From: "Daniel P. Smith" <dpsmith@xxxxxxxxxxxxxxxxxxxx> The SHA-256 algorithm is necessary to measure configuration information into the TPM as early as possible before using the values. This implementation uses the established approach of #including the SHA-256 libraries directly in the code since the compressed kernel is not uncompressed at this point. Signed-off-by: Daniel P. Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx> Signed-off-by: Ross Philipson <ross.philipson@xxxxxxxxxx> --- arch/x86/boot/compressed/Makefile | 2 +- arch/x86/boot/compressed/early_sha256.c | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) create mode 100644 arch/x86/boot/compressed/early_sha256.c diff --git a/arch/x86/boot/compressed/Makefile b/arch/x86/boot/compressed/Makefile index 3307ebef4e1b..9189a0e28686 100644 --- a/arch/x86/boot/compressed/Makefile +++ b/arch/x86/boot/compressed/Makefile @@ -118,7 +118,7 @@ vmlinux-objs-$(CONFIG_EFI) += $(obj)/efi.o vmlinux-objs-$(CONFIG_EFI_MIXED) += $(obj)/efi_mixed.o vmlinux-objs-$(CONFIG_EFI_STUB) += $(objtree)/drivers/firmware/efi/libstub/lib.a -vmlinux-objs-$(CONFIG_SECURE_LAUNCH) += $(obj)/early_sha1.o +vmlinux-objs-$(CONFIG_SECURE_LAUNCH) += $(obj)/early_sha1.o $(obj)/early_sha256.o $(obj)/vmlinux: $(vmlinux-objs-y) FORCE $(call if_changed,ld) diff --git a/arch/x86/boot/compressed/early_sha256.c b/arch/x86/boot/compressed/early_sha256.c new file mode 100644 index 000000000000..293742a90ddc --- /dev/null +++ b/arch/x86/boot/compressed/early_sha256.c @@ -0,0 +1,6 @@ +// SPDX-License-Identifier: GPL-2.0 +/* + * Copyright (c) 2024 Apertus Solutions, LLC + */ + +#include "../../../../lib/crypto/sha256.c" -- 2.39.3