1#
2# Copyright (c) 2021, Google, Inc. All rights reserved
3#
4# Permission is hereby granted, free of charge, to any person obtaining
5# a copy of this software and associated documentation files
6# (the "Software"), to deal in the Software without restriction,
7# including without limitation the rights to use, copy, modify, merge,
8# publish, distribute, sublicense, and/or sell copies of the Software,
9# and to permit persons to whom the Software is furnished to do so,
10# subject to the following conditions:
11#
12# The above copyright notice and this permission notice shall be
13# included in all copies or substantial portions of the Software.
14#
15# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
18# IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
19# CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
20# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
21# SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
22#
23
24# The following set of variables must can be passed to trusty_app.mk:
25#
26#     APP_NAME - an output file name (without extension)
27#     APP_TOP_MODULE - top module to compile
28#     APP_BUILDDIR - build directory
29#
30# To sign the app with a different key than the default one from
31# APPLOADER_SIGN_KEY_ID, set the following variable in rules.mk:
32#     APPLOADER_SIGN_KEY_ID_FOR_$(MODULE)
33#
34# To encrypt an application, set the similar encryption variable:
35#     APPLOADER_ENCRYPT_KEY_ID_FOR_$(MODULE)
36#
37# The following variable is modified and can be used by the caller:
38#     LOADABLE_APP_LIST - list of loadable app locations
39
40# Build a loadable application
41ifeq ($(strip $(LOADABLE_APP_TOOL)),)
42LOADABLE_APP_TOOL := $(BUILDDIR)/host_tools/apploader_package_tool
43endif
44
45ifeq ($(strip $(APP_ELF)),)
46APP_ELF := $(_MODULES_$(APP_TOP_MODULE)_TRUSTY_APP_ELF)
47endif
48ifeq ($(strip $(APP_MANIFEST)),)
49APP_MANIFEST := $(_MODULES_$(APP_TOP_MODULE)_TRUSTY_APP_MANIFEST_BIN)
50endif
51
52INITIAL_APP := $(patsubst %.elf,%.app.initial,$(APP_ELF))
53LOADABLE_APP := $(patsubst %.elf,%.app,$(APP_ELF))
54
55$(INITIAL_APP): LOADABLE_APP_TOOL := $(LOADABLE_APP_TOOL)
56$(INITIAL_APP): LOG_NAME := $(APP_TOP_MODULE)
57$(INITIAL_APP): $(APP_ELF) $(APP_MANIFEST) $(LOADABLE_APP_TOOL)
58	@$(MKDIR)
59	@$(call ECHO,$(LOG_NAME),building app,$@)
60	$(NOECHO)$(LOADABLE_APP_TOOL) -m build $@ $< $(word 2,$^)
61	@$(call ECHO_DONE_SILENT,$(LOG_NAME),building app,$@)
62
63ifneq ($(APPLOADER_ENCRYPT_KEY_ID_FOR_$(APP_TOP_MODULE)),)
64APP_ENCRYPT_KEY_ID := $(APPLOADER_ENCRYPT_KEY_ID_FOR_$(APP_TOP_MODULE))
65APP_ENCRYPT_KEY_FILE := $(APPLOADER_ENCRYPT_KEY_$(APP_ENCRYPT_KEY_ID)_FILE)
66endif
67
