1# Copyright (C) 2014-2015 The Android Open Source Project 2# 3# Licensed under the Apache License, Version 2.0 (the "License"); 4# you may not use this file except in compliance with the License. 5# You may obtain a copy of the License at 6# 7# http://www.apache.org/licenses/LICENSE-2.0 8# 9# Unless required by applicable law or agreed to in writing, software 10# distributed under the License is distributed on an "AS IS" BASIS, 11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12# See the License for the specific language governing permissions and 13# limitations under the License. 14# 15 16LOCAL_DIR := $(GET_LOCAL_DIR) 17NANOPB_DIR := external/nanopb-c 18LIBCPPBOR_DIR := $(if $(wildcard system/libcppbor),system/libcppbor,external/libcppbor) 19 20MODULE := $(LOCAL_DIR) 21 22MANIFEST := $(LOCAL_DIR)/manifest.json 23 24KEYMASTER_ROOT := $(TRUSTY_TOP)/system/keymaster 25 26# Uncomment the following lines to generate protobuf files and remove 27# $(KEYMASTER_DIR)/keymaster_attributes.pb.c from MODULE_SRCS. For detail 28# explanation, please see the comments in *.proto file. 29# 30#PB_GEN_DIR := $(call TOBUILDDIR,proto) 31#include trusty/user/base/make/compile_proto.mk 32#$(eval $(call compile_proto,$(LOCAL_DIR)/keymaster_attributes.proto,$(PB_GEN_DIR))) 33#MODULE_SRCS += $(NANOPB_DEPS) $(NANOPB_GENERATED_C) 34#MODULE_SRCDEPS += $(NANOPB_GENERATED_HEADER) 35#MODULE_INCLOUDES += $(PB_GEN_DIR) 36 37MODULE_SRCS += \ 38 $(KEYMASTER_ROOT)/android_keymaster/android_keymaster.cpp \ 39 $(KEYMASTER_ROOT)/android_keymaster/android_keymaster_messages.cpp \ 40 $(KEYMASTER_ROOT)/android_keymaster/android_keymaster_utils.cpp \ 41 $(KEYMASTER_ROOT)/android_keymaster/keymaster_enforcement.cpp \ 42 $(KEYMASTER_ROOT)/android_keymaster/logger.cpp \ 43 $(KEYMASTER_ROOT)/android_keymaster/authorization_set.cpp \ 44 $(KEYMASTER_ROOT)/android_keymaster/operation.cpp \ 45 $(KEYMASTER_ROOT)/android_keymaster/operation_table.cpp \ 46 $(KEYMASTER_ROOT)/android_keymaster/serializable.cpp \ 47 $(KEYMASTER_ROOT)/android_keymaster/keymaster_tags.cpp \ 48 $(KEYMASTER_ROOT)/android_keymaster/remote_provisioning_utils.cpp \ 49 $(KEYMASTER_ROOT)/cppcose/cppcose.cpp \ 50 $(KEYMASTER_ROOT)/key_blob_utils/auth_encrypted_key_blob.cpp \ 51 $(KEYMASTER_ROOT)/key_blob_utils/ocb.c \ 52 $(KEYMASTER_ROOT)/key_blob_utils/ocb_utils.cpp \ 53 $(KEYMASTER_ROOT)/km_openssl/aes_key.cpp \ 54 $(KEYMASTER_ROOT)/km_openssl/aes_operation.cpp \ 55 $(KEYMASTER_ROOT)/km_openssl/asymmetric_key.cpp \ 56 $(KEYMASTER_ROOT)/km_openssl/asymmetric_key_factory.cpp \ 57 $(KEYMASTER_ROOT)/km_openssl/attestation_record.cpp \ 58 $(KEYMASTER_ROOT)/km_openssl/attestation_utils.cpp \ 59 $(KEYMASTER_ROOT)/km_openssl/block_cipher_operation.cpp \ 60 $(KEYMASTER_ROOT)/km_openssl/certificate_utils.cpp \ 61 $(KEYMASTER_ROOT)/km_openssl/ckdf.cpp \ 62 $(KEYMASTER_ROOT)/km_openssl/curve25519_key.cpp \ 63 $(KEYMASTER_ROOT)/km_openssl/ec_key.cpp \ 64 $(KEYMASTER_ROOT)/km_openssl/ec_key_factory.cpp \ 65 $(KEYMASTER_ROOT)/km_openssl/ecdsa_operation.cpp \ 66 $(KEYMASTER_ROOT)/km_openssl/ecdh_operation.cpp \ 67 $(KEYMASTER_ROOT)/km_openssl/hmac.cpp \ 68 $(KEYMASTER_ROOT)/km_openssl/hmac_key.cpp \ 69 $(KEYMASTER_ROOT)/km_openssl/hmac_operation.cpp \ 70 $(KEYMASTER_ROOT)/km_openssl/openssl_err.cpp \ 71 $(KEYMASTER_ROOT)/km_openssl/openssl_utils.cpp \ 72 $(KEYMASTER_ROOT)/km_openssl/rsa_key.cpp \ 73 $(KEYMASTER_ROOT)/km_openssl/rsa_key_factory.cpp \ 74 $(KEYMASTER_ROOT)/km_openssl/rsa_operation.cpp \ 75 $(KEYMASTER_ROOT)/km_openssl/software_random_source.cpp \ 76 $(KEYMASTER_ROOT)/km_openssl/symmetric_key.cpp \ 77 $(KEYMASTER_ROOT)/km_openssl/triple_des_key.cpp \ 78 $(KEYMASTER_ROOT)/km_openssl/triple_des_operation.cpp \ 79 $(KEYMASTER_ROOT)/km_openssl/wrapped_key.cpp \ 80 $(LOCAL_DIR)/openssl_keymaster_enforcement.cpp \ 81 $(LOCAL_DIR)/trusty_aes_key.cpp \ 82 $(LOCAL_DIR)/trusty_keymaster.cpp \ 83 $(LOCAL_DIR)/trusty_keymaster_context.cpp \ 84 $(LOCAL_DIR)/trusty_keymaster_enforcement.cpp \ 85 $(LOCAL_DIR)/trusty_remote_provisioning_context.cpp \ 86 $(LOCAL_DIR)/trusty_secure_deletion_secret_storage.cpp \ 87 $(LOCAL_DIR)/second_imei_attestation.cpp \ 88 $(LOCAL_DIR)/secure_storage_manager.cpp \ 89 $(LOCAL_DIR)/keymaster_attributes.pb.c \ 90 $(NANOPB_DIR)/pb_common.c \ 91 $(NANOPB_DIR)/pb_encode.c \ 92 $(NANOPB_DIR)/pb_decode.c \ 93 94MODULE_INCLUDES += \ 95 $(KEYMASTER_ROOT)/include \ 96 $(KEYMASTER_ROOT)/contexts \ 97 $(KEYMASTER_ROOT) \ 98 $(TRUSTY_TOP)/hardware/libhardware/include \ 99 $(LOCAL_DIR) \ 100 $(NANOPB_DIR) \ 101 102MODULE_CPPFLAGS := -fno-short-enums 103 104MODULE_COMPILEFLAGS := -U__ANDROID__ -D__TRUSTY__ -std=c++17 105 106# Set to true to fallback to soft_attestation_cert if not provisioned. 107# Note that KeyMint1 does not mandate factory provisioning, so the SW 108# fallback is a perfectly-legitimate state. KeyMint2 will disallow 109# factory provisioning and SW fallback will become irrelevant. 110KEYMASTER_SOFT_ATTESTATION_FALLBACK ?= true 111ifeq (true,$(call TOBOOL,$(KEYMASTER_SOFT_ATTESTATION_FALLBACK))) 112MODULE_SRCS += \ 113 $(KEYMASTER_ROOT)/contexts/soft_attestation_cert.cpp \ 114 115MODULE_COMPILEFLAGS += -DKEYMASTER_SOFT_ATTESTATION_FALLBACK=1 116endif 117 118# 119# Defining KEYMASTER_DEBUG will allow configure() to succeed without root of 120# trust from bootloader. 121# 122ifeq (true,$(call TOBOOL,$(KEYMASTER_DEBUG))) 123MODULE_COMPILEFLAGS += -DKEYMASTER_DEBUG 124endif 125 126# Add support for nanopb tag numbers > 255 and fields larger than 255 bytes or 127# 255 array entries. 128MODULE_COMPILEFLAGS += -DPB_FIELD_16BIT 129# STATIC_ASSERT in pb.h might conflict with STATIC_ASSEET in compiler.h 130MODULE_COMPILEFLAGS += -DPB_NO_STATIC_ASSERT 131 132ifdef TRUSTY_KM_WRAPPING_KEY_SIZE 133 MODULE_COMPILEFLAGS += -DTRUSTY_KM_WRAPPING_KEY_SIZE=$(TRUSTY_KM_WRAPPING_KEY_SIZE) 134endif 135 136ifdef TRUSTY_KM_KAK_SIZE 137 MODULE_COMPILEFLAGS += -DTRUSTY_KM_KAK_SIZE=$(TRUSTY_KM_KAK_SIZE) 138endif 139 140MODULE_LIBRARY_DEPS += \ 141 trusty/user/base/lib/libc-trusty \ 142 trusty/user/base/lib/libstdc++-trusty \ 143 trusty/user/base/lib/rng \ 144 trusty/user/base/lib/hwbcc/client \ 145 trusty/user/base/lib/hwkey \ 146 trusty/user/base/lib/hwwsk \ 147 trusty/user/base/lib/keybox/client \ 148 trusty/user/base/lib/storage \ 149 trusty/user/base/lib/system_state \ 150 trusty/user/base/lib/tipc \ 151 external/boringssl \ 152 $(LIBCPPBOR_DIR) \ 153 154# If KEYMASTER_WITH_HWWSK_SUPPORT is set Keymaster will be 155# compiled with Hardware Wrapped Storage key support 156ifeq (true,$(call TOBOOL,$(KEYMASTER_WITH_HWWSK_SUPPORT))) 157MODULE_DEFINES += \ 158 WITH_HWWSK_SUPPORT=1 \ 159 160endif 161 162# If KEYMASTER_WITH_FINGERPRINT_SUPPORT is set Keymaster will be 163# compiled with fingerprint authenticator support. 164ifeq (true,$(call TOBOOL,$(KEYMASTER_WITH_FINGERPRINT_SUPPORT))) 165MODULE_DEFINES += \ 166 TEE_FINGERPRINT_AUTH_SUPPORTED=1 \ 167 168endif 169 170TRUSTY_KM_RKP_VERSION ?= 3 171ifdef TRUSTY_KM_RKP_VERSION 172 MODULE_COMPILEFLAGS += -DTRUSTY_KM_RKP_VERSION=$(TRUSTY_KM_RKP_VERSION) 173endif 174 175include $(LOCAL_DIR)/ipc/rules.mk 176 177include make/trusted_app.mk 178 179# Include unit tests 180ifeq (true,$(call TOBOOL,$(TEST_BUILD))) 181include trusty/user/app/keymaster/host_unittest/rules.mk 182endif 183