in scripts/process_fips_module.py [0:0]
def process_loadable_segments(elf_file):
"""
Finds all loadable segments in the module and ensures that the assumptions made by our runtime
integrity verification code are valid. Returns the list of loadable segments. If an assumption
is found to be invalid, an exception will be thrown.
"""
# Find all loadable segments and calculate their sizes and offsets
loadable_segments = []
writeable_segment = None
for segment in elf_file.iter_segments():
if segment["p_type"] == "PT_LOAD":
logging.debug("PT_LOAD: Offset {} VAddr {} PAddr {} FileSz {} MemSz {} Align {}".format(
hex(segment["p_offset"]),
hex(segment["p_vaddr"]),
hex(segment["p_paddr"]),
hex(segment["p_filesz"]),
hex(segment["p_memsz"]),
hex(segment["p_align"])
))
loadable_segments.append(segment)
if writeable_segment is not None:
# There must be exactly one writeable segment, and it must be the last of the
# PT_LOAD segments
logging.error("Found more than one loadable, writeable segment!")
raise RuntimeError
if segment["p_flags"] & PF_W != 0:
writeable_segment = segment
writeable_segment_sections = []
for section in elf_file.iter_sections():
if writeable_segment.section_in_segment(section):
writeable_segment_sections.append(section)
# We set our FIPS module boundary based on where the .data section starts (since it and the
# .bss section cannot be included in the HMAC). Therefore, .data and .bss must be the second
# last and last sections of that segment, respectively.
if writeable_segment_sections[-2].name != ".data" or \
writeable_segment_sections[-1].name != ".bss":
logging.error("Unexpected section order in writeable segment!")
raise RuntimeError
return loadable_segments