68ifneq ($(APP_ENCRYPT_KEY_FILE),)
69ENCRYPTED_APP := $(patsubst %.elf,%.app.encrypted,$(APP_ELF))
70
71$(ENCRYPTED_APP): LOADABLE_APP_TOOL := $(LOADABLE_APP_TOOL)
72$(ENCRYPTED_APP): APP_ENCRYPT_KEY_FILE := $(APP_ENCRYPT_KEY_FILE)
73$(ENCRYPTED_APP): APP_ENCRYPT_KEY_ID := $(APP_ENCRYPT_KEY_ID)
74$(ENCRYPTED_APP): LOG_NAME := $(APP_TOP_MODULE)
75$(ENCRYPTED_APP): $(INITIAL_APP) $(APP_ENCRYPT_KEY_FILE) $(LOADABLE_APP_TOOL)
76	@$(MKDIR)
77	@$(call ECHO,$(LOG_NAME),building app,$@)
78	$(NOECHO)$(LOADABLE_APP_TOOL) -m encrypt $@ $< \
79		$(APP_ENCRYPT_KEY_FILE) $(APP_ENCRYPT_KEY_ID)
80	@$(call ECHO_DONE_SILENT,$(LOG_NAME),building app,$@)
81
82UNSIGNED_APP := $(ENCRYPTED_APP)
83else
84UNSIGNED_APP := $(INITIAL_APP)
85endif
86
87# If we have an app-specific key identifier then use it,
88# otherwise use the global default
89ifneq ($(APPLOADER_SIGN_KEY_ID_FOR_$(APP_TOP_MODULE)),)
90APP_SIGN_KEY_ID := $(APPLOADER_SIGN_KEY_ID_FOR_$(APP_TOP_MODULE))
91else
92APP_SIGN_KEY_ID := $(APPLOADER_SIGN_KEY_ID)
93endif
94
95ifneq ($(APP_SIGN_KEY_ID),)
96APP_SIGN_KEY_FILE := $(APPLOADER_SIGN_PRIVATE_KEY_$(APP_SIGN_KEY_ID)_FILE)
97endif
98
99ifneq ($(APP_SIGN_KEY_FILE),)
100$(LOADABLE_APP): LOADABLE_APP_TOOL := $(LOADABLE_APP_TOOL)
101$(LOADABLE_APP): APP_SIGN_KEY_FILE := $(APP_SIGN_KEY_FILE)
102$(LOADABLE_APP): APP_SIGN_KEY_ID := $(APP_SIGN_KEY_ID)
103$(LOADABLE_APP): LOG_NAME := $(APP_TOP_MODULE)
104$(LOADABLE_APP): $(UNSIGNED_APP) $(APP_SIGN_KEY_FILE) $(LOADABLE_APP_TOOL)
105	@$(MKDIR)
106	@$(call ECHO,$(LOG_NAME),building app,$@)
107	$(NOECHO)$(LOADABLE_APP_TOOL) -m sign $@ $< \
108		$(APP_SIGN_KEY_FILE) $(APP_SIGN_KEY_ID)
109	@$(call ECHO_DONE_SILENT,$(LOG_NAME),building app,$@)
110else
111# If we don't have a signature file, just use the unsigned file as the output
112# This is needed because modules that import loadable apps, e.g.,
113# app-mgmt-test, need the app files to exist
114# Note: apploader will refuse to load the unsigned application
115$(LOADABLE_APP): LOG_NAME := $(APP_TOP_MODULE)
116$(LOADABLE_APP): $(UNSIGNED_APP)
117	@$(MKDIR)
118	@$(call ECHO,$(LOG_NAME),building app,$@)
119	@cp $< $@
120	@$(call ECHO_DONE_SILENT,$(LOG_NAME),building app,$@)
121
122$(warning Loadable application is not signed: $(LOADABLE_APP))
123endif
124
125GENERATED += $(LOADABLE_APP)
126EXTRA_BUILDDEPS += $(LOADABLE_APP)
127LOADABLE_APP_LIST += $(LOADABLE_APP)
128
129# Reset local variables
130APP_NAME :=
131APP_BUILDDIR :=
132APP_TOP_MODULE :=
133
134LOADABLE_APP_TOOL :=
135APP_ELF :=
136APP_MANIFEST :=
137
138INITIAL_APP :=
139UNSIGNED_APP :=
140ENCRYPTED_APP :=
141LOADABLE_APP :=
142
143APP_SIGN_KEY_ID :=
144APP_SIGN_KEY_FILE :=
145APP_ENCRYPT_KEY_ID :=
146APP_ENCRYPT_KEY_FILE :=
147