2020-08-31 20:53:58 -05:00
# libwolfssl Linux kernel module Makefile (wraps Kbuild-native makefile)
#
2025-01-21 09:55:03 -07:00
# Copyright (C) 2006-2025 wolfSSL Inc.
2020-08-31 20:53:58 -05:00
#
# This file is part of wolfSSL.
#
# wolfSSL is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
2025-07-10 16:01:52 -06:00
# the Free Software Foundation; either version 3 of the License, or
2020-08-31 20:53:58 -05:00
# (at your option) any later version.
#
# wolfSSL is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
2020-08-28 17:25:25 -05:00
2025-09-17 13:06:32 -05:00
.ONESHELL :
2024-07-16 14:24:37 -05:00
SHELL = bash
2020-08-28 17:25:25 -05:00
2021-09-15 23:05:32 -05:00
all : libwolfssl .ko libwolfssl .ko .signed
2020-08-18 14:17:44 -05:00
i f n d e f M O D U L E _ T O P
2020-08-28 17:25:25 -05:00
MODULE_TOP = $( CURDIR)
2020-08-18 14:17:44 -05:00
e n d i f
i f n d e f S R C _ T O P
2020-08-28 17:25:25 -05:00
SRC_TOP = $( shell dirname $( MODULE_TOP) )
2020-08-18 14:17:44 -05:00
e n d i f
2021-08-27 23:03:14 -05:00
WOLFSSL_CFLAGS = -DHAVE_CONFIG_H -I$( SRC_TOP) -DBUILDING_WOLFSSL $( AM_CPPFLAGS) $( CPPFLAGS) $( AM_CFLAGS) $( CFLAGS) -Wno-declaration-after-statement -Wno-redundant-decls -DLIBWOLFSSL_GLOBAL_EXTRA_CFLAGS= " \" $( KERNEL_EXTRA_CFLAGS) \" "
2020-09-01 14:39:30 -05:00
i f d e f K E R N E L _ E X T R A _ C F L A G S
WOLFSSL_CFLAGS += $( KERNEL_EXTRA_CFLAGS)
2020-08-22 00:32:32 -05:00
e n d i f
2020-08-18 14:17:44 -05:00
WOLFSSL_ASFLAGS = -DHAVE_CONFIG_H -I$( SRC_TOP) -DBUILDING_WOLFSSL $( AM_CCASFLAGS) $( CCASFLAGS)
2020-08-18 23:51:32 -05:00
2020-08-28 10:32:30 -05:00
WOLFSSL_OBJ_FILES = $( patsubst %.lo, %.o, $( patsubst src/src_libwolfssl_la-%, src/%, $( patsubst src/libwolfssl_la-%, src/%, $( patsubst wolfcrypt/src/src_libwolfssl_la-%, wolfcrypt/src/%, $( src_libwolfssl_la_OBJECTS) ) ) ) )
2020-08-18 14:17:44 -05:00
2020-08-21 00:10:45 -05:00
i f e q "$(ENABLED_CRYPT_TESTS)" "yes"
2020-08-28 17:25:25 -05:00
WOLFSSL_OBJ_FILES += wolfcrypt/test/test.o
wolfcrypt/src/aes.c: in wc_AesSetKeyLocal(), rework support for WC_FLAG_DONT_USE_AESNI (fixes WC_C_DYNAMIC_FALLBACK).
wolfssl/wolfcrypt/settings.h: in WOLFSSL_LINUXKM section, #ifdef LINUXKM_LKCAPI_REGISTER, #define WOLFSSL_TEST_SUBROUTINE to nothing, and #define WC_TEST_EXPORT_SUBTESTS.
linuxkm/lkcapi_glue.c:
* add check_skcipher_driver_masking() and check_aead_driver_masking(),
* use _masking() checks in all linuxkm_test_*().
* add !WOLFSSL_AESGCM_STREAM implementation of linuxkm_test_aesgcm().
* add implementations of linuxkm_test_aesctr(), linuxkm_test_aesofb(), and linuxkm_test_aesecb()
* remove incomplete+disabled AES-CCM shim implementation.
linuxkm/module_hooks.c: pull in wolfcrypt/test/test.h if LINUXKM_LKCAPI_REGISTER.
linuxkm/Makefile: build wolfcrypt/test/test.o if ENABLED_LINUXKM_LKCAPI_REGISTER.
