From: Jay Wang <wanjay@amazon.com>
To: Herbert Xu <herbert@gondor.apana.org.au>,
"David S . Miller" <davem@davemloft.net>,
<linux-crypto@vger.kernel.org>,
Masahiro Yamada <masahiroy@kernel.org>,
<linux-kbuild@vger.kernel.org>
Cc: Jay Wang <jay.wang.upstream@gmail.com>,
Vegard Nossum <vegard.nossum@oracle.com>,
Nicolai Stange <nstange@suse.de>,
Ilia Okomin <ilya.okomin@oracle.com>,
Hazem Mohamed Abuelfotoh <abuehaze@amazon.com>,
Bjoern Doebel <doebel@amazon.de>,
Martin Pohlack <mpohlack@amazon.de>,
Benjamin Herrenschmidt <benh@amazon.com>,
Nathan Chancellor <nathan@kernel.org>,
Nicolas Schier <nsc@kernel.org>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>, Thomas Gleixner <tglx@kernel.org>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
"H . Peter Anvin" <hpa@zytor.com>,
Luis Chamberlain <mcgrof@kernel.org>,
Petr Pavlu <petr.pavlu@suse.com>,
Daniel Gomez <da.gomez@kernel.org>,
Sami Tolvanen <samitolvanen@google.com>,
David Howells <dhowells@redhat.com>,
"David Woodhouse" <dwmw2@infradead.org>,
Jarkko Sakkinen <jarkko@kernel.org>,
"Ignat Korchagin" <ignat@linux.win>,
Lukas Wunner <lukas@wunner.de>,
"Alexei Starovoitov" <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
"Andrii Nakryiko" <andrii@kernel.org>,
<linux-arm-kernel@lists.infradead.org>, <x86@kernel.org>,
<linux-modules@vger.kernel.org>
Subject: [PATCH v2 15/19] crypto: fips140: add module integrity self-check
Date: Sat, 18 Apr 2026 00:20:23 +0000 [thread overview]
Message-ID: <20260418002032.2877-16-wanjay@amazon.com> (raw)
In-Reply-To: <20260418002032.2877-1-wanjay@amazon.com>
Add verify_integrity() function to perform HMAC-SHA256 self verification
of this standalone crypto module against pre-computed hash. This integrity
self-check is required by FIPS 140-3.
This patch is picked from Vegard Nossum <vegard.nossum@oracle.com> with
minor modifications.
Co-developed-by: Vegard Nossum <vegard.nossum@oracle.com>
Signed-off-by: Jay Wang <wanjay@amazon.com>
---
crypto/fips140/Kconfig | 2 ++
crypto/fips140/fips140-module.c | 52 +++++++++++++++++++++++++++++++++
crypto/fips140/fips140-module.h | 4 +++
3 files changed, 58 insertions(+)
diff --git a/crypto/fips140/Kconfig b/crypto/fips140/Kconfig
index 7d8997aa10945..85d2c99579549 100644
--- a/crypto/fips140/Kconfig
+++ b/crypto/fips140/Kconfig
@@ -2,6 +2,8 @@ config CRYPTO_FIPS140_EXTMOD
bool "FIPS 140 compliant algorithms as a kernel module"
depends on CRYPTO && (X86_64 || ARM64) && MODULES
select CRYPTO_FIPS
+ select CRYPTO_SHA256
+ select CRYPTO_HMAC
help
This option enables building a kernel module that contains
copies of crypto algorithms that are built in a way that
diff --git a/crypto/fips140/fips140-module.c b/crypto/fips140/fips140-module.c
index 8767d98baacd9..1e68c509d2db0 100644
--- a/crypto/fips140/fips140-module.c
+++ b/crypto/fips140/fips140-module.c
@@ -16,6 +16,54 @@
#define CRYPTO_INTERNAL "CRYPTO_INTERNAL"
+static const u8 fips140_integ_hmac_key[] = CONFIG_CRYPTO_FIPS140_HMAC_KEY;
+
+static int verify_integrity(void)
+{
+ extern const u8 *_binary_crypto_ko_start;
+ extern const u8 *_binary_crypto_ko_end;
+ extern const u8 *_binary_crypto_hmac_start;
+
+ struct crypto_shash *tfm;
+ SHASH_DESC_ON_STACK(desc, tfm);
+ u8 digest[SHA256_DIGEST_SIZE];
+ int err;
+
+ tfm = crypto_alloc_shash("hmac(sha256)", 0, 0);
+ if (IS_ERR(tfm))
+ panic("FIPS 140: failed to allocate hmac tfm (%ld)\n", PTR_ERR(tfm));
+
+ desc->tfm = tfm;
+
+ err = crypto_shash_setkey(tfm, fips140_integ_hmac_key, sizeof(fips140_integ_hmac_key) - 1);
+ if (err)
+ panic("FIPS 140: crypto_shash_setkey() failed: %d\n", err);
+
+ err = crypto_shash_init(desc);
+ if (err)
+ panic("FIPS 140: crypto_shash_init() failed: %d\n", err);
+
+ err = crypto_shash_update(desc, _binary_crypto_ko_start, _binary_crypto_ko_end - _binary_crypto_ko_start);
+ if (err)
+ panic("FIPS 140: crypto_shash_update() failed: %d\n", err);
+
+ err = crypto_shash_final(desc, digest);
+ if (err)
+ panic("FIPS 140: crypto_shash_final() failed: %d\n", err);
+
+ shash_desc_zero(desc);
+
+ if (memcmp(digest, _binary_crypto_hmac_start, sizeof(digest)))
+ panic("FIPS 140: failed integrity check\n");
+
+ pr_info("FIPS 140: integrity verification passed\n");
+
+ crypto_free_shash(tfm);
+ memzero_explicit(digest, sizeof(digest));
+
+ return 0;
+}
+
/*
* Run FIPS module initcalls level by level, synchronizing with the
* kernel's initcall progression.
