On Thu, May 04, 2023 at 02:50:15PM +0000, Ross Philipson wrote: > From: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx> > > The SHA algorithms are necessary to measure configuration information into > the TPM as early as possible before using the values. This implementation > uses the established approach of #including the SHA libraries directly in > the code since the compressed kernel is not uncompressed at this point. > > The SHA code here has its origins in the code from the main kernel: > > commit c4d5b9ffa31f ("crypto: sha1 - implement base layer for SHA-1") > > That code could not be pulled directly into the setup portion of the > compressed kernel because of other dependencies it pulls in. The result > is this is a modified copy of that code that still leverages the core > SHA algorithms. > > Signed-off-by: Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx> > Signed-off-by: Ross Philipson <ross.philipson@xxxxxxxxxx> > --- > arch/x86/boot/compressed/Makefile | 2 + > arch/x86/boot/compressed/early_sha1.c | 97 +++++++++++++++++++++++++++++++++ > arch/x86/boot/compressed/early_sha1.h | 17 ++++++ > arch/x86/boot/compressed/early_sha256.c | 7 +++ > lib/crypto/sha1.c | 4 ++ > lib/crypto/sha256.c | 8 +++ > 6 files changed, 135 insertions(+) > create mode 100644 arch/x86/boot/compressed/early_sha1.c > create mode 100644 arch/x86/boot/compressed/early_sha1.h > create mode 100644 arch/x86/boot/compressed/early_sha256.c > > diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile > index 6b6cfe6..1d327d4 100644 > --- a/arch/x86/boot/compressed/Makefile > +++ b/arch/x86/boot/compressed/Makefile > @@ -112,6 +112,8 @@ vmlinux-objs-$(CONFIG_EFI) += $(obj)/efi.o > vmlinux-objs-$(CONFIG_EFI_MIXED) += $(obj)/efi_mixed.o > vmlinux-objs-$(CONFIG_EFI_STUB) += $(objtree)/drivers/firmware/efi/libstub/lib.a > > +vmlinux-objs-$(CONFIG_SECURE_LAUNCH) += $(obj)/early_sha1.o $(obj)/early_sha256.o > + > $(obj)/vmlinux: $(vmlinux-objs-y) FORCE > $(call if_changed,ld) > > diff --git a/arch/x86/boot/compressed/early_sha1.c b/arch/x86/boot/compressed/early_sha1.c > new file mode 100644 > index 0000000..524ec23 > --- /dev/null > +++ b/arch/x86/boot/compressed/early_sha1.c > @@ -0,0 +1,97 @@ > +// SPDX-License-Identifier: GPL-2.0 > +/* > + * Copyright (c) 2022 Apertus Solutions, LLC. > + */ > + > +#include <linux/init.h> > +#include <linux/linkage.h> > +#include <linux/string.h> > +#include <asm/boot.h> > +#include <asm/unaligned.h> > + > +#include "early_sha1.h" > + > +#define SHA1_DISABLE_EXPORT Hi Ross, I could be mistaken, but it seems to me that *_DISABLE_EXPORT is a mechanism of this patch to disable exporting symbols (use of EXPORT_SYMBOL), at compile time. If so, this doesn't strike me as something that should be part of upstream kernel code. Could you consider dropping this part of the patch? ... _______________________________________________ kexec mailing list kexec@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/kexec