#!/bin/bash TARGET_LIST= # Clean # Just for help HELP_Target='Model Name' TARGET_LIST="$TARGET_LIST Target" ################################# TEEGRIS ################################# # tg_exynos3830 / GTHHWIFI KOR / S - RBS - GALAXY-HOME-HUB - GTHHWIFI_KOR_OPEN SIGNING_MODEL_tg_exynos3830=TEEGRIS_EXYNOS3830_SAMSUNG_TA SIGNING_RUNTYPE_tg_exynos3830=ss_teegris_ta_rp USE_LEGACY_SIGN_tg_exynos3830=y SCRYPTO_VER_tg_exynos3830=2_5 TEEGRIS_TZ_VER_tg_exynos3830=41 KNOX_EXTENSION_tg_exynos3830=y ROOT_OF_TRUST_API_tg_exynos3830=y # SUPPORT_RKP_tg_exynos3830=y USE_TEEGRIS_ROT_API_tg_exynos3830=y #for V320 y, others n HELP_tg_exynos3830='GTHHWIFI KOR (T270K)' TARGET_LIST="$TARGET_LIST tg_exynos3830" # tg_s5e8825 / A53X EUR SIGNING_MODEL_tg_s5e8825=TEEGRIS_S5E8825_SAMSUNG_TA SIGNING_RUNTYPE_tg_s5e8825=ss_teegris_ta_rp MODEL_KEY_NAME_tg_s5e8825=SM-A536B_EUR_XX_EKEY0 SCRYPTO_VER_tg_s5e8825=2_6 TEEGRIS_TZ_VER_tg_s5e8825=421 KNOX_EXTENSION_tg_s5e8825=y USE_FBE_WRAPPED_KEY_tg_s5e9925=y ROOT_OF_TRUST_API_tg_s5e8825=y # SUPPORT_RKP_tg_s5e8825=y HELP_tg_s5e8825='A53X EUR (A536B)' TARGET_LIST="$TARGET_LIST tg_s5e8825" # tg_s5e9925 / G0S EUR SIGNING_MODEL_tg_s5e9925=TEEGRIS_S5E9925_SAMSUNG_TA SIGNING_RUNTYPE_tg_s5e9925=ss_teegris_ta_rp MODEL_KEY_NAME_tg_s5e9925=SM-S906B_EUR_XX_EKEY0 SCRYPTO_VER_tg_s5e9925=2_6 TEEGRIS_TZ_VER_tg_s5e9925=421 KNOX_EXTENSION_tg_s5e9925=y USE_SPU_PROV_tg_s5e9925=y USE_HWVAULT_tg_s5e9925=y USE_STRONGBOX_tg_s5e9925=y USE_FBE_WRAPPED_KEY_tg_s5e9925=y ROOT_OF_TRUST_API_tg_s5e9925=y SUPPORT_PROCA_tg_s5e9925=y # SUPPORT_RKP_tg_s5e9925=y HELP_tg_s5e9925='G0S EUR (SM-S906B)' TARGET_LIST="$TARGET_LIST tg_s5e9925" # tg_MT6877 / M53X 5G (SM-M536B) SIGNING_MODEL_tg_MT6877=TEEGRIS_MT6877_SAMSUNG_TA SIGNING_RUNTYPE_tg_MT6877=ss_teegris_ta_rp MODEL_KEY_NAME_tg_MT6877=SM-M536B_EUR_XX_MKEY0 KNOX_EXTENSION_tg_MT6877=y SCRYPTO_VER_tg_MT6877=2_6 TEEGRIS_TZ_VER_tg_MT6877=421 ROOT_OF_TRUST_API_tg_MT6877=y HELP_tg_MT6877='M53X (SM-M536B)' TARGET_LIST="$TARGET_LIST tg_MT6877" # tg_MT6833 / A13xm (SM-A136B) SIGNING_MODEL_tg_MT6833=TEEGRIS_MT6833_SAMSUNG_TA SIGNING_RUNTYPE_tg_MT6833=ss_teegris_ta_rp MODEL_KEY_NAME_tg_MT6833=SM-A136B_EUR_XX_MKEY0 KNOX_EXTENSION_tg_MT6833=y SCRYPTO_VER_tg_MT6833=2_6 TEEGRIS_TZ_VER_tg_MT6833=42 #ROOT_OF_TRUST_API_tg_MT6833=y HELP_tg_MT6833='A13xm (SM-A136B)' TARGET_LIST="$TARGET_LIST tg_MT6833" ################################# QUALCOMM ################################# # sm8450 / G0Q USA