1# Copyright (C) 2015 The Android Open Source Project
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7#      http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14#
15
16LOCAL_DIR := $(GET_LOCAL_DIR)
17
18DEBUG ?= 2
19SMP_MAX_CPUS ?= 8
20SMP_CPU_CLUSTER_SHIFT ?= 2
21GIC_VERSION ?= 2
22# Use modern KM wrapping key size (256-bits)
23TRUSTY_KM_WRAPPING_KEY_SIZE ?= 32
24
25TARGET := generic-arm64
26
27ifeq (false,$(call TOBOOL,$(KERNEL_32BIT)))
28
29# Arm64 address space configuration
30USER_ASPACE_BASE   := 0x0000000000008000
31
32ifeq (false,$(call TOBOOL,$(USER_32BIT)))
33USER_ASPACE_SIZE   := 0x0000ffffffff8000
34GLOBAL_DEFINES += MMU_USER_SIZE_SHIFT=48
35else
36USER_ASPACE_SIZE   := 0x00000000ffff8000
37GLOBAL_DEFINES += MMU_USER_SIZE_SHIFT=32
38endif
39
40KERNEL_BASE_ASLR   ?= true
41
42else
43
44KERNEL_BASE        := 0xc0000000
45
46# ASLR is allowed on 32-bit platforms, but they are usually more space
47# conscious, and the extra page tables and weight from PIE may be more than
48# they want to pay.
49# Set ASLR := true explicitly if you are a 32-bit platform and want ASLR.
50ASLR               ?= false
51
52endif
53
54# select timer
55ifeq (true,$(call TOBOOL,$(KERNEL_32BIT)))
56# 32 bit Secure EL1 with a 64 bit EL3 gets the non-secure physical timer
57TIMER_ARM_GENERIC_SELECTED ?= CNTP
58else
59TIMER_ARM_GENERIC_SELECTED ?= CNTPS
60endif
61GLOBAL_DEFINES += TIMER_ARM_GENERIC_SELECTED=$(TIMER_ARM_GENERIC_SELECTED)
62
63#
64# GLOBAL definitions
65#
66
67# requires linker GC
68WITH_LINKER_GC := 1
69
70# Need support for Non-secure memory mapping
71WITH_NS_MAPPING := true
72
73# do not relocate kernel in physical memory
74GLOBAL_DEFINES += WITH_NO_PHYS_RELOCATION=1
75
76# limit heap grows
77GLOBAL_DEFINES += HEAP_GROW_SIZE=8192
78
79# enable LTO in user-tasks modules
80USER_LTO_ENABLED ?= true
81
82# enable LTO in kernel modules
83KERNEL_LTO_ENABLED ?= true
84
85# enable cfi in trusty modules
86USER_CFI_ENABLED ?= true
87KERNEL_CFI_ENABLED ?= true
88
89# Storage should send error reports to the metrics service
90STORAGE_ENABLE_ERROR_REPORTING := true
91STORAGE_AIDL_ENABLED ?= true
92
93ifeq ($(shell expr $(DEBUG) \>= 2), 1)
94CFI_DIAGNOSTICS ?= true
95endif
96
97# disable UBSan by default
98UBSAN_ENABLED ?= false
99ifeq (true,$(call TOBOOL,$(UBSAN_ENABLED)))
100include trusty/kernel/lib/ubsan/enable.mk
101endif
102
103ifeq (false,$(call TOBOOL,$(KERNEL_32BIT)))
104KERNEL_SCS_ENABLED ?= true
105ifeq (false,$(call TOBOOL,$(USER_32BIT)))
106# enable shadow call stack in user-tasks modules
107USER_SCS_ENABLED ?= true
108endif
109endif
110
111# fall back to user-space stack protector if user-space SCS is off
112ifneq (true,$(call TOBOOL,$(USER_SCS_ENABLED)))
113USER_STACK_PROTECTOR ?= true
114endif
115
116# Allow the KeyMint TA implementation to be selected at build time.  This needs to be
117# done in sync with the HAL service implementation included in Android.  Possible values are:
118#
119# - Rust implementation:   export TRUSTY_KEYMINT_IMPL=rust
120# - C++ implementation:    (any other value of TRUSTY_KEYMINT_IMPL)
121
122ifeq ($(TRUSTY_KEYMINT_IMPL),rust)
123    TRUSTY_KEYMINT_USER_TASK := trusty/user/app/keymint/app
124else
125    # Default to the C++ implementation
126    TRUSTY_KEYMINT_USER_TASK := trusty/user/app/keymaster
127endif
128
129# Allow inclusion of the Secretkeeper TA to be selected at build time.
