ANDROID: kleaf: convert fips140 to kleaf

As a result of this change:

- fips140 is no longer part of the GKI build but a
  separate module, so it is not signed
  (CONFIG_MODULE_SIG_ALL is not set)

- GKI images (e.g. system_dlkm image, boot images)
  etc. are no longer part of the build -- because
  they are unnecessary.

- The build config no longer inherits from build.config.gki.aarch64
  directly to avoid building unnecessary system_dklm, boot images,
  GKI artifacts, etc.

Test: BUILD_CONFIG=common/build.config.gki.aarch64.fips140 build/build.sh
Test: tools/bazel build //common:fips140_dist
Bug: 232083350

Change-Id: I2cb0ee0b55c2a5ea46e6d73ecad4aa97585c1989
Signed-off-by: Yifan Hong <elsk@google.com>

BUILD.bazel

@@ -17,7 +17,9 @@ package(
     ],
 )
 
+load("//build/bazel_common_rules/dist:dist.bzl", "copy_to_dist_dir")
 load("//build/kernel/kleaf:common_kernels.bzl", "define_common_kernels", "define_db845c")
+load("//build/kernel/kleaf:kernel.bzl", "kernel_build")
 
 # This uses android/abi_gki_aarch64* in kmi_configs. If the list of
 # glob(["android/abi_gki_aarch64*"]) differs from
@@ -218,3 +220,20 @@ define_db845c(
         "sound/soc/qcom/snd-soc-sm8250.ko",
     ],
 )
+
+kernel_build(
+    name = "fips140",
+    outs = [],
+    base_kernel = ":kernel_aarch64",
+    build_config = "build.config.gki.aarch64.fips140",
+    module_outs = ["crypto/fips140.ko"],
+)
+
+copy_to_dist_dir(
+    name = "fips140_dist",
+    data = [
+        ":fips140",
+    ],
+    dist_dir = "out/fips140/dist",
+    flat = True,
+)

arch/arm64/configs/fips140_gki.fragment

@@ -1 +1,2 @@
 CONFIG_CRYPTO_FIPS140_MOD=y
+# CONFIG_MODULE_SIG_ALL is not set

build.config.gki.aarch64.fips140

@@ -1,9 +1,15 @@
-. ${ROOT_DIR}/${KERNEL_DIR}/build.config.gki.aarch64
+. ${ROOT_DIR}/${KERNEL_DIR}/build.config.common
+. ${ROOT_DIR}/${KERNEL_DIR}/build.config.aarch64
+. ${ROOT_DIR}/${KERNEL_DIR}/build.config.gki
 
-FILES="${FILES}
+FILES="
 crypto/fips140.ko
 "
 
+MAKE_GOALS="
+modules
+"
+
 if [ "${LTO}" = "none" ]; then
 	echo "The FIPS140 module needs LTO to be enabled."
 	exit 1
@@ -13,5 +19,5 @@ MODULES_ORDER=android/gki_aarch64_fips140_modules
 KERNEL_DIR=common
 
 DEFCONFIG=fips140_gki_defconfig
-PRE_DEFCONFIG_CMDS="cat ${ROOT_DIR}/${KERNEL_DIR}/arch/arm64/configs/gki_defconfig ${ROOT_DIR}/${KERNEL_DIR}/arch/arm64/configs/fips140_gki.fragment > ${ROOT_DIR}/${KERNEL_DIR}/arch/arm64/configs/${DEFCONFIG};"
-POST_DEFCONFIG_CMDS="rm ${ROOT_DIR}/${KERNEL_DIR}/arch/arm64/configs/${DEFCONFIG}"
+PRE_DEFCONFIG_CMDS="mkdir -p \${OUT_DIR}/arch/arm64/configs/ && KCONFIG_CONFIG=\${OUT_DIR}/arch/arm64/configs/${DEFCONFIG} ${ROOT_DIR}/${KERNEL_DIR}/scripts/kconfig/merge_config.sh -m -r ${ROOT_DIR}/${KERNEL_DIR}/arch/arm64/configs/gki_defconfig ${ROOT_DIR}/${KERNEL_DIR}/arch/arm64/configs/fips140_gki.fragment"
+POST_DEFCONFIG_CMDS=""