SIGNING_MODEL_sm8450=SM-S908U_NA_VZW_QKEY0 SIGNING_RUNTYPE_sm8450=qc_secimg50_tzapp BINARY_ID_sm8450=WAPIONAA BUILD_CHIPSET_ID_sm8450=waipio QSEE_TZ_VER_sm8450="TZ.APPS.1.16" SCRYPTO_VER_sm8450=2_6 KNOX_EXTENSION_sm8450=y USE_HWVAULT_sm8450=y USE_STRONGBOX_sm8450=y USE_FBE_WRAPPED_KEY_sm8450=y ROOT_OF_TRUST_API_sm8450=y SUPPORT_PROCA_sm8450=y # SUPPORT_RKP_sm8450=y HELP_sm8450='G0Q USA (SM-S906U)' TARGET_LIST="$TARGET_LIST sm8450" ########################################################################### # Print list of available targets function target_list() { echo -e "\nSupporting \e[01;29mtargets\e[00m:" for i in $TARGET_LIST; do eval hlp='$HELP_'$i echo -e "\t$i $hlp" done | column -t | sed 's/^/\t/g' echo -e "\nSee also: https://redmine.surc.kiev.ua/projects/seclab-secgroup-mobile/wiki/Device_models_reference\n" } # Check specified target is valid function check_target() { local target= for target in $TARGET_LIST; do test "$target" = "$1" && return 0 done if [ "$1" != "list" ]; then echo "Error: Invalid target: $1" >&2 target_list return 1 fi target_list return 0 } # Check is variable set and path is correct function check_path_var() { eval var='$'$1 if [ -z "$var" ]; then echo "Error: $1 is not set! Export it using \"export ${1}=/path/to\"" >&2 return 1 elif [ ! -d "$var" ]; then echo "Error: Invalid path in $1: $var" >&2 return 1 fi return 0 } function check_file_path_var() { eval var='$'$1 if [ -z "$var" ]; then echo "Error: $1 is not set! Export it using \"export ${1}=/path/to\"" >&2 return 1 fi return 0 } #Set LLVM compiler env function set_env_LLVM() { # WARNING: Do not set LLVMROOT path in this file! Set it in user_config.sh >> e.g. export LLVMROOT=/opt/toolchains/Qualcomm/llvm check_path_var 'LLVMROOT' || return 1 if [[ "$QSEE_TZ_VER" = "TZ.APPS.1."* ]]; then if [ $QSEE_CHIPSET = "sm8450" ]; then export CLANG_VERSION=12.0.2 export LLVM_VERSION=12.0.2 else return 1 fi export LLVMROOT="${LLVMROOT}/${LLVM_VERSION}" export LLVM32INC="${LLVMROOT}/armv7-none-eabi/libc/include" export LLVMBIN="${LLVMROOT}/bin" export LLVMCLANG="${LLVMROOT}/lib/clang/${CLANG_VERSION}" export LLVMINC="${LLVMROOT}/aarch64-none-elf/libc/include" export LLVMLIB="${LLVMROOT}/lib/clang/${CLANG_VERSION}/lib/linux" export LLVMLIBPROP="${LLVMROOT}/lib/clang/${CLANG_VERSION}/lib/linux-propri_rt" export LLVMTOOLPATH="${LLVMROOT}/tools/bin" export MUSL32PATH="${LLVMROOT}/armv7-none-eabi/libc" export MUSLPATH="${LLVMROOT}/aarch64-none-elf/libc" # Replace