130ifeq (true,$(call TOBOOL,$(SECRETKEEPER_ENABLED)))
131     TRUSTY_SECRETKEEPER_USER_TASK := trusty/user/app/secretkeeper/app
132endif
133
134#
135# Modules to be compiled into lk.bin
136#
137MODULES += \
138	trusty/kernel/lib/trusty \
139	trusty/kernel/lib/metrics \
140	trusty/kernel/services/apploader \
141	trusty/kernel/services/smc \
142
143# Add lib/sm by default but allow building without it
144LIB_SM_ENABLED ?= true
145ifeq (true,$(call TOBOOL,$(LIB_SM_ENABLED)))
146    MODULES += \
147		trusty/kernel/lib/memlog \
148		trusty/kernel/lib/sm \
149
150endif
151
152#
153# Set user space arch
154#
155ifeq (true,$(call TOBOOL,$(KERNEL_32BIT)))
156TRUSTY_USER_ARCH := arm
157else
158ifeq (true,$(call TOBOOL,$(USER_32BIT)))
159TRUSTY_USER_ARCH := arm
160GLOBAL_DEFINES += USER_32BIT=1
161else
162TRUSTY_USER_ARCH := arm64
163endif
164endif
165
166#
167# user tasks to be compiled into lk.bin
168#
169
170# prebuilt
171TRUSTY_PREBUILT_USER_TASKS :=
172
173# compiled from source
174TRUSTY_BUILTIN_USER_TASKS := \
175	trusty/user/app/avb \
176	trusty/user/app/cast-auth/app \
177	trusty/user/app/confirmationui \
178	trusty/user/app/gatekeeper \
179	$(TRUSTY_KEYMINT_USER_TASK) \
180	$(TRUSTY_SECRETKEEPER_USER_TASK) \
181	trusty/user/app/sample/hwaes \
182	trusty/user/app/sample/hwbcc \
183	trusty/user/app/sample/hwcrypto \
184	trusty/user/app/sample/hwwsk \
185	trusty/user/app/sample/secure_fb_mock_impl \
186	trusty/user/app/storage \
187	trusty/user/base/app/apploader \
188	trusty/user/base/app/device_tree \
189	trusty/user/base/app/metrics \
190	trusty/user/base/app/system_state_server_static \
191
192MODULES += \
193	trusty/user/base/app/device_tree/tests/dtb \
194	trusty/user/base/app/device_tree/tests/dtb/base \
195
196ifeq (true,$(call TOBOOL,$(USER_COVERAGE_ENABLED)))
197TRUSTY_ALL_USER_TASKS += \
198	trusty/user/base/app/coverage \
199
200endif
201
202ifeq (true,$(call TOBOOL,$(UNITTEST_COVERAGE_ENABLED)))
203TRUSTY_ALL_USER_TASKS += \
204	trusty/user/base/app/line-coverage \
205
206endif
207
208# on generic-arm64 hwcrypto requires FAKE HWRNG and HWKEY services
209WITH_FAKE_HWRNG ?= true
210WITH_FAKE_HWKEY ?= true
211WITH_FAKE_KEYBOX ?= true
212
213# This project requires trusty IPC
214WITH_TRUSTY_IPC := true
215
216SYMTAB_ENABLED ?= true
217
218# include software implementation of a SPI loopback device
219WITH_SW_SPI_LOOPBACK ?= true
220
221EXTRA_BUILDRULES += trusty/kernel/app/trusty/user-tasks.mk
222