import os Import('env') env = env.Clone() #------------------------------------------------------------------------------ # DDAR FUNC #------------------------------------------------------------------------------ def DDAR_LOGD(str): print("\n\033[0;33;40m" + "[DDAR_DBG] " + str + "\033[0;m\n") #------------------------------------------------------------------------------ # DDAR Defines #------------------------------------------------------------------------------ ## We need to specify "neon" to generate SIMD instructions in 32-bit mode if env['PROC'] == 'scorpion': env.Append(CCFLAGS = " -mfpu=neon ") if env.has_key('USES_NO_CP'): env.Append(CCFLAGS = ' -DUSES_NO_CP ') env.Append(OUT_DIR = env['BUILD_ROOT'] + "/ssg/bsp/trustzone/qsapps/tz_ddar/build") env.Append(CFLAGS = ' -fPIC -Werror ') # For dump utilities in util.h # do not append ENABLE_DDAR_DEBUG_LOG in release binary for security env.Append(CCFLAGS = ' -DENABLE_DDAR_LOG') #env.Append(CCFLAGS = ' -DENABLE_DDAR_DEBUG_LOG') #env.Append(CPPDEFINES = 'LOG_TAG=\\\"tz_ddar\\\"') env.Append(CCFLAGS = " -D'TRUSTED_APP_NAME=\"tz_ddar\"'") env.Append(CCFLAGS = " -D'TA_VERSION=\"1.1.0\"'") env.Replace(ARM_OPT_STACK_GUARD = ' -fstack-protector-strong') CHIPSET = env['RAW_CHIPSET'] #------------------------------------------------------------------------------ # DDAR Build #------------------------------------------------------------------------------ #------------------------------------------------------------------------------ # DDAR Source PATH #------------------------------------------------------------------------------ #DDAR_ROOT_PATH = env['BUILD_ROOT'] + "/ssg/securemsm/trustzone/qsapps/tz_ddar/src" DDAR_LOGD("DDAR Build") if env['PROC'] == 'scorpion': SCRYPTO_LIB = os.environ['TZ_SCRYPTO_LIB32'] else: SCRYPTO_LIB = os.environ['TZ_SCRYPTO_LIB64'] #------------------------------------------------------------------------------ # DDAR Defines #------------------------------------------------------------------------------ # Common env.Append(CPPDEFINES = [ "OPENSSL_FIPS", "CONFIG_QSEE", "USE_SCRYPTO_LIBRARY", ]) # CHIPSET dependency env.Append(CPPDEFINES = [ CHIPSET, "QSEE_TZ_VER=5", "SCRYPTO_VER=26", ]) if env['RAW_CHIPSET'] in ['sm8150','sm8150p']: #------------------------------------------------------------------------------ # DDAR includes #------------------------------------------------------------------------------ includes = [ '#../../ssg/securemsm/tz_ddar_common/tz_common/public', '#../../ssg/securemsm/tz_ddar_common/tz_platform/public/tl', '#../../ssg/securemsm/tz_ddar_common/tz_platform/vendor/QSEE/tl', '#../../core/api/kernel/libstd/stringl', '#../../core/api/boot/qfprom', '#../../core/api/services', '#../../core/api/securemsm/crypto', '#../../ssg/api/securemsm/trustzone/qsee', '#../../ssg/securemsm/trustzone/qsapps/tz_ddar/src', '#../../ssg/securemsm/trustzone/qsapps/tz_ddar/src/shared', '#../../ssg/securemsm/trustzone/qsapps/tz_ddar/src/public', '#../../ssg/securemsm/trustzone/qsapps/tz_ddar/src/public/msgs', '#../../ssg/securemsm/tima_common/shared/inc', '#../../ssg/securemsm/secrsa/shared/inc', '#../../ssg/securemsm/secrsa/shared/src', '#../../ssg/securemsm/uclib/usr/legacy/secrsa/shared/src', '#../../ssg/securemsm/uclib/usr/legacy/secrsa/shared/inc', '#../../ssg/securemsm/uclib/usr/legacy/secmath/shared/inc', '#../../ssg/securemsm/secmath/shared/inc', '#../../ssg/securemsm/tz_common/public', '#../../ssg/securemsm/tz_platform/public/tl', '#../../ssg/securemsm/tz_platform/vendor/QSEE/tl', '#../../ssg/securemsm/tz_iccc_common/public', ] includes.append(os.environ['TZ_SCRYPTO_HEADER_PATH']) #------------------------------------------------------------------------------ # DDAR DDAR_SOURCES #------------------------------------------------------------------------------ DDAR_SOURCES = [ '../src/app_main.c', '../src/shared/dualdar_crypto_tl.c', '../src/shared/dualdar_globals.c', '../src/shared/utils.c', '../src/shared/base64.c', '../src/shared/validate_cmd.c', '../src/shared/process_cmd.c', '../src/shared/setup_password_cmd_tl.c', '../src/shared/change_password_cmd_tl.c', '../src/shared/authenticate_cmd_tl.c', '../src/shared/dualdar_init_tl.c', '../src/shared/password_utils.c', '../src/shared/SCrypto_Crypto.c', '../src/DDAR_QSEE_TZ_Vendor.c', '../../../../tz_common/tl/init_tl.c', '../../../../tz_common/tl/process_msr.c', '../../../../tz_common/tl/buffer_utils.c', '../../../../tz_iccc_common/tl/tz_iccc_common_tl.c', # ICCC '../../../../tz_platform/vendor/QSEE/tl/QSEE_TZ_Vendor.c', ] #------------------------------------------------------------------------------ # Add metadata to image #------------------------------------------------------------------------------ md = { 'appName': 'tz_ddar', 'privileges': ['default', 'I2C', 'CertValidate', 'SPI', 'TLMM', 'OEMUnwrapKeys', 'KMHal', 'OEMBuf', 'WhitelistBypass' ], 'heapSize': 0x120000, 'stackSize': 0x30000, } else: #------------------------------------------------------------------------------ # DDAR includes #------------------------------------------------------------------------------ includes = [ '#../../ssg/securemsm/tz_ddar_common/tz_common/public', '#../../ssg/securemsm/tz_ddar_common/tz_platform/public/tl', '#../../ssg/securemsm/tz_ddar_common/tz_platform/vendor/QSEE/tl', '#../../core/api/kernel/libstd/stringl', '#../../core/api/boot/qfprom', '#../../core/api/services', '#../../core/api/securemsm/crypto', '#../../ssg/api/securemsm/trustzone/qsee', '#../../ssg/securemsm/trustzone/qsapps/tz_ddar/src', '#../../ssg/securemsm/trustzone/qsapps/tz_ddar/src/shared', '#../../ssg/securemsm/trustzone/qsapps/tz_ddar/src/public', '#../../ssg/securemsm/trustzone/qsapps/tz_ddar/src/public/msgs', '#../../ssg/securemsm/tima_common/shared/inc', '#../../ssg/securemsm/secrsa/shared/inc', '#../../ssg/securemsm/secrsa/shared/src', '#../../ssg/securemsm/uclib/usr/legacy/secrsa/shared/src', '#../../ssg/securemsm/uclib/usr/legacy/secrsa/shared/inc', '#../../ssg/securemsm/uclib/usr/legacy/secmath/shared/inc', '#../../ssg/securemsm/secmath/shared/inc', '#../../ssg/securemsm/tz_iccc_common/public', ] includes.append(os.environ['TZ_SCRYPTO_HEADER_PATH']) #------------------------------------------------------------------------------ # DDAR DDAR_SOURCES #------------------------------------------------------------------------------ DDAR_SOURCES = [ '../src/app_main.c', '../src/shared/dualdar_crypto_tl.c', '../src/shared/dualdar_globals.c', '../src/shared/utils.c', '../src/shared/base64.c', '../src/shared/validate_cmd.c', '../src/shared/process_cmd.c', '../src/shared/setup_password_cmd_tl.c', '../src/shared/change_password_cmd_tl.c', '../src/shared/authenticate_cmd_tl.c', '../src/shared/dualdar_init_tl.c', '../src/shared/password_utils.c', '../src/shared/SCrypto_Crypto.c', '../src/DDAR_QSEE_TZ_Vendor.c', '../../../../tz_iccc_common/tl/tz_iccc_common_tl.c', # ICCC ] #------------------------------------------------------------------------------ # Add metadata to image #------------------------------------------------------------------------------ md = { 'appName': 'tz_ddar', 'privileges': ['default', 'I2C', 'CertValidate', 'SPI', 'TLMM', 'OEMUnwrapKeys', 'KMHal', 'OEMBuf', 'WhitelistBypass', 'ICCCReadData' # ICCC v4 TA-to-TA ], 'heapSize': 0x120000, 'stackSize': 0x30000, } #------------------------------------------------------------------------------ # Lib #------------------------------------------------------------------------------ libs = env.File(SCRYPTO_LIB.split()) #------------------------------------------------------------------------------ # Add command to Imprint HMAC #------------------------------------------------------------------------------ DDAR_TOOLS_DIR = os.environ['TZ_SCRYPTO_BASE_PATH'] + "/tools" if env['RAW_CHIPSET'] in ['sm8150','sm8150p','sm8250']: DDAR_ELF_PATH = env.subst('${OUT_DIR}/' + '${SHORT_BUILDPATH}/' + "tz_ddar.elf") else: DDAR_ELF_PATH = env.subst('${OUT_DIR}/' + "tz_ddar.elf") #DDAR_ELF_PATH = env.subst('${OUT_DIR}/' + '${SHORT_BUILDPATH}/' + "tz_ddar.elf") #DDAR_RUN_FIPS_TOOLS_COMMAND = DDAR_TOOLS_DIR + "/run_fips_tools.sh " + DDAR_ELF_PATH + " " + DDAR_TOOLS_DIR DDAR_RUN_FIPS_TOOLS_COMMAND = DDAR_TOOLS_DIR + "/run_fips_tools.sh " + DDAR_ELF_PATH DDAR_LOGD("DDAR_RUN_FIPS_TOOLS_COMMAND:" + DDAR_RUN_FIPS_TOOLS_COMMAND) DDAR_LOGD("DDAR_IMPRINT: " + DDAR_TOOLS_DIR + "/imprint256") DDAR_LOGD("TZ_SCRYPTO_TOOLS_IMPRINT : " + os.environ['TZ_SCRYPTO_TOOLS_IMPRINT']) DDAR_LOGD("DDAR_ELF_PATH: " + DDAR_ELF_PATH) env.Append(LINKCOM = " && ") env.Append(LINKCOM = DDAR_RUN_FIPS_TOOLS_COMMAND) if os.environ.get('SUPPORT_NEW_TA_BUILD', 'false') == 'true': env.Append(LINKFLAGS=' -no-threads ') DDAR_LOGD("DDAR_USE_CACHING : TRUE") else: DDAR_LOGD("DDAR_USE_CACHING : FALSE") tz_ddar_units = env.SecureAppBuilder( sources = DDAR_SOURCES, includes = includes, user_libs = [ libs ], metadata = md, image = 'tz_ddar', ) env.Alias('tz_ddar', tz_ddar_units)