Makefile.am: add ENABLED_LINUXKM_LKCAPI_REGISTER to exports in BUILD_LINUXKM section.
configure.ac: add AC_SUBST([ENABLED_LINUXKM_LKCAPI_REGISTER]); in ENABLED_LINUXKM_DEFAULTS set up, remove `-DWOLFSSL_TEST_SUBROUTINE=static` from AM_CFLAGS adds; fix whitespace.
.wolfssl_known_macro_extras: add WC_WANT_FLAG_DONT_USE_AESNI.
wolfcrypt/test/test.c: add `|| defined(WC_TEST_EXPORT_SUBTESTS)` to outermost gate, add wc_test_ prefix to render_error_message() and export it,
wolfcrypt/test/test.h: add prototype for wc_test_render_error_message(), and #ifdef WC_TEST_EXPORT_SUBTESTS, add prototypes for all the subtests.
2025-04-01 01:17:10 -05:00
e l s e i f n e q "$(ENABLED_LINUXKM_LKCAPI_REGISTER)" "none"
WOLFSSL_OBJ_FILES += wolfcrypt/test/test.o
2020-08-21 00:10:45 -05:00
e l s e
2020-08-28 17:25:25 -05:00
WOLFSSL_CFLAGS += -DNO_CRYPT_TEST
2020-08-21 00:10:45 -05:00
e n d i f
wolfssl/wolfcrypt/types.h:
* fix overallocation in WC_DECLARE_ARRAY() macro in the !WOLFSSL_SMALL_STACK path.
* rename WC_INIT_ARRAY() to WC_ALLOC_ARRAY() for clarity (it doesn't initialize any memory).
* rename WC_DECLARE_ARRAY_DYNAMIC_DEC(), WC_DECLARE_ARRAY_DYNAMIC_EXE(), and WC_FREE_ARRAY_DYNAMIC() to WC_DECLARE_HEAP_ARRAY(), WC_ALLOC_HEAP_ARRAY(), and WC_FREE_HEAP_ARRAY(), respectively, also for clarity, and refactor out the duplicate definitions.
* add WC_ALLOC_VAR(), and move the XMALLOC() in smallstack WC_DECLARE_VAR() into it. smallstack WC_DECLARE_VAR() now initializes the pointer to NULL, like smallstack WC_DECLARE_ARRAY(), assuring all pointers are valid upon shortcircuit to cleanup for a failed allocation (see WC_ALLOC_DO_ON_FAILURE below).
* add a new hook "WC_ALLOC_DO_ON_FAILURE" in WC_ALLOC_VAR(), WC_ALLOC_ARRAY(), and WC_DECLARE_ARRAY_DYNAMIC_EXE(), which is invoked when an allocation fails. by default the hook is defined to WC_DO_NOTHING.
* add basic safety to WC_*_HEAP_ARRAY() by recording/detecting allocation state via idx##VAR_NAME.
* add macros WC_ARRAY_OK() and WC_HEAP_ARRAY_OK() to test if allocation succeeded.
* add macros WC_CALLOC_ARRAY() and WC_CALLOC_HEAP_ARRAY() which zero the objects.
* add macro WC_CALLOC_VAR() which zeros the object.
ED448: smallstack refactor of ge448_scalarmult_base().
src/tls.c tests/api.c wolfcrypt/test/test.c: update WC_DECLARE_VAR()s with now-required matching WC_ALLOC_VAR()s.
wolfcrypt/benchmark/benchmark.c:
* no functional changes in default error-free behavior.
* add definition of WC_ALLOC_DO_ON_FAILURE() that prints error message, sets ret, and does goto exit.
* add BENCH_NTIMES and BENCH_AGREETIMES overrideeable macros, to allow fast sanitizer runs and slow high-precision runs.
* smallstack refactor of all declarations of stack arrays of the form foo[BENCH_MAX_PENDING], using WC_DECLARE_ARRAY() (35 in all).
