Signed-off-by: Hongxu Jia <hongxu....@windriver.com> --- README.build | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+)
diff --git a/README.build b/README.build index 9735028..bc8fcf3 100644 --- a/README.build +++ b/README.build @@ -245,3 +245,39 @@ Note this sample command is functionally equivalent to: $ env OPENSSL_FIPS=1 openssl sha1 -hmac etaonrishdlcupfm fips_hmac.c HMAC-SHA1(fips_hmac.c)= ae25ad68d9a8cc04075100563a437fa37829afcc +=============== +FAQ +=============== +1. How to support fips on 32bit arm (such as MACHINE = qemuarm)? +Set env MACHINE='arm' before Building the FIPS Object Module +(Building Steps 3), which affects fips config not to add option +`-march=armv7-a' to avoid failure on gcc8: +[snip] +|`cc1: error: -mfloat-abi=hard: selected processor lacks an FPU' +[snip] + +2. How to support fips on aarch64 (such as MACHINE = qemuarm64)? +For aarch64, FIPS 140-2 module only support android, wrapper gcc +at Building the FIPS Object Module(Building Steps 3) to define +macro FIPS_REF_POINT_IS_CROSS_COMPILER_AWARE to simulate what +android did. Provide a way to add bbappend to wrapper gcc: +mkdir -p recipes-devtools/gcc +cat << ENDOF > recipes-devtools/gcc/gcc_9.%.bbappend +do_install_append_aarch64() { + create_cmdline_wrapper \${D}/\${bindir}/gcc -DFIPS_REF_POINT_IS_CROSS_COMPILER_AWARE +} + +FILES_\${PN}-symlinks += "\${bindir}/gcc.real" +ENDOF + +3. How to support fips on 32bit x86? (Such as MACHINE = qemux86, +or lib32-image on qemux86-64) +Set env MACHINE='i686' before Building the FIPS Object Module +(Building Steps 3) which affect fips config not to add option +`-m 64' on lib32-image which workaround the following failure +[snip] +|/usr/include/bits/long-double.h:44:10: fatal error: +bits/long-double-64.h: No such file or directory +| 44 | #include <bits/long-double-64.h> +[snip] + -- 2.7.4 -- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto