ANDROID: kleaf: convert fips140 to kleaf
As a result of this change:
- fips140 is no longer part of the GKI build but a
separate module, so it is not signed
(CONFIG_MODULE_SIG_ALL is not set)
- GKI images (e.g. system_dlkm image, boot images)
etc. are no longer part of the build -- because
they are unnecessary.
- The build config no longer inherits from build.config.gki.aarch64
directly to avoid building unnecessary system_dklm, boot images,
GKI artifacts, etc.
Test: BUILD_CONFIG=common/build.config.gki.aarch64.fips140 build/build.sh
Test: tools/bazel build //common:fips140_dist
Bug: 232083350
Change-Id: I2cb0ee0b55c2a5ea46e6d73ecad4aa97585c1989
Signed-off-by: Yifan Hong <elsk@google.com>
diff --git a/BUILD.bazel b/BUILD.bazel
index ceff2c8..0ecc69b 100644
--- a/BUILD.bazel
+++ b/BUILD.bazel
@@ -17,7 +17,9 @@
],
)
+load("//build/bazel_common_rules/dist:dist.bzl", "copy_to_dist_dir")
load("//build/kernel/kleaf:common_kernels.bzl", "define_common_kernels", "define_db845c")
+load("//build/kernel/kleaf:kernel.bzl", "kernel_build")
# This uses android/abi_gki_aarch64* in kmi_configs. If the list of
# glob(["android/abi_gki_aarch64*"]) differs from
@@ -218,3 +220,20 @@
"sound/soc/qcom/snd-soc-sm8250.ko",
],
)
+
+kernel_build(
+ name = "fips140",
+ outs = [],
+ base_kernel = ":kernel_aarch64",
+ build_config = "build.config.gki.aarch64.fips140",
+ module_outs = ["crypto/fips140.ko"],
+)
+
+copy_to_dist_dir(
+ name = "fips140_dist",
+ data = [
+ ":fips140",
+ ],
+ dist_dir = "out/fips140/dist",
+ flat = True,
+)