# In Samsung Ukraine R&D Center (SRK) under a contract between # LLC "Samsung Electronics Ukraine Company" (Kyiv, Ukraine) # and "Samsung Electronics Co", Ltd (Seoul, Republic of Korea) # Copyright: (c) Samsung Electronics Co, Ltd 2020. All rights reserved. ########################### # WSM Trusted Application ########################### # # TODO: provide correct parsing rules for WSM VERSIONS # ########################### TRUSTLET_DIR := $(KINIBI_TA_BUILD_ROOT)/kinibi_source/$(TA_NAME)/Locals/Code # ARMCC TOOLCHAIN arch, values - 32/64 CONFIG_TOOLCHAIN_ARCH=64 # Set YES, if SCRYPTO enabled CONFIG_USE_SCRYPTO := ifneq (,$(filter $(strip $(TA_TARGET_SOC)), mt6768)) CONFIG_USE_SCRYPTO := YES endif # Mobicore parameters # output binary name without path or extension OUTPUT_NAME := tlwsm TRUSTLET_UUID := ffffffff000000000000000000000030 TRUSTLET_MEMTYPE := 2 # external memory used TRUSTLET_NO_OF_THREADS := 1 # has to be 1 for Trustlets TRUSTLET_SERVICE_TYPE := 3 # 3: system trustlet TRUSTLET_INSTANCES := 1 # min: 1; max: 16 # 0: no flag; # 1: permanent; # 2: service has no WSM control interface; # 3: both (permanent and service has not WSM control interface); 4: debuggable # 8: set extended memory to TA or Driver. R7 uses k500, it doesn't allow TA or driver having legacy memory layout TRUSTLET_FLAGS := 8 # Memory limitation, see some comments in task WSM-1073 TBASE_API_LEVEL := 5 HEAP_SIZE_INIT := 262144 HEAP_SIZE_MAX := 430080 ENABLE_STACK_PROTECTION := true # Set x32 compiler ARM_RVCT_PATH_BIN = $(ARM_RVCT_PATH)/bin/linux_x86_$(CONFIG_TOOLCHAIN_ARCH) arm_cc_version := $(shell $(ARM_RVCT_PATH_BIN)/armcc --vsn) # Print General Info $(info =======================================) $(info [WSM] - TA_NAME = $(TA_NAME)) $(info [WSM] - OUTPUT_NAME = $(OUTPUT_NAME)) $(info [WSM] - TRUSTLET_DIR = $(TRUSTLET_DIR)) $(info [WSM] - KINIBI_TA_BUILD_ROOT = $(KINIBI_TA_BUILD_ROOT)) $(info [WSM] - TLSDK_DIR_SRC = $(TLSDK_DIR_SRC)) $(info [WSM] - ARM_RVCT_PATH = $(ARM_RVCT_PATH)) $(info [WSM] - ARM_RVCT_PATH_BIN = $(ARM_RVCT_PATH_BIN)) $(info [WSM] - ARMCC version = $(arm_cc_version)) $(info [WSM] - TARGET_BUILD_VARIANT = $(TARGET_BUILD_VARIANT)) $(info [WSM] - TA_TARGET_SOC = $(TA_TARGET_SOC)) $(info [WSM] - CONFIG_USE_SCRYPTO = $(CONFIG_USE_SCRYPTO)) $(info [WSM] - TZ_SCRYPTO_VERSION = $(TZ_SCRYPTO_VERSION)) $(info [WSM] - TZ_SCRYPTO_LIB32 = $(TZ_SCRYPTO_LIB32)) $(info [WSM] - TZ_SCRYPTO_TOOLS_IMPRINT = $(TZ_SCRYPTO_TOOLS_IMPRINT)) $(info [WSM] - PROCA_ENABLE = $(PROCA_ENABLE)) $(info [WSM] - TZ_PROCA_LIB_VERSION = $(TZ_PROCA_LIB_VERSION)) $(info [WSM] - TZ_PROCA_HEADER_PATH = $(TZ_PROCA_HEADER_PATH)) $(info [WSM] - TZ_PROCA_LIB_PATH = $(TZ_PROCA_LIB_PATH)) $(info [WSM] - TZ_PROCA_LIB32 = $(TZ_PROCA_LIB32)) $(info =======================================) # Add include path here INCLUDE_DIRS += \ $(TLSDK_DIR_SRC)/Public \ $(TLSDK_DIR_SRC)/Internal \ $(TLSDK_DIR_SRC)/Public/MobiCore/inc \ $(TLSDK_DIR_SRC)/Public/MobiCore/inc/TlApi \ \ $(TRUSTLET_DIR)/src \ $(TRUSTLET_DIR)/include \ \ $(TRUSTLET_DIR)/src/crypto/inc \ $(TRUSTLET_DIR)/src/crypto/inc/private \ $(TRUSTLET_DIR)/src/crypto/src_v2/inc \ $(TRUSTLET_DIR)/src/crypto/src/crypto_impl \ $(TRUSTLET_DIR)/src/crypto/src/ta_cmd \ $(TRUSTLET_DIR)/src/crypto/src/openssl_impl \ \ $(TRUSTLET_DIR)/src/authentication/inc \ $(TRUSTLET_DIR)/src/authentication/inc/private \ \ $(TRUSTLET_DIR)/src/key_manager/inc/ta_cmd \ $(TRUSTLET_DIR)/src/key_manager/inc/private \ $(TRUSTLET_DIR)/src/key_manager/inc \ $(TRUSTLET_DIR)/src/key_storage/inc \ \ $(TRUSTLET_DIR)/src/common/include \ $(TRUSTLET_DIR)/src/common/log/inc \ $(TRUSTLET_DIR)/src/common/list/inc \ $(TRUSTLET_DIR)/src/common/random \ $(TRUSTLET_DIR)/src/common/malloc_wrapper/inc \ $(TRUSTLET_DIR)/src/common/utilities/inc \ $(TRUSTLET_DIR)/src/common/version \ $(TRUSTLET_DIR)/src/common/performance/inc \ $(TRUSTLET_DIR)/src/common/pbkdf/ta_cmd \ $(TRUSTLET_DIR)/src/common/pbkdf/inc \ $(TRUSTLET_DIR)/src/common/crc32 \ \ $(TRUSTLET_DIR)/src/daemon/inc \ \ $(TRUSTLET_DIR)/swd/common/libc_functions/inc \ $(TRUSTLET_DIR)/swd/common SRC_C += \ $(TRUSTLET_DIR)/swd/mc/mcAgentMain.c \ $(TRUSTLET_DIR)/swd/mc/stack_protection.c \ $(TRUSTLET_DIR)/swd/common/libc_functions/src/libc_functions.c \ $(TRUSTLET_DIR)/swd/common/libc_functions/src/memmgrs.c \ $(TRUSTLET_DIR)/swd/common/custom_so.c \ $(TRUSTLET_DIR)/swd/common/deleg_wrap_unwrap.c \ $(TRUSTLET_DIR)/swd/common/tl_handler.c \ $(TRUSTLET_DIR)/swd/common/tz_proca_handler.c \ \ $(TRUSTLET_DIR)/src/common/crc32/crc32.c \ $(TRUSTLET_DIR)/src/common/list/src/wsm_list.c \ $(TRUSTLET_DIR)/src/common/log/src/wsm_log.c \ $(TRUSTLET_DIR)/src/common/malloc_wrapper/src/malloc_wrapper.c \ $(TRUSTLET_DIR)/src/common/pbkdf/src/pbkdf_hmac_sha256.c \ $(TRUSTLET_DIR)/src/common/random/wsm_rand.c \ $(TRUSTLET_DIR)/src/common/utilities/src/memory_utilities.c \ $(TRUSTLET_DIR)/src/common/utilities/src/string_utilities.c \ $(TRUSTLET_DIR)/src/common/utilities/src/utilities.c \ $(TRUSTLET_DIR)/src/common/version/version_info.c \ \ $(TRUSTLET_DIR)/src/authentication/src/esap_v1/esap_v1.c \ $(TRUSTLET_DIR)/src/authentication/src/esap_v1/ta_esap_v1_cmd.c \ $(TRUSTLET_DIR)/src/authentication/src/esap_v1/wsm_v1_auth_utilities.c \ $(TRUSTLET_DIR)/src/authentication/src/protocol_v2/protocol_v2.c \ $(TRUSTLET_DIR)/src/authentication/src/protocol_v2/ta_protocol_v2_cmd.c \ $(TRUSTLET_DIR)/src/authentication/src/protocol_v2/wsm_v2_auth_utilities.c \ $(TRUSTLET_DIR)/src/authentication/src/auth_utilities.c \ \ $(TRUSTLET_DIR)/src/crypto/src/crypto_impl/wsm_crypto_common.c \ $(TRUSTLET_DIR)/src/crypto/src/crypto_impl/wsm_v1_crypto.c \ $(TRUSTLET_DIR)/src/crypto/src/crypto_impl/wsm_v2_crypto.c \ $(TRUSTLET_DIR)/src/crypto/src/crypto_impl/wsm_v3_crypto.c \ $(TRUSTLET_DIR)/src/crypto/src/openssl_impl/openssl_aes_core.c \ $(TRUSTLET_DIR)/src/crypto/src/openssl_impl/wsm_openssl_util.c \ $(TRUSTLET_DIR)/src/crypto/src/ta_cmd/cm_ta_cmd.c \ $(TRUSTLET_DIR)/src/crypto/src_v2/src/psk.c \ $(TRUSTLET_DIR)/src/crypto/src_v2/src/wsm_v1.c \ $(TRUSTLET_DIR)/src/crypto/src_v2/src/wsm_v2.c \ \ $(TRUSTLET_DIR)/src/key_manager/src/ta_cmd/km_ta_cmd.c \ $(TRUSTLET_DIR)/src/key_manager/src/appskey_type_aes.c \ $(TRUSTLET_DIR)/src/key_manager/src/km_impl.c \ $(TRUSTLET_DIR)/src/key_storage/src/key_storage.c \ $(TRUSTLET_DIR)/src/key_storage/src/key_storage_eeal.c \ $(TRUSTLET_DIR)/src/key_storage/src/key_storage_stub_eeal.c \ $(TRUSTLET_DIR)/src/key_storage/src/key_storage_impl.c # parsing version file CONFIG_BASELINE_CL := $(shell head -n 2 $(TRUSTLET_DIR)/version_ta | tail -n 1 $(TRUSTLET_DIR)/version_ta) CONFIG_WSM_VERSION := $(shell head -n 1 $(TRUSTLET_DIR)/version_ta) CONFIG_WSM_VERSION_MAJOR := $(shell head -n 1 $(TRUSTLET_DIR)/version_ta | cut -d "." -f 1) CONFIG_WSM_VERSION_MINOR := $(shell head -n 1 $(TRUSTLET_DIR)/version_ta | cut -d "." -f 2) CONFIG_WSM_VERSION_PATCH := $(shell head -n 1 $(TRUSTLET_DIR)/version_ta | cut -d "." -f 3) # Some flags which added or removed # # --diag_suppress=1301 : To fix "wsm_types.h: #1301-D: padding inserted in struct 'anonymous'" # -DNWD_PLATFORM=42 : To fix "zero used for undefined preprocessing identifier "NWD_PLATFORM"" # -Wall -Wextra -Wno-unused : Mobicore compiler doesn't have these flags # --protect_stack : Removed due to: Fatal error: C3900U: Unrecognized option '--protect_stack' # --protect_stack_all : Removed due to: Fatal error: C3900U: Unrecognized option '--protect_stack_all' TRUSTLET_OPTS += \ -O0 --c99 -g --brief_diagnostics \ --diag_error=warning \ --diag_suppress=1301 \ \ -DTA_BUILD \ -DSWD \ -DTEE \ -DMOBICORE \ -DENABLE_TBASE_LOGGING \ -DWSM_MOBICORE \ -DNWD_PLATFORM=42 \ -DTA_SOURCE_BUILD \ \ -DVERSION_NUMBER=\"$(CONFIG_WSM_VERSION)\" \ -DBASELINE_CL=\"$(CONFIG_BASELINE_CL)\" \ -DVERSION_NUMBER_MAJOR=$(CONFIG_WSM_VERSION_MAJOR) \ -DVERSION_NUMBER_MINOR=$(CONFIG_WSM_VERSION_MINOR) \ -DVERSION_NUMBER_PATCH=$(CONFIG_WSM_VERSION_PATCH) ifneq (,$(filter $(strip $(TA_TARGET_SOC)), mt6768)) TA_LINK_OPTS += --diag_suppress=L6242E \ --diag_suppress=L6915E TRUSTLET_OPTS += --diag_suppress=191 \ -DNO_STACK_CHK_IMPLEMENTED \ -DSTACK_CHK_FAIL_IMPLEMENTED endif # ------------------------------------------------------ # Patch SDK/KINIBI/exynos7885/400C/t-base-dev-kit/t-sdk/TlSdk/trustlet.mk # due-to issue for x32: Fatal error: L3900U: Unrecognized option '--remarks'. # Below line which remove '--remarks' # ------------------------------------------------------ $(shell sed -i '/--remarks/d' $(TLSDK_DIR_SRC)/trustlet.mk) # ------------------------------------------------------ # Debug / Release mode # ------------------------------------------------------ ifneq (,$(filter $(strip $(TARGET_BUILD_VARIANT)), eng userdebug)) MODE := Debug TRUSTLET_OPTS += -DENABLE_DEBUGGING -D__DEBUG__ -DDEBUG -D__FILENAME__=__FILE__ else MODE := Release TRUSTLET_OPTS += -D__RELEASE__ -D__FILENAME__=\"\" -DRELEASE endif # ------------------------------------------------------ # Scrypto, temporary disable until SCYPTO fix x32 build # (PROCA and SCRYPTO always x32 for kinibi # ------------------------------------------------------ ifeq ($(CONFIG_USE_SCRYPTO),YES) # CUSTOMER_DRIVER_LIBS += $(TZ_SCRYPTO_LIB64) HW_FLOATING_POINT := Y CUSTOMER_DRIVER_LIBS += $(TZ_SCRYPTO_LIB32) SCRYPTO_IMPRINT_TOOL := $(TZ_SCRYPTO_TOOLS_IMPRINT) TRUSTLET_OPTS += -DCRYPTO_VERSION=\"$(TZ_SCRYPTO_VERSION)\" -DUSE_SCRYPTO INCLUDE_DIRS += $(TZ_SCRYPTO_HEADER_PATH) else # ------------------------------------------------------ # Boring SSL # ------------------------------------------------------ # OPENSSL_VERSION_NUMBER 0x1010007f: file: base.h CONFIG_PREBUILT_SSL_VERSION := ssl_version_0x1010007f CONFIG_BORINGSSL_DIR := $(TRUSTLET_DIR)/thirdparty/boringssl INCLUDE_DIRS += \ $(CONFIG_BORINGSSL_DIR) \ $(CONFIG_BORINGSSL_DIR)/crypto # Disable Boring SSL warnings # 177: was declared but never referenced # 188: enumerated type mixed with another type # 546: transfer of control bypasses initialization of # 1293: assignment in condition TRUSTLET_OPTS += \ --diag_suppress=177 \ --diag_suppress=188 \ --diag_suppress=546 \ --diag_suppress=1293 TRUSTLET_OPTS += \ -DUSE_CUSTOM_LIBC \ -DOWN_ALLOCATOR \ -D__FILENAME__=\"\" \ -DUSE_BORINGSSL \ -DOPENSSL_NO_ASM \ -DCRYPTO_VERSION=\"$(CONFIG_PREBUILT_SSL_VERSION)\" \ \ -DNDEBUG \ \ -DBORINGSSL_NO_CXX \ -DBORINGSSL_IMPLEMENTATION \ -DGETPID_IS_MEANINGLESS \ -DOPENSSL_STATIC_ARMCAP \ -DOPENSSL_STATIC_ARMCAP_NEON \ -DOPENSSL_STATIC_ARMCAP_AES \ -DOPENSSL_STATIC_ARMCAP_SHA1 \ -DOPENSSL_STATIC_ARMCAP_SHA256 \ -DOPENSSL_STATIC_ARMCAP_PMULL \ -DSAMSUNG_VNDK_EXT \ -DOPENSSL_NO_FP_API \ -DOPENSSL_NO_THREADS SRC_C += \ $(CONFIG_BORINGSSL_DIR)/crypto/mem.c \ $(CONFIG_BORINGSSL_DIR)/crypto/refcount_lock.c \ $(CONFIG_BORINGSSL_DIR)/crypto/ex_data.c \ $(CONFIG_BORINGSSL_DIR)/crypto/thread_none.c \ \ $(CONFIG_BORINGSSL_DIR)/crypto/dh/dh.c \ $(CONFIG_BORINGSSL_DIR)/crypto/dh/check.c \ $(CONFIG_BORINGSSL_DIR)/crypto/buf/buf.c \ $(CONFIG_BORINGSSL_DIR)/crypto/err/err.c \ $(CONFIG_BORINGSSL_DIR)/crypto/ecdh/ecdh.c \ $(CONFIG_BORINGSSL_DIR)/crypto/stack/stack.c \ $(CONFIG_BORINGSSL_DIR)/crypto/bytestring/cbs.c \ $(CONFIG_BORINGSSL_DIR)/crypto/bytestring/cbb.c \ $(CONFIG_BORINGSSL_DIR)/crypto/fipsmodule/bcm.c \ $(CONFIG_BORINGSSL_DIR)/crypto/bn_extra/convert.c \ $(CONFIG_BORINGSSL_DIR)/crypto/engine/engine.c \ $(CONFIG_BORINGSSL_DIR)/crypto/rand_extra/forkunsafe.c endif # ------------------------------------------------------ # PROCA (PROCA and SCRYPTO always x32 for kinibi) # ------------------------------------------------------ ifeq ($(PROCA_ENABLE),TRUE) TRUSTLET_OPTS += -DPROCA_FEATURE_ENABLED INCLUDE_DIRS += $(TZ_PROCA_HEADER_PATH) CUSTOMER_TA_LIBS += $(TZ_PROCA_LIB_PATH)/armeabi-v7a/pa_tz_api.a # Disable RPOCA warnings for x64 compiller ifeq ($(CONFIG_TOOLCHAIN_ARCH),64) # 66: enumeration value is out of "int" range TRUSTLET_OPTS += --diag_suppress=66 endif endif # strip dublicated includes INCLUDE_DIRS := $(sort $(INCLUDE_DIRS)) # ------------------------------------------------------ # Setup configure for signing # ------------------------------------------------------ RUNTYPE := gd_mobicore400_trustlet ifneq (,$(filter $(strip $(TA_TARGET_SOC)), mt6768)) RUNTYPE := gd_mobicore410_trustlet endif st := -servicetype $(TRUSTLET_SERVICE_TYPE) nt := -numberofthreads $(TRUSTLET_NO_OF_THREADS) ni := -numberofinstances $(TRUSTLET_INSTANCES) mt := -memtype $(TRUSTLET_MEMTYPE) f := -flags $(TRUSTLET_FLAGS) is := -initheapsize $(HEAP_SIZE_INIT) ms := -maxheapsize $(HEAP_SIZE_MAX) TRUSTLET_SIGN_CONF := "$(st) $(nt) $(ni) $(mt) $(f) $(is) $(ms)" #------------------------------------------------------------------------------- # use generic make file include $(TLSDK_DIR_SRC)/trustlet.mk #------------------------------------------------------------------------------- # imprint for app signing (SCRYPTO) ifeq ($(CONFIG_USE_SCRYPTO),YES) scrypto_hmac: $(TA_AXF) $(SCRYPTO_IMPRINT_TOOL) $< all: scrypto_hmac # Build Done. Do not remove this line endif