################################################################################ # # TEEGRIS Makefile Template # ################################################################################ PWD := $(shell pwd) ifeq ($(SEC_SDK), sdk42) TOOLCHAIN_PATH=$(PWD)/../teegris_sdk_4_2/tools CFLAGS += -DSEC_SDK42 CFLAGS += -DSEC_SDK40 CONFIG_LDFLAGS_SECURITY := -Wl,-z,relro,-z,now ifeq ($(SEC_PRODUCT), exynos2100) CFLAGS += -DUSE_SPU CFLAGS += -DUSE_BTS endif else ifeq ($(SEC_SDK), sdk40) TOOLCHAIN_PATH=$(PWD)/../teegris_sdk_4/tools CFLAGS += -DSEC_SDK40 CONFIG_LDFLAGS_SECURITY := -Wl,-z,relro,-z,now ifeq ($(SEC_PRODUCT), exynos990) CFLAGS += -DUSE_SPU CFLAGS += -DUSE_BTS endif ifeq ($(SEC_PRODUCT), exynos980) CFLAGS += -DUSE_BTS endif else ifeq ($(SEC_SDK), sdk30) TOOLCHAIN_PATH=$(PWD)/../teegris_sdk/tools CFLAGS += -DSEC_SDK30 ifeq ($(SEC_PRODUCT), exynos9610) CFLAGS += -DUSE_BTS endif endif TA_SIGN_CERT = $(TOOLCHAIN_PATH)/teegris_authority_scripts/ta_auth_dev_ta/cert.pem TA_SIGN_KEY = $(TOOLCHAIN_PATH)/teegris_authority_scripts/ta_auth_dev_ta/private/key.pem TA_AUTH_SCRIPTS_PATH := $(TOOLCHAIN_PATH)/teegris_authority_scripts/ta_auth_scripts SIGN := $(TA_AUTH_SCRIPTS_PATH)/sign_file.sh -c $(TA_SIGN_CERT) -k $(TA_SIGN_KEY) ######################################## BUILD FLAG ######################################## CFLAGS += \ -std=gnu11 \ -O2 \ -fpie \ -fsigned-char \ -fvisibility=hidden \ -s # Add build CL CFLAGS += -DBUILD_CHANGELIST=\"CL:$(BUILD_CHANGELIST)_SCL:$(BUILD_SHELVED)\" CFLAGS += -DTA_NAME=\"$(TA_NAME)\" ifeq ($(USE_BF),true) CFLAGS += -DUSE_BF CFLAGS += -DUSE_BLOWFISH endif CC := $(TOOLCHAIN_PATH)/../toolchains/arm-secureos-gnueabi-gcc_6_3-linux-x86/bin/arm-secureos-gnueabi-gcc ifeq ($(SEC_PRODUCT), exynos9820) CFLAGS += -DEXYNOS9820 else ifeq ($(SEC_PRODUCT), exynos990) CFLAGS += -DEXYNOS990 else ifeq ($(SEC_PRODUCT), exynos980) CFLAGS += -DEXYNOS980 else ifeq ($(SEC_PRODUCT), exynos2100) CFLAGS += -DEXYNOS2100 endif ifeq ($(ENABLE_DBG_LOG),true) CFLAGS += -DENABLE_DBG_LOG endif CFLAGS += -DTA_VERSION=\"$(_VERSION_)\" CFLAGS += -DENABLE_TA_ERR_MSG ifeq ($(MODE_DEBUG),true) CFLAGS += -DDEBUG_COLDWALLET -DENABLE_DBG_LOG -DLOW_ENV endif ifeq ($(MOCK),true) CFLAGS += -DENABLE_MOCK endif ifeq ($(STAGING_ENV),true) CFLAGS += -DSTAGING_ENV endif ifeq ($(MODE_DEBUGTOOL),true) CFLAGS += -DDEBUG_COLDWALLET -DENABLE_DBG_LOG endif ifeq ($(MODE_PERF), true) CFLAGS += -DPERF_BC_CORE endif ifeq ($(LOW_ENV),true) CFLAGS += -DLOW_ENV endif ifeq ($(USE_SCRYPTO),true) CFLAGS += -DSCRYPTO -DENABLE_SC_IPC endif ifeq ($(USE_OPENSSL_DES),true) CFLAGS += -DUSE_OPENSSL_DES endif ifeq ($(BC_CORE),true) CFLAGS += -DCOLD_WALLET CFLAGS += -DuECC_SUPPORTS_secp256k1 endif ifeq ($(ICCC_ENABLED),true) CFLAGS += -DICCC_ENABLED endif CFLAGS += \ -DOPENSSL_NO_DSA \ -DOPENSSL_NO_DH \ -DOPENSSL_NO_ENGINE \ -DOPENSSL_NO_CMS \ -DOPENSSL_NO_STDIO \ -DOPENSSL_NO_LOCKING \ -DOPENSSL_NO_BIO \ -DOPENSSL_NO_PKCS7 \ -DOPENSSL_NO_DEPRECATED \ -DOPENSSL_NO_ERR \ -DOPENSSL_NO_LHASH \ -DOPENSSL_NO_EVP \ -DOPENSSL_NO_ECDH \ -DOPENSSL_NO_RSA \ -DOPENSSL_NO_SHA \ -DOPENSSL_NO_SHA0 \ -DOPENSSL_NO_SHA1 \ -DOPENSSL_NO_SHA256 \ -DOPENSSL_NO_SHA384 \ -DOPENSSL_NO_SHA512 \ -DOPENSSL_EXPORT_VAR_AS_FUNCTION \ -DGETPID_IS_MEANINGLESS \ -DNO_SYS_TYPES_H \ -DCUSTOM_LIBC # -DOPENSSL_NO_EC \ # -DOPENSSL_NO_ECDSA \ # -DOWN_ALLOCATOR \ # -DSWD \ ######################################## BUILD FLAG ######################################## ifeq ($(SEC_SDK), sdk42) SW_LIB_PATH := $(PWD)/../teegris_sdk_4_2/platforms/TEEGRIS-4.2/swd/arch-arm/usr/lib SW_LIB_INCLUDE := $(PWD)/../teegris_sdk_4_2/platforms/TEEGRIS-4.2/swd/arch-arm/usr/include else ifeq ($(SEC_SDK), sdk40) SW_LIB_PATH := $(PWD)/../teegris_sdk_4/platforms/TEEGRIS-4.1/swd/arch-arm/usr/lib SW_LIB_INCLUDE := $(PWD)/../teegris_sdk_4/platforms/TEEGRIS-4.1/swd/arch-arm/usr/include endif DIGITAL_KEY_SRC = $(PWD)/src DIGITAL_KEY_SRC_SCP03 = $(DIGITAL_KEY_SRC)/scp03 DIGITAL_KEY_SRC_BASE = $(DIGITAL_KEY_SRC)/base DIGITAL_KEY_SRC_ECDSA = $(DIGITAL_KEY_SRC)/ecdsa DIGITAL_KEY_SRC_ED25519 = $(DIGITAL_KEY_SRC)/ed25519-donna DIGITAL_KEY_SRC_LIBBTC = $(DIGITAL_KEY_SRC)/libbtc DIGITAL_KEY_INC = $(PWD)/inc DIGITAL_KEY_MSG = $(PWD)/inc/msgs DIGITAL_KEY_SCP03 =$(PWD)/inc/scp03 DIGITAL_KEY_SHARED =$(PWD)/inc/shared DIGITAL_KEY_OUT = $(PWD)/Out TZ_PLATFORM_INC = $(PWD)/../tz_platform/public/tl TZ_PLATFORM_INC2 = $(PWD)/../tz_platform/public/tlc TZ_PLATFORM_VENDOR_INC = $(PWD)/../tz_platform/vendor/TEEGRIS/inc TIMA_COMMON_INC = $(PWD)/../tima_common/inc TZ_PLATFORM_ICCC_INC = $(PWD)/../tz_platform/vendor/iccc/inc TZ_PLATFORM_ESE_INC = $(PWD)/../tz_platform/vendor/ese/header_libs/swd/header/iso7816 TZ_COMMON_INC = $(PWD)/../tz_common/public DK_LIB = $(PWD)/lib DK_LIB_LIBC = $(PWD)/lib/libc_functions DK_LIB_OPENSSL = $(PWD)/lib/openssl DK_LIB_OPENSSL_AES = $(PWD)/lib/openssl/aes DK_LIB_OPENSSL_ASN1 = $(PWD)/lib/openssl/asn1 DK_LIB_OPENSSL_BIO = $(PWD)/lib/openssl/bio DK_LIB_OPENSSL_BUF = $(PWD)/lib/openssl/buffer DK_LIB_OPENSSL_ERR = $(PWD)/lib/openssl/err DK_LIB_OPENSSL_EVP = $(PWD)/lib/openssl/evp DK_LIB_OPENSSL_MOD = $(PWD)/lib/openssl/modes DK_LIB_OPENSSL_OBJ = $(PWD)/lib/openssl/objects DK_LIB_OPENSSL_RSA = $(PWD)/lib/openssl/rsa DK_LIB_OPENSSL_SHA = $(PWD)/lib/openssl/sha