* additional smallstack refactors, using WC_DECLARE_VAR(), for bench_aesxts(), bench_ed448KeyGen(), bench_eccsi*(), and bench_sakke*().
* fixes for various unhandled error conditions around malloc failures.
wolfcrypt/test/test.c: opportunistically constify several (42) static constants, moving them to the readonly data segment.
linuxkm/Makefile: if ENABLED_LINUXKM_BENCHMARKS, add wolfcrypt/benchmark/benchmark.o to WOLFSSL_OBJ_FILES.
linuxkm/Kbuild: enable FPU for benchmark.o, and remove enablement for module_hooks.o.
linuxkm/module_hooks.c: remove inline include of benchmark.c.
2024-02-16 02:32:18 -06:00
i f e q "$(ENABLED_LINUXKM_BENCHMARKS)" "yes"
WOLFSSL_OBJ_FILES += wolfcrypt/benchmark/benchmark.o
e n d i f
2021-08-19 11:15:52 -05:00
i f e q "$(ENABLED_LINUXKM_PIE)" "yes"
2025-09-10 15:08:41 -05:00
WOLFCRYPT_PIE_FILES := $( filter wolfcrypt/src/%,$( WOLFSSL_OBJ_FILES) ) linuxkm/pie_redirect_table.o
2021-08-19 11:15:52 -05:00
WOLFSSL_OBJ_FILES := $( WOLFCRYPT_PIE_FILES) $( filter-out $( WOLFCRYPT_PIE_FILES) ,$( WOLFSSL_OBJ_FILES) )
e n d i f
export WOLFSSL_CFLAGS WOLFSSL_ASFLAGS WOLFSSL_OBJ_FILES WOLFCRYPT_PIE_FILES
2020-08-18 14:17:44 -05:00
2024-07-16 14:24:37 -05:00
i f n e q "$(host_triplet)" "$(build_triplet)"
CROSS_COMPILE := 'CROSS_COMPILE=$(host_triplet)-'
e n d i f
OVERRIDE_PATHS :=
i f d e f C C
ifneq " $( CC) " "cc"
OVERRIDE_PATHS := $( OVERRIDE_PATHS) 'CC=$(CC)'
endif
e n d i f
i f d e f A S
ifneq " $( AS) " "as"
OVERRIDE_PATHS := $( OVERRIDE_PATHS) 'AS=$(AS)'
endif
e n d i f
i f d e f L D
ifneq " $( LD) " "ld"
OVERRIDE_PATHS := $( OVERRIDE_PATHS) 'LD=$(LD)'
endif
e n d i f
2025-08-22 00:34:01 -05:00
i f n d e f R E A D E L F
READELF := readelf
e n d i f
i f n d e f A W K
AWK := awk
e n d i f
2025-09-16 14:38:51 -05:00
i f n d e f T M P D I R
TMPDIR := /tmp
e n d i f
i f n d e f M A K E _ T M P D I R
MAKE_TMPDIR := $( TMPDIR)
e n d i f
GENERATE_RELOC_TAB := $( READELF) --wide -r libwolfssl.ko | \
2025-08-22 00:34:01 -05:00
$( AWK) ' BEGIN { \
n = 0; \
2025-08-23 17:21:24 -05:00
bad_relocs = 0; \
2025-08-22 00:34:01 -05:00
printf( "%s\n " , \
2025-08-23 17:21:24 -05:00
"const unsigned int wc_linuxkm_pie_reloc_tab[] = { " ) ; \
2025-08-22 00:34:01 -05:00
} \
/^Relocation section '\' '\.rela\.text\.wolfcrypt' \' ' / { \
p = 1; \
next; \
} \
/^Relocation section/ { \
p = 0; \
} \
/^0/ { \
if ( p) { \
2025-08-23 17:21:24 -05:00
if ( $$ 3 !~ " ^(R_X86_64_PLT32|R_X86_64_PC32|R_AARCH64_.*) $$ " ) { \
print "Unexpected relocation type:\n" $$ 0 >"/dev/stderr" ; \
