[yocto] [meta-openssl102-fips][PATCH 2/2] README.build: add FAQ to support fips on arm/aarch64/x86

[Hongxu Jia]

Signed-off-by: Hongxu Jia <hongxu.jia at windriver.com>
---
 README.build | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)

diff --git a/README.build b/README.build
index 9735028..bc8fcf3 100644
--- a/README.build
+++ b/README.build
@@ -245,3 +245,39 @@ Note this sample command is functionally equivalent to:
 $ env OPENSSL_FIPS=1 openssl sha1 -hmac etaonrishdlcupfm fips_hmac.c
 HMAC-SHA1(fips_hmac.c)= ae25ad68d9a8cc04075100563a437fa37829afcc
 
+===============
+FAQ
+===============
+1. How to support fips on 32bit arm (such as MACHINE = qemuarm)?
+Set env MACHINE='arm' before Building the FIPS Object Module
+(Building Steps 3), which affects fips config not to add option
+`-march=armv7-a' to avoid failure on gcc8:
+[snip]
+|`cc1: error: -mfloat-abi=hard: selected processor lacks an FPU'
+[snip]
+
+2. How to support fips on aarch64 (such as MACHINE = qemuarm64)?
+For aarch64, FIPS 140-2 module only support android, wrapper gcc
+at Building the FIPS Object Module(Building Steps 3) to define
+macro FIPS_REF_POINT_IS_CROSS_COMPILER_AWARE to simulate what
+android did. Provide a way to add bbappend to wrapper gcc:
+mkdir -p recipes-devtools/gcc
+cat << ENDOF > recipes-devtools/gcc/gcc_9.%.bbappend
+do_install_append_aarch64() {
+    create_cmdline_wrapper \${D}/\${bindir}/gcc -DFIPS_REF_POINT_IS_CROSS_COMPILER_AWARE
+}
+
+FILES_\${PN}-symlinks += "\${bindir}/gcc.real"
+ENDOF
+
+3. How to support fips on 32bit x86? (Such as MACHINE = qemux86,
+or lib32-image on qemux86-64)
+Set env MACHINE='i686' before Building the FIPS Object Module
+(Building Steps 3) which affect fips config not to add option
+`-m 64' on lib32-image which workaround the following failure
+[snip]
+|/usr/include/bits/long-double.h:44:10: fatal error:
+bits/long-double-64.h: No such file or directory
+|   44 | #include <bits/long-double-64.h>
+[snip]
+
-- 
2.7.4