From 2cc596efd24b854d8b48aa2ce6b0595c85b7bb02 Mon Sep 17 00:00:00 2001 From: Vadim Sukhomlinov Date: Tue, 29 Jun 2021 23:34:42 -0700 Subject: cr50: add placeholder for FIPS module at fixed location We compute sha256 for this block to check integrity, but don't use position independent code, so placing block closer to start of code with as much constant address as possible to prevent sudden relocations from breaking self-integrity check. BUG=b:138578318 TEST=make buildall -j Signed-off-by: Vadim Sukhomlinov Change-Id: I81289fec8ed7fc73b34e2334c45c360cdabbcd88 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/2988196 Reviewed-by: Vadim Sukhomlinov Reviewed-by: Mary Ruthven Tested-by: Vadim Sukhomlinov Auto-Submit: Vadim Sukhomlinov Commit-Queue: Mary Ruthven --- core/cortex-m/ec.lds.S | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/core/cortex-m/ec.lds.S b/core/cortex-m/ec.lds.S index 3697a72516..4471287404 100644 --- a/core/cortex-m/ec.lds.S +++ b/core/cortex-m/ec.lds.S @@ -99,6 +99,24 @@ SECTIONS . = ALIGN(4); KEEP(*(.rodata.pstate)) + /** + * Reserve a space for FIPS crypto module. + * We compute sha256 for this block to check integrity, but + * don't use position independent code, so placing block + * closer to start of code with as much constant address as + * possible to prevent sudden relocations from breaking + * integrity check. + */ + . = ALIGN(4); + __fips_module_start = .; + KEEP(*(.text.fips)) + KEEP(*(.rodata.fips)) + __fips_module_end = .; + . = ALIGN(4); + __fips_module_checksum_start = .; + KEEP(*(.rodata.fips.checksum)) + __fips_module_checksum_end = .; + . = ALIGN(4); STRINGIFY(OUTDIR/core/CORE/init.o) (.text) #if defined(CHIP_FAMILY_NPCX7) && !defined(CONFIG_HIBERNATE_PSL) @@ -306,6 +324,11 @@ SECTIONS */ . = ALIGN(512); __bss_start = .; + /** + * Reserve a space for data used by FIPS crypto module. + */ + KEEP(*(.bss.fips)) + *(.bss.big_align) /* Stacks must be 64-bit aligned */ . = ALIGN(8); -- cgit v1.2.1