++bad_relocs; \
} \
2025-08-22 00:34:01 -05:00
printf( "0x%s%s" , \
gensub( "^0*" ,"" ,1,$$ 1) , \
( ( ++n%8) ? ", " : ",\n " ) ) ; \
} \
} \
END { \
2025-08-23 17:21:24 -05:00
if ( bad_relocs) { \
print "Found " bad_relocs " unexpected relocations." >"/dev/stderr" ; \
exit( 1) ; \
} \
2025-08-22 00:34:01 -05:00
print "~0U };\nconst size_t wc_linuxkm_pie_reloc_tab_length = sizeof wc_linuxkm_pie_reloc_tab / sizeof wc_linuxkm_pie_reloc_tab[0];" ; \
2025-09-16 14:38:51 -05:00
} '
2025-09-17 13:06:32 -05:00
.PHONY : libwolfssl .ko
libwolfssl.ko :
2025-09-16 14:38:51 -05:00
@if test -z '$(KERNEL_ROOT)' ; then echo '$$KERNEL_ROOT is unset' >& 2; exit 1; fi
@if test -z '$(AM_CFLAGS)$(CFLAGS)' ; then echo '$$AM_CFLAGS and $$CFLAGS are both unset.' >& 2; exit 1; fi
@if test -z '$(src_libwolfssl_la_OBJECTS)' ; then echo '$$src_libwolfssl_la_OBJECTS is unset.' >& 2; exit 1; fi
# after commit 9a0ebe5011 (6.10), sources must be in $(obj). work around this by making links to all needed sources:
@mkdir -p '$(MODULE_TOP)/linuxkm'
2025-09-17 13:06:32 -05:00
@test '$(MODULE_TOP)/module_hooks.c' -ef '$(MODULE_TOP)/linuxkm/module_hooks.c' || cp --verbose --no-dereference --symbolic-link --no-clobber '$(MODULE_TOP)' /*.[ ch] '$(MODULE_TOP)/linuxkm/'
@test '$(SRC_TOP)/wolfcrypt/src/wc_port.c' -ef '$(MODULE_TOP)/wolfcrypt/src/wc_port.c' || cp --verbose --no-dereference --symbolic-link --no-clobber --recursive '$(SRC_TOP)/wolfcrypt' '$(MODULE_TOP)/'
@test '$(SRC_TOP)/src/wolfio.c' -ef '$(MODULE_TOP)/src/wolfio.c' || cp --verbose --no-dereference --symbolic-link --no-clobber --recursive '$(SRC_TOP)/src' '$(MODULE_TOP)/'
2025-09-16 14:38:51 -05:00
i f e q "$(ENABLED_LINUXKM_PIE)" "yes"
2025-09-17 13:06:32 -05:00
@$( eval RELOC_TMP := $( shell mktemp " $( MAKE_TMPDIR) /wc_linuxkm_pie_reloc_tab.c.XXXXXX " ) )
@[ [ -f wc_linuxkm_pie_reloc_tab.c ] ] || echo -e "const unsigned int wc_linuxkm_pie_reloc_tab[] = { ~0U };\nconst size_t wc_linuxkm_pie_reloc_tab_length = 1;" > wc_linuxkm_pie_reloc_tab.c
@if [ [ -f libwolfssl.ko ] ] ; then touch -r libwolfssl.ko " $( RELOC_TMP) " ; fi
2025-09-16 14:38:51 -05:00
+$( MAKE) ARCH = '$(KERNEL_ARCH)' $( OVERRIDE_PATHS) $( CROSS_COMPILE) -C '$(KERNEL_ROOT)' M = '$(MODULE_TOP)' $( KBUILD_EXTRA_FLAGS) CC_FLAGS_FTRACE =
2025-09-17 13:06:32 -05:00
# if the above make didn't build a fresh libwolfssl.ko, then the module is already up to date and we leave it untouched, assuring stability for purposes of module-update-fips-hash.
