cr50: add linker script to consolidate FIPS module sections

Added linker script to sort by name all symbols from FIPS module and
place them together in text.fips, rodata.fips and bss.fips sections
which are later placed at fixed locations by chip's linker script.

Note, this has impact on image size as LTO intentionally won't work
across FIPS module boundary and probably don't discard some unused
functions. Currently size increase is 1544 bytes.

List of functions added:

fips_p256_ecdsa_sign
fips_drbg_clear
DCRYPTO_asn1_sigp
board_set_fips_policy_test
u2f_gen_kek
DCRYPTO_asn1_pubp
fips_drbg_init
fips_throw_err
board_fips_enforced
fips_trng_bytes
dcrypto_p256_pick
DCRYPTO_hkdf
dcrypto_p256_rnd
fips_mode
adaptive_proportion_test
fips_rand_bytes
fips_set_policy
board_fips_power_up_done
fips_crypto_allowed

Note, some of these functions can be removed, and some will be used
once switch to FIPS key gen.

BUG=b:138578318
TEST=make BOARD=cr50

Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: I0ab3cf1fc7fd6de2025b69d46c71625d96d7873b
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3041098
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Auto-Submit: Vadim Sukhomlinov <sukhomlinov@chromium.org>

2 files changed, 88 insertions, 4 deletions

diff --git a/board/cr50/build.mk b/board/cr50/build.mk
index 6f163e8c39..07f74f8686 100644
--- a/board/cr50/build.mk
+++ b/board/cr50/build.mk
@@ -48,8 +48,6 @@ board-y += power_button.o
 board-y += servo_state.o
 board-y += ap_uart_state.o
 board-y += factory_mode.o
-board-y += fips.o
-board-y += fips_rand.o
 board-${CONFIG_RDD} += rdd.o
 board-${CONFIG_USB_SPI} += usb_spi.o
 board-${CONFIG_USB_I2C} += usb_i2c.o
@@ -57,6 +55,8 @@ board-y += recovery_button.o
 
 # TODO(mruthven): add cryptoc the fips boundary
 fips-y=
+fips-y += fips.o
+fips-y += fips_rand.o
 fips-$(CONFIG_U2F) += u2f.o
 fips-${CONFIG_DCRYPTO_BOARD} += dcrypto/aes.o
 fips-${CONFIG_DCRYPTO_BOARD} += dcrypto/app_cipher.o
@@ -66,7 +66,6 @@ fips-${CONFIG_DCRYPTO_BOARD} += dcrypto/dcrypto_bn.o
 fips-${CONFIG_DCRYPTO_BOARD} += dcrypto/dcrypto_p256.o
 fips-${CONFIG_DCRYPTO_BOARD} += dcrypto/compare.o
 fips-${CONFIG_DCRYPTO_BOARD} += dcrypto/dcrypto_runtime.o
-fips-${CONFIG_DCRYPTO_BOARD} += dcrypto/gcm.o
 fips-${CONFIG_DCRYPTO_BOARD} += dcrypto/hkdf.o
 fips-${CONFIG_DCRYPTO_BOARD} += dcrypto/hmac.o
 fips-${CONFIG_DCRYPTO_BOARD} += dcrypto/hmac_drbg.o
@@ -117,11 +116,14 @@ endif
 ifneq ($(fips-y),)
 RW_BD_OUT=$(out)/RW/$(BDIR)
 FIPS_MODULE=dcrypto/fips_module.o
+FIPS_LD_SCRIPT=$(BDIR)/dcrypto/fips_module.ld
 RW_FIPS_OBJS=$(patsubst %.o, $(RW_BD_OUT)/%.o, $(fips-y))
 
