# Be silent per default, but 'make V=1' will show all compiler calls. ifneq ($(V),1) Q = @ NULL = 2>&1 > /dev/null endif ifneq ($(HWVAULT_DEVELOPER_LOCAL_BUILD), true) # TEEGRIS TA CONFIG for RBS/PBS BUILD include $(KM_TEEGRIS_CONFIG) TEEGRIS_SDK_ROOT = $(CONFIG_SW_TOOLCHAIN_ROOT) TA_UUID = 00000000-0000-0000-0000-487641557457 HW_CRYPTO = TEEGRIS COMMON_LIB_ARCH_DIR = TEEgris ifeq ($(KM_TARGET_SOC), $(filter tg_exynos9830 tg_exynos990, $(KM_TARGET_SOC))) KM_TARGET_SOC = tg_exynos9830 SCRYPTO_VER=2_5 TEEGRIS_TZ_VER=4 else ifeq ($(KM_TARGET_SOC), $(filter tg_exynos2100, $(KM_TARGET_SOC))) KM_TARGET_SOC = tg_exynos2100 SCRYPTO_VER=2_6 TEEGRIS_TZ_VER=42 else ifeq ($(KM_TARGET_SOC), $(filter tg_s5e9925, $(KM_TARGET_SOC))) KM_TARGET_SOC = tg_s5e9925 SCRYPTO_VER=2_6 TEEGRIS_TZ_VER=42 endif TARGET_DIR = $(KM_TARGET_SOC) endif # ifneq ($(HWVAULT_DEVELOPER_LOCAL_BUILD), true) OUT_PATH=$(HWVAULT_ROOT_PATH)/released_TA/$(TARGET_DIR) HWVAULT_COMMON_LIB_PATH=$(HWVAULT_ROOT_PATH)/common/lib ifeq (TZ.BF.4.0,$(findstring TZ.BF.4.0,$(QSEE_TZ_VER))) QSEE_SECMSM_DIR=core else QSEE_SECMSM_DIR=ssg endif ifeq ($(KM_TARGET_SOC), $(filter tg_exynos2100 tg_s5e9925, $(KM_TARGET_SOC))) DRV_INTERFACE_VERSION=1 endif #------------------------------------------------------------------------------- # Defines #------------------------------------------------------------------------------- DEF = OPENSSL_FIPS DEF += $(KM_TARGET_SOC) ifeq ($(DEBUG), y) DEF += ENABLE_DBG_STRINGS=1 DEF += TL_DEBUG DEF += DEBUG endif ifeq ($(MEMLEAK_DBG), y) DEF += MEMLEAK_DBG endif ifeq ($(DS5_V6), y) DEF += DS5_V6 endif ifeq ($(HW_CRYPTO), MOBICORE) DEF += MOBICORE DEF += USE_MOBICORE ifneq ($(USE_MTK),y) DEF += FCDRV=1 endif ARCH_DIR = mc endif ifeq ($(USE_MTK),y) DEF += USE_MTK endif ifeq ($(HW_CRYPTO), QUALCOMM) DEF += USE_QUALCOMM DEF += $(QSEE_CHIPSET) ARCH_DIR = qc ifeq (TZ.BF.4.0,$(findstring TZ.BF.4.0,$(QSEE_TZ_VER))) DEF += QSEE_TZ_VER=4 else ifeq ($(QSEE_TZ_VER), TZ.XF.5.0) DEF += QSEE_TZ_VER=5 endif endif # End of 'ifeq ($(HW_CRYPTO), QUALCOMM)' ifeq ($(HW_CRYPTO), TEEGRIS) DEF += USE_TEEGRIS DEF += TEEGRIS_TZ_VER=$(TEEGRIS_TZ_VER) ARCH_DIR = tg ifdef DRV_INTERFACE_VERSION DEF += DRV_INTERFACE_VERSION=$(DRV_INTERFACE_VERSION) endif endif DEF += SCRYPTO_VER=$(shell echo $(SCRYPTO_VER) | sed 's/_//') ifeq ($(KM_TARGET_SOC), $(filter tg_exynos2100 tg_s5e9925, $(KM_TARGET_SOC))) DEF += CONFIG_SSP_SNVM_DATA_3KB endif #------------------------------------------------------------------------------- # Compiler Flags #------------------------------------------------------------------------------- CFLAGS = ifneq ($(HW_CRYPTO),TEEGRIS) ifneq ($(DS5_V6), y) CFLAGS += --diag_suppress=1297 CFLAGS += --diag_suppress=193 CFLAGS += --diag_suppress=171 CFLAGS += --diag_suppress=285 CFLAGS += --diag_suppress=295 CFLAGS += --diag_suppress=1301 CFLAGS += --diag_suppress=2530 CFLAGS += --diag_suppress=66 #Error: #66-D: enumeration value is out of "int" range ifeq ($(SCRYPTO_VER), 2_5) CFLAGS += --diag_suppress=191 #Error: #191-D: type qualifier is meaningless on cast type from scrypto v2.5 stack.h endif ifneq ($(DEBUG), y) CFLAGS += --protect_stack --protect_stack_all CFLAGS += --diag_error=warning endif endif endif #------------------------------------------------------------------------------- # Include Dirs #------------------------------------------------------------------------------- INC += $(HWVAULT_ROOT_PATH)/common/include INC += $(HWVAULT_ROOT_PATH)/swd/src/arch/$(ARCH_DIR) INC += $(HWVAULT_ROOT_PATH)/swd/common INC += $(HWVAULT_ROOT_PATH)/swd/src/trusted_app/ INC += $(TZ_SCRYPTO_HEADER_PATH) INC += $(HWVAULT_COMMON_LIB_PATH)/swd/common/scrypto_$(SCRYPTO_VER) ifeq ($(HW_CRYPTO), QUALCOMM) INC += $(QSEE_ROOT_PATH)/core/api/services INC += $(QSEE_ROOT_PATH)/$(QSEE_SECMSM_DIR)/api/securemsm/trustzone/qsee endif #------------------------------------------------------------------------------- # Source Files #------------------------------------------------------------------------------- SRC = $(HWVAULT_ROOT_PATH)/swd/src/arch/$(ARCH_DIR)/tz_main.c SRC += $(HWVAULT_ROOT_PATH)/swd/src/arch/$(ARCH_DIR)/tz_ipc_handler.c SRC += $(HWVAULT_ROOT_PATH)/swd/src/arch/$(ARCH_DIR)/tz_time.c SRC += $(HWVAULT_ROOT_PATH)/swd/src/arch/$(ARCH_DIR)/tz_key.c SRC += $(HWVAULT_ROOT_PATH)/swd/src/arch/$(ARCH_DIR)/spu_crypto.c SRC += $(HWVAULT_ROOT_PATH)/swd/common/swd_log.c SRC += $(HWVAULT_ROOT_PATH)/common/hwvault_utils.c SRC += $(HWVAULT_ROOT_PATH)/common/cmd_serializer.c SRC += $(HWVAULT_ROOT_PATH)/swd/src/trusted_app/swd_access_control.c SRC += $(HWVAULT_ROOT_PATH)/swd/src/trusted_app/swd_service.c SRC += $(HWVAULT_ROOT_PATH)/swd/src/trusted_app/swd_factory.c SRC += $(HWVAULT_ROOT_PATH)/swd/src/trusted_app/swd_verify_input.c SRC += $(HWVAULT_ROOT_PATH)/swd/src/trusted_app/swd_secnvm.c SRC += $(HWVAULT_ROOT_PATH)/swd/src/trusted_app/swd_token.c SRC += $(HWVAULT_ROOT_PATH)/swd/src/trusted_app/swd_wrap.c SRC += $(HWVAULT_ROOT_PATH)/swd/src/trusted_app/swd_weaver.c SRC += $(HWVAULT_ROOT_PATH)/swd/src/trusted_app/swd_hwvault.c ifeq ($(HW_CRYPTO), TEEGRIS) SRC += $(HWVAULT_ROOT_PATH)/swd/src/arch/$(ARCH_DIR)/cm_api.c endif SRC += $(HWVAULT_ROOT_PATH)/swd/src/arch/$(ARCH_DIR)/tz_strongbox.c SCRYPTO_LIB_A = $(TZ_SCRYPTO_LIB32) ifdef SIGNCLIENT_JAR SIGN_TOOL = $(SIGNCLIENT_JAR) else SIGN_TOOL = $(HWVAULT_ROOT_PATH)/swd/build/LocalTASigner.jar ifeq ($(HW_CRYPTO),TEEGRIS) _ADDINFO = -addinfo _ADDINFO += $(ADDINFO) endif endif #------------------------------------------------------------------------------- # QUALCOMM Settings #------------------------------------------------------------------------------- ifeq ($(HW_CRYPTO), QUALCOMM) ifeq ($(QSEE_TZ_VER), TZ.XF.5.0) QSEE_BUILD_CONF_XML = build_config_deploy.xml endif QSEE_APP = $(QSEE_ROOT_PATH)/$(QSEE_SECMSM_DIR)/securemsm/trustzone/qsapps/hwvault QSEE_BSP = $(QSEE_ROOT_PATH)/$(QSEE_SECMSM_DIR)/bsp/trustzone/qsapps/hwvault QSEE_DIR = $(QSEE_APP)/src ifeq ($(QSEE_CHIPSET), sdm450) QSEE_BUILD_CHIPSET = msm8953 else ifeq ($(QSEE_CHIPSET), sdm710) QSEE_BUILD_CHIPSET = sdm670 else QSEE_BUILD_CHIPSET = $(QSEE_CHIPSET) endif SRC_LIST = $(SRC) INC_LIST = $(INC:%=-I%) DEF_LIST = $(DEF:%=-D%) ELF = $(QSEE_BSP)/build/$(BINARY_ID)/hwvault.elf ifeq ($(QSEE_CHIPSET), $(filter sm8450, $(KM_TARGET_SOC))) BIN = $(QSEE_ROOT_PATH)/build/ms/bin/$(BINARY_ID)/hwvault.mbn SIGNED_BIN = $(QSEE_ROOT_PATH)/build/ms/bin/$(BINARY_ID)/hwvault.mbn #it supposed to be signed by QC, but not. need to fix else BIN = $(QSEE_ROOT_PATH)/build/ms/bin/$(BINARY_ID)/unsigned/hwvault.mbn SIGNED_BIN = $(QSEE_ROOT_PATH)/build/ms/bin/$(BINARY_ID)/signed/hwvault.mbn #Signed by QC endif UNSIGN = $(OUT_PATH)/hwvault.mbn SIGN = $(OUT_PATH)/signed_hwvault.mbn #Signed by Samsung endif #------------------------------------------------------------------------------- # TEEGRIS Settings #------------------------------------------------------------------------------- ifeq ($(HW_CRYPTO), TEEGRIS) TEEGRIS_TOOLCHAIN_PREFIX = $(TEEGRIS_SDK_ROOT)/toolchains/aarch64-secureos-gnueabi-gcc_6_3-linux-x86/bin/aarch64-secureos-gnueabi- TEEGRIS_TZ_ARCH = 64 ifeq ($(TEEGRIS_TZ_VER), 4) LDFLAGS = -O2 --sysroot=$(TEEGRIS_SDK_ROOT)/platforms/TEEGRIS-4.1/swd/arch-arm$(TEEGRIS_TZ_ARCH) CFLAGS += -O2 --sysroot=$(TEEGRIS_SDK_ROOT)/platforms/TEEGRIS-4.1/swd/arch-arm$(TEEGRIS_TZ_ARCH) INC += $(TEEGRIS_SDK_ROOT)/platforms/TEEGRIS-4.1/swd/arch-arm$(TEEGRIS_TZ_ARCH)/usr/include LDFLAGS += -L $(TEEGRIS_SDK_ROOT)/platforms/TEEGRIS-4.1/swd/arch-arm$(TEEGRIS_TZ_ARCH)/usr/lib -lpthread else ifeq ($(TEEGRIS_TZ_VER), 42) LDFLAGS = -O2 --sysroot=$(TEEGRIS_SDK_ROOT)/platforms/TEEGRIS-4.2/swd/arch-arm$(TEEGRIS_TZ_ARCH) CFLAGS += -O2 --sysroot=$(TEEGRIS_SDK_ROOT)/platforms/TEEGRIS-4.2/swd/arch-arm$(TEEGRIS_TZ_ARCH) INC += $(TEEGRIS_SDK_ROOT)/platforms/TEEGRIS-4.2/swd/arch-arm$(TEEGRIS_TZ_ARCH)/usr/include LDFLAGS += -L $(TEEGRIS_SDK_ROOT)/platforms/TEEGRIS-4.2/swd/arch-arm$(TEEGRIS_TZ_ARCH)/usr/lib -lpthread endif CC = $(TEEGRIS_TOOLCHAIN_PREFIX)gcc LD = $(CC) STRIP = $(TEEGRIS_TOOLCHAIN_PREFIX)strip # Scrypto LDFLAGS += -lscrypto LDFLAGS += -Wl,-z,relro,-z,now CFLAGS += -fstack-protector -fstack-protector-all -fvisibility=hidden -Wno-error=deprecated-declarations UNSIGN = $(OUT_PATH)/$(TA_UUID).unsigned SIGN = $(OUT_PATH)/$(TA_UUID) OBJS = $(SRC:.c=.o) SIGN_SCRIPT_PATH = $(TEEGRIS_SDK_ROOT)/tools/bf_authority_scripts/ta_auth_scripts SIGN_CERT_PATH = $(TEEGRIS_SDK_ROOT)/tools/bf_authority_scripts/ta_auth_dev_ta endif #------------------------------------------------------------------------------- # Common Rules #------------------------------------------------------------------------------- build: $(OUT_PATH) @printf "BUILD\n" $(Q)$(MAKE) prepare $(Q)$(MAKE) all $(Q)$(MAKE) complete $(OUT_PATH): $(Q)mkdir -p $(OUT_PATH) #------------------------------------------------------------------------------- # QUALCOMM Rules #------------------------------------------------------------------------------- ifeq ($(HW_CRYPTO), QUALCOMM) all: @printf "ALL\n" ifeq ($(QSEE_CHIPSET), $(filter sdm710 sm6150 sm7150 sm8150 sm8250, $(QSEE_CHIPSET))) $(Q)HV_SRC_LIST="$(SRC)" HV_DEF_LIST="$(DEF_LIST)" HV_INC_LIST="$(INC_LIST)" HV_SCRYPTO_LIB=$(SCRYPTO_LIB_A) HV_PROCA_LIB=$(PROCA_LIB_A) python $(QSEE_ROOT_PATH)/build/ms/build_all.py -b $(QSEE_TZ_VER) CHIPSET=$(QSEE_BUILD_CHIPSET) --cnb --config=$(QSEE_BUILD_CONF_XML) --cbt hwvault else ifeq ($(QSEE_CHIPSET), $(filter sm8450, $(KM_TARGET_SOC))) $(Q)HV_SRC_LIST="$(SRC)" HV_DEF_LIST="$(DEF_LIST)" HV_INC_LIST="$(INC_LIST)" HV_SCRYPTO_LIB=$(TZ_SCRYPTO_LIB64) HV_PROCA_LIB=$(PROCA_LIB_A) python3 $(SCONS_SCRIPT) -c -C $(QSEE_ROOT_PATH)/apps/securemsm/trustzone/qsapps/hwvault/src hwvault CHIPSET=waipio qtee_sdk_version=latest $(Q)HV_SRC_LIST="$(SRC)" HV_DEF_LIST="$(DEF_LIST)" HV_INC_LIST="$(INC_LIST)" HV_SCRYPTO_LIB=$(TZ_SCRYPTO_LIB64) HV_PROCA_LIB=$(PROCA_LIB_A) python3 $(SCONS_SCRIPT) -C $(QSEE_ROOT_PATH)/apps/securemsm/trustzone/qsapps/hwvault/src hwvault CHIPSET=waipio qtee_sdk_version=latest else $(Q)HV_SRC_LIST="$(SRC)" HV_DEF_LIST="$(DEF_LIST)" HV_INC_LIST="$(INC_LIST)" HV_SCRYPTO_LIB=$(SCRYPTO_LIB_A) HV_PROCA_LIB=$(PROCA_LIB_A) python $(QSEE_ROOT_PATH)/build/ms/build_all.py -b $(QSEE_TZ_VER) CHIPSET=$(BUILD_CHIPSET_ID) --cnb --config=$(QSEE_BUILD_CONF_XML) --cbt hwvault endif prepare: @printf "PREPARE\n" $(Q)mkdir -p $(QSEE_DIR) $(Q)mkdir -p $(QSEE_BSP)/build complete: $(BIN) @printf "COMPLETE\n" $(Q)cp -fv $(BIN) $(UNSIGN) $(NULL) sign: $(UNSIGN) ifneq ($(SIGNING_MODEL), n) @printf "SIGN\n" ifeq ($(QSEE_CHIPSET), $(filter sm8450, $(KM_TARGET_SOC))) $(Q) java -jar $(SIGN_TOOL) -model $(SIGNING_MODEL) -runtype $(SIGNING_RUNTYPE) -input $(UNSIGN) -output $(SIGN) -alg ECDSA else $(Q) java -jar $(SIGN_TOOL) -model $(SIGNING_MODEL) -runtype $(SIGNING_RUNTYPE) -input $(UNSIGN) -output $(SIGN) endif endif $(Q)$(MAKE) split ifneq ($(SIGNING_MODEL), n) split: $(SIGN) @printf "SPLIT\n" $(Q)$(HWVAULT_ROOT_PATH)/swd/build/pil_splitter.py $(SIGN) $(OUT_PATH)/hwvault else split: $(SIGNED_BIN) @printf "SPLIT\n" $(Q)$(HWVAULT_ROOT_PATH)/swd/build/pil_splitter.py $(SIGNED_BIN) $(OUT_PATH)/hwvault endif clean: @printf "CLEAN\n" $(Q)rm -rfv $(QSEE_ROOT_PATH)/build/ms/build-log* $(QSEE_ROOT_PATH)/build/ms/LOGFILE* $(QSEE_ROOT_PATH)/scons_dep_tree_* $(QSEE_BSP) $(NULL) $(Q)rm -fv $(QSEE_ROOT_PATH)/build/ms/bin/PIL_IMAGES/SPLITBINS_$(BINARY_ID)/hwvault.* $(NULL) $(Q)rm -fv $(SRC:.c=.o) $(NULL) distclean: @printf "DISTCLEAN\n" $(Q)$(MAKE) clean $(NULL) $(Q)rm -fv $(BIN) $(SIGN) $(UNSIGN) $(NULL) $(Q)rm -fv $(OUT_PATH)/hwvault.* $(NULL) endif #------------------------------------------------------------------------------- # TEEgris Rules #------------------------------------------------------------------------------- ifeq ($(HW_CRYPTO), TEEGRIS) prepare: distclean @printf " PREPARE done\n" all: $(UNSIGN) @printf " ALL done\n" $(UNSIGN): $(OBJS) @printf " LD $(TA_UUID)\n" $(Q)$(CC) $(LDFLAGS) $(OBJS) $(SCRYPTO_LIB_A) $(ICCC_LIBS) $(PROCA_LIB_A) -o $(UNSIGN) %.o: %.c @printf " CC $(*).c\n" $(Q)$(CC) $(CFLAGS) $(DEF:%=-D%) $(INC:%=-I%) -o $(*).o -c $(*).c sign: @printf " \n" $(SIGN): $(UNSIGN) $(STRIP) $(UNSIGN) @printf " STRIP done\n" ifeq ($(HWVAULT_DEVELOPER_LOCAL_BUILD), true) $(Q)java -jar $(SIGN_TOOL) -model $(SIGNING_MODEL) -runtype $(SIGNING_RUNTYPE) -input $(UNSIGN) -output $(SIGN) $(_ADDINFO) else @$(signing_command_drv) @printf " Copy $(SIGN) $(TEEGRIS_TA_DIST_PATH)\n" @cp $(SIGN) $(TEEGRIS_TA_DIST_PATH) endif @printf " SIGN done\n" complete: $(UNSIGN) $(SIGN) @printf " BUILD/STRIP/SIGN COMPLETE\n" clean: $(Q)rm -rfv $(OBJS) $(NULL) $(Q)rm -rfv $(UNSIGN) $(NULL) $(Q)rm -rfv $(SIGN) $(NULL) @printf " CLEAN done\n" distclean: $(Q)$(MAKE) clean $(NULL) @printf " DISTCLEAN done\n" endif