# SPDX-License-Identifier: GPL-2.0

#
# This file is included by the generic Kbuild makefile to permit the
# architecture to perform postlink actions on vmlinux and any .ko module file.
# In this case, we only need it for fips140.ko, which needs some postprocessing
# for the integrity check mandated by FIPS. This involves making copies of the
# relocation sections so that the module will have access to them at
# initialization time, and calculating and injecting a HMAC digest into the
# module. All other targets are NOPs.
#

PHONY := __archpost
__archpost:

-include include/config/auto.conf
include scripts/Kbuild.include

CMD_FIPS140_GEN_HMAC = crypto/fips140_gen_hmac
quiet_cmd_gen_hmac = HMAC    $@
      cmd_gen_hmac = $(OBJCOPY) $@ \
	--dump-section=$(shell $(READELF) -SW $@|grep -Eo '\.rela\.text\S*')=$@.rela.text \
	--dump-section=$(shell $(READELF) -SW $@|grep -Eo '\.rela\.rodata\S*')=$@.rela.rodata \
	--add-section=.init.rela.text=$@.rela.text \
	--add-section=.init.rela.rodata=$@.rela.rodata \
	--set-section-flags=.init.rela.text=alloc,readonly \
	--set-section-flags=.init.rela.rodata=alloc,readonly && \
	$(CMD_FIPS140_GEN_HMAC) $@

# `@true` prevents complaints when there is nothing to be done

vmlinux: FORCE
	@true

$(objtree)/crypto/fips140.ko: FORCE
	$(call cmd,gen_hmac)

%.ko: FORCE
	@true

clean:
	rm -f $(objtree)/crypto/fips140.ko.rela.*

PHONY += FORCE clean

FORCE:

.PHONY: $(PHONY)