@if [ [ ! libwolfssl.ko -nt " $( RELOC_TMP) " ] ] ; then rm " $( RELOC_TMP) " ; exit 0; fi
@$( GENERATE_RELOC_TAB) >| wc_linuxkm_pie_reloc_tab.c
2024-07-16 14:24:37 -05:00
+$( MAKE) ARCH = '$(KERNEL_ARCH)' $( OVERRIDE_PATHS) $( CROSS_COMPILE) -C '$(KERNEL_ROOT)' M = '$(MODULE_TOP)' $( KBUILD_EXTRA_FLAGS) CC_FLAGS_FTRACE =
2025-09-16 14:38:51 -05:00
@$( GENERATE_RELOC_TAB) >| $( RELOC_TMP)
@if diff wc_linuxkm_pie_reloc_tab.c $( RELOC_TMP) ; then echo " Relocation table is stable." ; else echo "PIE failed: relocation table is unstable." 1>& 2; rm $( RELOC_TMP) ; exit 1; fi
@rm $( RELOC_TMP)
2021-09-15 23:05:32 -05:00
e l s e
2024-07-16 14:24:37 -05:00
+$( MAKE) ARCH = '$(KERNEL_ARCH)' $( OVERRIDE_PATHS) $( CROSS_COMPILE) -C '$(KERNEL_ROOT)' M = '$(MODULE_TOP)' $( KBUILD_EXTRA_FLAGS)
2021-09-15 23:05:32 -05:00
e n d i f
2025-09-16 14:38:51 -05:00
.PHONY : module -update -fips -hash
module-update-fips-hash : libwolfssl .ko
@if test -z '$(FIPS_HASH)' ; then echo ' $$FIPS_HASH is unset' >& 2; exit 1; fi
@if [ [ ! '$(FIPS_HASH)' = ~ [ 0-9a-fA-F] { 64} ] ] ; then echo ' $$FIPS_HASH is malformed' >& 2; exit 1; fi
@readarray -t rodata_segment < <( $( READELF) --wide --sections libwolfssl.ko | \
sed -E -n 's/^[[:space:]]*\[[[:space:]]*([0-9]+)\][[:space:]]+\.rodata\.wolfcrypt[[:space:]]+PROGBITS[[:space:]]+[0-9a-fA-F]+[[:space:]]+([0-9a-fA-F]+)[[:space:]].*$$/\1\n\2/p' ) ; \
if [ [ $$ { #rodata_segment[@]} != 2 ]]; then echo ' unexpected rodata_segment.' >&2; exit 1; fi; \
readarray -t verifyCore_attrs < <( $( READELF) --wide --symbols libwolfssl.ko | \
sed -E -n 's/^[[:space:]]*[0-9]+: ([0-9a-fA-F]+)[[:space:]]+([0-9]+)[[:space:]]+OBJECT[[:space:]]+[A-Z]+[[:space:]]+[A-Z]+[[:space:]]+' " $$ {rodata_segment[0]} " '[[:space:]]+verifyCore$$/\1\n\2/p' ) ; \
if [ [ $$ { #verifyCore_attrs[@]} != 2 ]]; then echo ' unexpected verifyCore_attrs.' >&2; exit 1; fi; \
if [ [ " $$ {verifyCore_attrs[1]} " != "65" ] ] ; then echo " verifyCore has unexpected length $$ {verifyCore_attrs[1]}. " >& 2; exit 1; fi ; \
verifyCore_offset = $$ ( ( 0x$$ { rodata_segment[ 1] } + 0x$$ { verifyCore_attrs[ 0] } ) ) ; \
current_verifyCore = $$ ( dd bs = 1 if = libwolfssl.ko skip = $$ verifyCore_offset count = 64 status = none) ; \
if [ [ ! " $$ current_verifyCore " = ~ [ 0-9a-fA-F] { 64} ] ] ; then echo " verifyCore at offset $$ verifyCore_offset has unexpected value. " >& 2; exit 1; fi ; \
if [ [ '$(FIPS_HASH)' = = " $$ current_verifyCore " ] ] ; then echo ' Supplied FIPS_HASH matches existing verifyCore -- no update needed.' ; exit 0; fi ; \
echo -n '$(FIPS_HASH)' | dd bs = 1 conv = notrunc of = libwolfssl.ko seek = $$ verifyCore_offset count = 64 status = none && \
echo " FIPS verifyCore updated successfully." && \
if [ [ -f libwolfssl.ko.signed ] ] ; then $( MAKE) -C . libwolfssl.ko.signed; fi
2021-09-15 23:05:32 -05:00
libwolfssl.ko.signed : libwolfssl .ko
2025-07-23 14:43:33 -05:00
i f d e f F O R C E _ N O _ M O D U L E _ S I G
@echo 'Skipping module signature operation because FORCE_NO_MODULE_SIG.'