@@ -85,6 +133,10 @@ static int __init fips140_init(void)
pr_info("loading " FIPS140_MODULE_NAME "\n");
run_initcalls();
+
+ if (fips_enabled){
+ verify_integrity(); /* Panics if integrity check fails */
+ }
fips140_mark_module_level_complete(3);
return 0;
}
diff --git a/crypto/fips140/fips140-module.h b/crypto/fips140/fips140-module.h
index e95dac8eeda9e..b8968d54800ec 100644
--- a/crypto/fips140/fips140-module.h
+++ b/crypto/fips140/fips140-module.h
@@ -9,9 +9,13 @@
#include <linux/module.h>
#include <linux/crypto.h>
#include <crypto/algapi.h>
+#include <crypto/hash.h>
+#include <crypto/sha2.h>
#include <linux/init.h>
+#include <linux/string.h>
#include <linux/atomic.h>
#include <linux/wait.h>
+#include <linux/fips.h>
/* FIPS140 synchronization between kernel and module */
extern atomic_t fips140_kernel_level_complete;
--
2.47.3
next prev parent reply other threads:[~2026-04-18 0:24 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-18 0:20 [PATCH v2 00/19] crypto: Standalone crypto module Jay Wang
2026-04-18 0:20 ` [PATCH v2 01/19] crypto: add Kconfig options for standalone " Jay Wang
2026-04-18 0:20 ` [PATCH v2 02/19] crypto: add module entry for standalone crypto kernel module Jay Wang
2026-04-18 0:20 ` [PATCH v2 03/19] build: special compilation rule for building the standalone crypto module Jay Wang
2026-04-18 0:20 ` [PATCH v2 04/19] build: Add ELF marker for crypto-objs-m modules Jay Wang
2026-04-18 0:20 ` [PATCH v2 05/19] module: allow kernel module loading directly from memory Jay Wang
2026-04-18 0:20 ` [PATCH v2 06/19] crypto: add pluggable interface for module symbols referenced by the main kernel Jay Wang
2026-04-18 0:20 ` [PATCH v2 07/19] crypto: dedicated ELF sections for collected crypto initcalls Jay Wang
2026-04-18 0:20 ` [PATCH v2 08/19] crypto: fips140: add crypto module loader Jay Wang
2026-04-18 0:20 ` [PATCH v2 09/19] build: embed the standalone crypto module into vmlinux Jay Wang
2026-04-18 0:20 ` [PATCH v2 10/19] module: skip modversion checks for crypto modules Jay Wang
2026-04-18 0:20 ` [PATCH v2 11/19] build: add CONFIG_DEBUG_INFO_BTF_MODULES support for the standalone crypto kernel module Jay Wang
2026-04-18 0:20 ` [PATCH v2 12/19] Allow selective crypto module loading at boot based on FIPS mode Jay Wang
2026-04-18 0:20 ` [PATCH v2 13/19] Execute crypto initcalls during module initialization Jay Wang
2026-04-18 0:20 ` [PATCH v2 14/19] crypto/algapi.c: skip crypto_check_module_sig() for the standalone crypto module Jay Wang
2026-04-18 0:20 ` Jay Wang [this message]
2026-04-18 0:20 ` [PATCH v2 16/19] crypto: convert exported symbols in architecture-independent crypto to pluggable symbols Jay Wang
2026-04-18 0:20 ` [PATCH v2 17/19] x86/crypto: convert exported symbols in x86 " Jay Wang
2026-04-18 0:20 ` [PATCH v2 18/19] arm64/crypto: convert exported symbols in arm64 " Jay Wang
2026-04-18 0:20 ` [PATCH v2 19/19] Add standalone crypto kernel module technical documentation Jay Wang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260418002032.2877-16-wanjay@amazon.com \
--to=wanjay@amazon.com \
--cc=abuehaze@amazon.com \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=benh@amazon.com \
--cc=bp@alien8.de \
--cc=catalin.marinas@arm.com \
--cc=da.gomez@kernel.org \
--cc=daniel@iogearbox.net \
--cc=dave.hansen@linux.intel.com \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=doebel@amazon.de \
--cc=dwmw2@infradead.org \
--cc=herbert@gondor.apana.org.au \
--cc=hpa@zytor.com \
--cc=ignat@linux.win \
--cc=ilya.okomin@oracle.com \
--cc=jarkko@kernel.org \
--cc=jay.wang.upstream@gmail.com \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kbuild@vger.kernel.org \
--cc=linux-modules@vger.kernel.org \
--cc=lukas@wunner.de \
--cc=masahiroy@kernel.org \
--cc=mcgrof@kernel.org \
--cc=mingo@redhat.com \
--cc=mpohlack@amazon.de \
--cc=nathan@kernel.org \
--cc=nsc@kernel.org \
--cc=nstange@suse.de \
--cc=petr.pavlu@suse.com \
--cc=samitolvanen@google.com \
--cc=tglx@kernel.org \
--cc=vegard.nossum@oracle.com \
--cc=will@kernel.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.