODULE=dcrypto/fips_module.o
+FIPS_LD_SCRIPT=$(BDIR)/dcrypto/fips_module.ld
 RW_FIPS_OBJS=$(patsubst %.o, $(RW_BD_OUT)/%.o, $(fips-y))
 
 $(RW_BD_OUT)/$(FIPS_MODULE): $(RW_FIPS_OBJS)
 	@echo "  LD      $(notdir $@)"
-	$(Q)$(CC) $(CFLAGS) --static -Wl,--relocatable -Wl,-Map=$@.map -o $@ $^
+	$(Q)$(CC) $(CFLAGS) --static -Wl,--relocatable\
+		-Wl,-T $(FIPS_LD_SCRIPT) -Wl,-Map=$@.map -o $@ $^
+	$(Q)$(OBJDUMP) -th $@ > $@.sym
 
 board-y+= $(FIPS_MODULE)
 endif
diff --git a/board/cr50/dcrypto/fips_module.ld b/board/cr50/dcrypto/fips_module.ld
new file mode 100644
index 0000000000..62b303c8ce
--- /dev/null
+++ b/board/cr50/dcrypto/fips_module.ld
@@ -0,0 +1,82 @@
+SECTIONS
+{
+	.text.fips :  ALIGN(4)  SUBALIGN(4)
+	{
+		. = ALIGN(4);
+		*(SORT_BY_NAME(.text*) .gnu.linkonce.t.*)
+		. = ALIGN(4);
+	} =0xffffffff
+
+	/* Special EC sections should be placed
+         * in the properly named sections. */
+	.rodata.HOOK_INIT : {
+		*(.rodata.HOOK_INIT)
+	}
+	.rodata.cmds.fips : {
+		*(.rodata.cmds.*)
+	}
+	.rodata.extensioncmds.fips : {
+		*(.rodata.extensioncmds)
+	}
+	.rodata.irqprio : {
+		*(.rodata.irqprio)
+	}
+
+	/* FIPS integrity placeholder should be in separate section. */
+	.rodata.fips.checksum : {
+		*(.rodata.fips.checksum)
+	}
+
+	/* Rest of the FIPS module data. */
+	.rodata.fips : {
+		/* Combine read-only data. */
+		*(SORT_BY_NAME(.rodata*) SORT_BY_NAME(.srodata*) \
+		 .gnu.linkonce.r.*)
+	} =0xffffffff
+	.data.fips :
+	{
+		*(SORT_BY_NAME(.data*) \
+		  SORT_BY_NAME(.sdata*) \
+		  SORT_BY_NAME(.ramfunc*))
+	}
+	ASSERT(SIZEOF(.data.fips) == 0, "No .data for FIPS module is allowed")
+	.bss.fips (NOLOAD) :
+	{
+		. = ALIGN(4);
+		*(SORT_BY_NAME(.sbss*) SORT_BY_NAME(.bss*))
+		*(COMMON)
+		. = ALIGN(4);
+	}
+	/* Debug data; this is stripped from the final binary. */
+	.debug_abbrev 0 : { *(.debug_abbrev) }
+	.debug_aranges 0 : { *(.debug_aranges) }
+	.debug_frame 0 : { *(.debug_frame) }
+	.debug_info 0 : { *(.debug_info) }
+	.debug_line 0 : { *(.debug_line) }
+	.debug_loc 0 : { *(.debug_loc) }
+	.debug_ranges 0 : { *(.debug_ranges) }
+	.debug_str 0 : { *(.debug_str) }
+	.debug_macinfo 0 : { *(.debug_macinfo) }
+	.debug_pubnames 0 : { *(.debug_pubnames) }
+	.debug_pubtypes 0 : { *(.debug_pubtypes) }
+	.symtab 0 : { *(.symtab) }
+	.symtab_shndx 0 : { *(.symtab_shndx) }
+	.shstrtab 0 : { *(.shstrtab) }
+	.strtab 0 : { *(.strtab) }
+	/* .stack_sizes (INFO)  makes the section not allocatable so
+	 * it won't be loaded into memory. */
+	.stack_sizes 0 :
+	{
+		KEEP(*(.stack_sizes));
+	}
+	/DISCARD/ :
+	{
+	*(.eh_frame);
+	*(.comment*)
+	*(.ARM.attributes*)
+	*(.riscv.attributes*)
+	*(.llvm_addrsig*)
+	*(.note.GNU-stack*)
+	*(.note.gnu.build-id)
+	}
+}