e l s e
2025-08-22 00:34:01 -05:00
@cd '$(KERNEL_ROOT)' || exit $$ ?; \
while read configline; do \
case " $$ configline " in \
CONFIG_MODULE_SIG*= *) \
declare " $$ {configline%=*} " = " $$ {configline#*=} " \
; ; \
esac ; \
done < .config || exit $$ ?; \
if [ [ " $$ {CONFIG_MODULE_SIG} " = "y" && -n " $$ {CONFIG_MODULE_SIG_KEY} " && \
-n " $$ {CONFIG_MODULE_SIG_HASH} " && ( ! -f '$(MODULE_TOP)/$@' || \
'$(MODULE_TOP)/$<' -nt '$(MODULE_TOP)/$@' ) ] ] ; then \
CONFIG_MODULE_SIG_KEY = " $$ {CONFIG_MODULE_SIG_KEY#\"} " ; \
CONFIG_MODULE_SIG_KEY = " $$ {CONFIG_MODULE_SIG_KEY%\"} " ; \
CONFIG_MODULE_SIG_HASH = " $$ {CONFIG_MODULE_SIG_HASH#\"} " ; \
CONFIG_MODULE_SIG_HASH = " $$ {CONFIG_MODULE_SIG_HASH%\"} " ; \
cp -p '$(MODULE_TOP)/$<' '$(MODULE_TOP)/$@' || exit $$ ?; \
./scripts/sign-file " $$ {CONFIG_MODULE_SIG_HASH} " \
" $$ {CONFIG_MODULE_SIG_KEY} " \
" $$ {CONFIG_MODULE_SIG_KEY/%.pem/.x509} " \
'$(MODULE_TOP)/$@' ; \
sign_file_exitval = $$ ?; \
if [ [ $$ sign_file_exitval != 0 ] ] ; then \
$( RM) -f '$(MODULE_TOP)/$@' ; \
exit $$ sign_file_exitval; \
fi ; \
if [ [ " $( quiet) " != "silent_" ] ] ; then \
echo " Module $@ signed by $$ {CONFIG_MODULE_SIG_KEY}. " ; \
fi \
2021-09-15 23:05:32 -05:00
fi
2025-07-23 14:43:33 -05:00
e n d i f
2021-09-15 23:05:32 -05:00
2020-08-28 17:25:25 -05:00
2020-11-04 14:13:39 -06:00
.PHONY : install modules_install
install modules_install :
2021-08-19 11:15:52 -05:00
+$( MAKE) -C $( KERNEL_ROOT) M = $( MODULE_TOP) src = $( SRC_TOP) INSTALL_MOD_DIR = wolfssl modules_install
2020-08-18 23:51:32 -05:00
.PHONY : clean
2021-09-30 00:53:58 -05:00
# note, must supply $(MODULE_TOP) as the src value for clean so that Kbuild is included, else
# the top Makefile (which is not for the kernel build) would be included here.
2020-08-18 23:51:32 -05:00
clean :
2024-07-16 14:24:37 -05:00
$( RM) -rf '$(MODULE_TOP)/linuxkm'
$( RM) -rf '$(MODULE_TOP)/wolfcrypt'
$( RM) -rf '$(MODULE_TOP)/src'
2021-09-30 00:53:58 -05:00
+$( MAKE) -C $( KERNEL_ROOT) M = $( MODULE_TOP) src = $( MODULE_TOP) clean
2020-08-24 17:49:38 -05:00
2021-11-22 05:36:12 +09:00
.PHONY : check
check :
2021-11-22 05:46:13 +09:00
.PHONY : distclean
distclean : clean
2020-08-24 17:49:38 -05:00
.PHONY : dist
dist :
2020-08-24 17:54:46 -05:00
.PHONY : distdir
distdir :