 $(RW_BD_OUT)/$(FIPS_MODULE): $(RW_FIPS_OBJS)
 	@echo "  LD      $(notdir $@)"
-	$(Q)$(CC) $(CFLAGS) --static -Wl,--relocatable -Wl,-Map=$@.map -o $@ $^
+	$(Q)$(CC) $(CFLAGS) --static -Wl,--relocatable\
+		-Wl,-T $(FIPS_LD_SCRIPT) -Wl,-Map=$@.map -o $@ $^
+	$(Q)$(OBJDUMP) -th $@ > $@.sym
 
 board-y+= $(FIPS_MODULE)
 endif
diff --git a/board/cr50/dcrypto/fips_module.ld b/board/cr50/dcrypto/fips_module.ld
new file mode 100644
index 0000000000..62b303c8ce
--- /dev/null
+++ b/board/cr50/dcrypto/fips_module.ld
@@ -0,0 +1,82 @@
+SECTIONS
+{
+	.text.fips :  ALIGN(4)  SUBALIGN(4)
+	{
+		. = ALIGN(4);
+		*(SORT_BY_NAME(.text*) .gnu.linkonce.t.*)
+		. = ALIGN(4);
+	} =0xffffffff
+
+	/* Special EC sections should be placed
+         * in the properly named sections. */
+	.rodata.HOOK_INIT : {
+		*(.rodata.HOOK_INIT)
+	}
+	.rodata.cmds.fips : {
+		*(.rodata.cmds.*)
+	}
+	.rodata.extensioncmds.fips : {
+		*(.rodata.extensioncmds)
+	}
+	.rodata.irqprio : {
+		*(.rodata.irqprio)
+	}
+
+	/* FIPS integrity placeholder should be in separate section. */
+	.rodata.fips.checksum : {
+		*(.rodata.fips.checksum)
+	}
+
+	/* Rest of the FIPS module data. */
+	.rodata.fips : {
+		/* Combine read-only data. */
+		*(SORT_BY_NAME(.rodata*) SORT_BY_NAME(.srodata*) \
+		 .gnu.linkonce.r.*)
+	} =0xffffffff
+	.data.fips :
+	{
+		*(SORT_BY_NAME(.data*) \
+		  SORT_BY_NAME(.sdata*) \
+		  SORT_BY_NAME(.ramfunc*))
+	}
+	ASSERT(SIZEOF(.data.fips) == 0, "No .data for FIPS module is allowed")
+	.bss.fips (NOLOAD) :
+	{
+		. = ALIGN(4);
+		*(SORT_BY_NAME(.sbss*) SORT_BY_NAME(.bss*))
+		*(COMMON)
+		. = ALIGN(4);
+	}
+	/* Debug data; this is stripped from the final binary. */
+	.debug_abbrev 0 : { *(.debug_abbrev) }
+	.debug_aranges 0 : { *(.debug_aranges) }
+	.debug_frame 0 : { *(.debug_frame) }
+	.debug_info 0 : { *(.debug_info) }
+	.debug_line 0 : { *(.debug_line) }
+	.debug_loc 0 : { *(.debug_loc) }
+	.debug_ranges 0 : { *(.debug_ranges) }
+	.debug_str 0 : { *(.debug_str) }
+	.debug_macinfo 0 : { *(.debug_macinfo) }
+	.debug_pubnames 0 : { *(.debug_pubnames) }
+	.debug_pubtypes 0 : { *(.debug_pubtypes) }
+	.symtab 0 : { *(.symtab) }
+	.symtab_shndx 0 : { *(.symtab_shndx) }
+	.shstrtab 0 : { *(.shstrtab) }
+	.strtab 0 : { *(.strtab) }
+	/* .stack_sizes (INFO)  makes the section not allocatable so
+	 * it won't be loaded into memory. */
+	.stack_sizes 0 :
+	{
+		KEEP(*(.stack_sizes));
+	}
+	/DISCARD/ :
+	{
+	*(.eh_frame);
+	*(.comment*)
+	*(.ARM.attributes*)
+	*(.riscv.attributes*)
+	*(.llvm_addrsig*)
+	*(.note.GNU-stack*)
+	*(.note.gnu.build-id)
+	}
+}