DK_LIB_OPENSSL_STA = $(PWD)/lib/openssl/stack # COMMON/bc_core/shared/libsodium/include # COMMON/bc_core/shared/libsodium/include/sodium $(warning ###### Check DIGITAL_KEY_SRC:($(DIGITAL_KEY_SRC))) $(warning ###### Check DID_INDY_INC:($(DIGITAL_KEY_SRC_DID_INDY_INC))) CFLAGS += -I. \ -I$(SW_LIB_INCLUDE) \ -I$(DIGITAL_KEY_SRC) \ -I$(DIGITAL_KEY_SRC_SCP03) \ -I$(DIGITAL_KEY_SRC_BASE) \ -I$(DIGITAL_KEY_SRC_ECDSA) \ -I$(DIGITAL_KEY_SRC_ED25519) \ -I$(DIGITAL_KEY_SRC_LIBBTC) \ -I$(DIGITAL_KEY_INC) \ -I$(DIGITAL_KEY_MSG) \ -I$(DIGITAL_KEY_SCP03) \ -I$(DIGITAL_KEY_SHARED) \ -I$(TIMA_COMMON_INC) \ -I$(TZ_PLATFORM_INC) \ -I$(TZ_PLATFORM_INC2) \ -I$(TZ_PLATFORM_VENDOR_INC) \ -L$(SW_LIB_PATH) \ -I$(TZ_PLATFORM_ICCC_INC) \ -I$(TZ_PLATFORM_ESE_INC) \ -I$(TZ_COMMON_INC) \ -I$(DK_LIB) \ -I$(DK_LIB_LIBC) \ -I$(DK_LIB_OPENSSL) \ -I$(DK_LIB_OPENSSL_AES) \ -I$(DK_LIB_OPENSSL_ASN1) \ -I$(DK_LIB_OPENSSL_BIO) \ -I$(DK_LIB_OPENSSL_BUF) \ -I$(DK_LIB_OPENSSL_ERR) \ -I$(DK_LIB_OPENSSL_EVP) \ -I$(DK_LIB_OPENSSL_MOD) \ -I$(DK_LIB_OPENSSL_OBJ) \ -I$(DK_LIB_OPENSSL_RSA) \ -I$(DK_LIB_OPENSSL_SHA) \ -I$(DK_LIB_OPENSSL_STA) \ -lteesl \ -ltzsl \ -lpthread \ -lscrypto \ -lmath # -Werror \ # -Wall \ $(warning ###### Check CFLAG:($(CFLAGS))) SRCS := $(DIGITAL_KEY_SRC)/../../tz_platform/vendor/TEEGRIS/src/cm_api.c \ $(DIGITAL_KEY_SRC)/../../tz_platform/vendor/TEEGRIS/src/spu_crypto.c \ $(DIGITAL_KEY_SRC)/../../tz_platform/vendor/TEEGRIS/src/BF_TZ_vendor.c \ $(DIGITAL_KEY_SRC)/tl_dk_ctx.c \ $(DIGITAL_KEY_SRC)/Close_Secure_Channel.c \ $(DIGITAL_KEY_SRC)/dk_abstraction.c \ $(DIGITAL_KEY_SRC)/dk_apdu.c \ $(DIGITAL_KEY_SRC)/dk_attn.c \ $(DIGITAL_KEY_SRC)/dk_channel.c \ $(DIGITAL_KEY_SRC)/dk_cmd_external_authenticate.c \ $(DIGITAL_KEY_SRC)/dk_cmd_get_data.c \ $(DIGITAL_KEY_SRC)/dk_cmd_get_response.c \ $(DIGITAL_KEY_SRC)/dk_cmd_initialize_update.c \ $(DIGITAL_KEY_SRC)/dk_crypto.c \ $(DIGITAL_KEY_SRC)/dk_scp_common.c \ $(DIGITAL_KEY_SRC)/dk_scp_utils.c \ $(DIGITAL_KEY_SRC)/dk_utils.c \ $(DIGITAL_KEY_SRC)/dk_wrapper.c \ $(DIGITAL_KEY_SRC)/Finalize_tl.c \ $(DIGITAL_KEY_SRC)/Initialize_tl.c \ $(DIGITAL_KEY_SRC)/Send_APDU.c \ $(DIGITAL_KEY_SRC)/scp03/GPCmd.c \ $(DIGITAL_KEY_SRC)/scp03/SCP03_cmdGenerator.c \ $(DIGITAL_KEY_SRC)/scp03/SCP03_crypto.c \ $(DIGITAL_KEY_SRC)/scp03/SCP03_kdf.c \ $(DIGITAL_KEY_SRC)/scp03/SCP03_rspParser.c \ $(DIGITAL_KEY_SRC)/scp03/SCP03_test.c \ $(DIGITAL_KEY_SRC)/scp03/SCP03_tools.c \ $(DIGITAL_KEY_SRC)/scp03/SCP03_transceive.c \ $(DIGITAL_KEY_SRC)/SCP03Lib.c \ $(DIGITAL_KEY_SRC)/process_cmd.c \ $(DIGITAL_KEY_SRC)/bf_digital_key_entry.c \ $(DK_LIB_OPENSSL)/mem_clr.c \ $(DK_LIB_OPENSSL)/mem.c \ $(DK_LIB_OPENSSL)/o_init.c \ $(DK_LIB_OPENSSL)/aes/aes_core.c \ $(DK_LIB_OPENSSL)/aes/aes_ctr.c \ $(DK_LIB_OPENSSL)/aes/aes_misc.c \ $(DK_LIB_OPENSSL)/aes/aes_cbc.c \ $(DK_LIB_OPENSSL)/evp/c_all.c \ $(DK_LIB_OPENSSL)/evp/c_allc.c \ $(DK_LIB_OPENSSL)/evp/c_alld.c \ $(DK_LIB_OPENSSL)/modes/ctr128.c \ $(DK_LIB_OPENSSL)/modes/gcm128.c \ $(DK_LIB_OPENSSL)/modes/cbc128.c #SRCS := $(wildcard $(DIGITAL_KEY_SRC)/*.c $(DIGITAL_KEY_SRC_SCP03)/*.c $(DIGITAL_KEY_SRC_BASE)/*.c $(DIGITAL_KEY_SRC_ECDSA)/*.c $(DIGITAL_KEY_SRC_ED25519)/*.c $(DIGITAL_KEY_SRC_LIBBTC)/*.c $(DIGITAL_KEY_SRC)/*.cxx) # Compile SCrypto IPC related files ifeq ($(USE_SCRYPTO),true) SRCS += $(DIGITAL_KEY_SRC)/../../tz_platform/vendor/TEEGRIS/src/SC_IPC_tl.c endif $(warning ###### Check SRCS:($(SRCS))) ### SPI (Dbg : _dbg.lib) // exynos9820 ifeq ($(SEC_PRODUCT), exynos990) ifeq ($(NFC_VENDOR), gem) # Thales $(warning ###### NFC : ($(NFC_VENDOR))) ifeq ($(ENABLE_DBG_LOG),true) CUSTOMER_DRIVER_LIB = $(PWD)/../tz_platform/vendor/ese/header_libs/swd/TEEGRIS/exynos990/debug/iso7816_gem.lib else CUSTOMER_DRIVER_LIB = $(PWD)/../tz_platform/vendor/ese/header_libs/swd/TEEGRIS/exynos990/release/iso7816_gem.lib endif else # NXP $(warning ###### NFC : ($(NFC_VENDOR))) ifeq ($(ENABLE_DBG_LOG),true) CUSTOMER_DRIVER_LIB = $(PWD)/../tz_platform/vendor/ese/header_libs/swd/TEEGRIS/exynos990/debug/iso7816_nxpV4.lib else CUSTOMER_DRIVER_LIB = $(PWD)/../tz_platform/vendor/ese/header_libs/swd/TEEGRIS/exynos990/release/iso7816_nxpV4.lib endif endif else ifeq ($(SEC_PRODUCT), exynos2100) ifeq ($(ENABLE_DBG_LOG),true) CUSTOMER_DRIVER_LIB = $(PWD)/../tz_platform/vendor/ese/header_libs/swd/TEEGRIS/exynos990/debug/iso7816_nxpV4.lib else CUSTOMER_DRIVER_LIB = $(PWD)/../tz_platform/vendor/ese/header_libs/swd/TEEGRIS/exynos990/release/iso7816_nxpV4.lib endif endif OBJS := $(patsubst %.cxx,%.o,$(patsubst %.c,%.o,$(SRCS))) ifneq ($(filter exynos990 exynos980 exynos2100, $(SEC_PRODUCT)), ) CFLAGS += -DICCC_v4 CUSTOMER_DRIVER_LIB += $(PWD)/../tz_platform/vendor/iccc/libs/$(SEC_PRODUCT)$(ICCC_ADDITIONAL_DIR)/icccOperations.ol else CUSTOMER_DRIVER_LIB += $(PWD)/../tz_platform/vendor/iccc/libs/icccOperations.ol \ $(PWD)/../tz_platform/vendor/iccc/libs/tl_tz_iccc_init.ol endif DIST = $(DIGITAL_KEY_OUT)/0000000000000000000064696769744b all: $(DIST) $(DIST): $(DIGITAL_KEY_OUT)/digital_key \ $(TA_SIGN_CERT) \ $(TA_SIGN_KEY) @$(SIGN) -a $< $@ $(DIST) $(DIGITAL_KEY_OUT)/digital_key: @mkdir -p $(DIGITAL_KEY_OUT) @$(CC) -v $(CFLAGS) $(CONFIG_LDFLAGS_SECURITY) $(SRCS) $(CUSTOMER_DRIVER_LIB) -o $@ clean: @rm -f $(OBJS) $(DIST) $(DIGITAL_KEY_OUT)/digital_key