QSEE SDK config file, to set LLVM path >> //NHLOS/MAIN/SM8450_SPF1.0/TZ.APPS.1.0/qtee_tas/sdk/latest/external/config/sdk_config_lnx.cfg QSEE_SDK_FILE_ORG="${QSEE_ROOT_PATH}/sdk/latest/external/config/sdk_config_lnx_org.cfg" QSEE_SDK_FILE="${QSEE_ROOT_PATH}/sdk/latest/external/config/sdk_config_lnx.cfg" if [ ! -e $QSEE_SDK_FILE_ORG ];then cp -vf $QSEE_SDK_FILE $QSEE_SDK_FILE_ORG fi rm -vf $QSEE_SDK_FILE echo "CLANG_VERSION = \"$CLANG_VERSION\"" >> $QSEE_SDK_FILE echo "LLVM_VERSION = \"$LLVM_VERSION\"" >> $QSEE_SDK_FILE echo "LLVMROOT = \"$LLVMROOT\"" >> $QSEE_SDK_FILE echo "LLVM32INC = \"$LLVM32INC\"" >> $QSEE_SDK_FILE echo "LLVMBIN = \"$LLVMBIN\"" >> $QSEE_SDK_FILE echo "LLVMCLANG = \"$LLVMCLANG\"" >> $QSEE_SDK_FILE echo "LLVMINC = \"$LLVMINC\"" >> $QSEE_SDK_FILE echo "LLVMLIB = \"$LLVMLIB\"" >> $QSEE_SDK_FILE echo "LLVMLIBPROP = \"$LLVMLIBPROP\"" >> $QSEE_SDK_FILE echo "LLVMTOOLPATH = \"$LLVMTOOLPATH\"" >> $QSEE_SDK_FILE echo "MUSL32PATH = \"$MUSL32PATH\"" >> $QSEE_SDK_FILE echo "MUSLPATH = \"$MUSLPATH\"" >> $QSEE_SDK_FILE fi return 0 } # For truslet signing function set_env_sign() { eval export SIGNING_MODEL='$SIGNING_MODEL_'$1 eval export SIGNING_RUNTYPE='$SIGNING_RUNTYPE_'$1 eval export USE_LEGACY_SIGN='$USE_LEGACY_SIGN_'$1 if [[ "$USE_LEGACY_SIGN" = "y" ]]; then export SIGN_TOOL=$KMSRK_ROOT_PATH/build/signclient.jar else export SIGN_TOOL=$KMSRK_ROOT_PATH/build/LocalTASigner.jar fi return 0 } # For Qualcomm truslet function set_env_QUALCOMM() { # 1. Need to be set in user_config.sh >> e.g. export QSEE_ROOT_PATH_sm8450=//NHLOS/MAIN/SM8450_SPF1.0/TZ.APPS.1.0/qtee_tas check_path_var "QSEE_ROOT_PATH_$1" || return 1 eval export QSEE_ROOT_PATH='$QSEE_ROOT_PATH_'$1 # 2. Need to be set in user_config.sh >> e.g. export SECTOOLS_sm8450=//NHLOS/MAIN/SM8450_SPF1.0/Waipio.LA.1.0/common/sectoolsv2/ext/Linux/sectools check_file_path_var "SECTOOLS_$1" || return 1 eval export SECTOOLS='$SECTOOLS_'$1 # 3. Need to be set in user_config.sh (Download from Google) >> e.g. export SCONS=/home/yoo2/hdd/Tools/toolchains/Qualcomm/scons/scons-3.1.0/script/scons check_file_path_var "SCONS" || return 1 export QSEE_CHIPSET=$TARGET_SOC eval export BINARY_ID='$BINARY_ID_'$1 eval export BUILD_CHIPSET_ID='$BUILD_CHIPSET_ID_'$1 eval export QSEE_TZ_VER='$QSEE_TZ_VER_'$1 test -z "$LLVMROOT" && export LLVMROOT=/opt/toolchains/Qualcomm/llvm set_env_LLVM || return 1 export USE_GATEKEEPER=y export COMMON_LIB_ARCH_DIR=Qualcomm export HW_CRYPTO=QUALCOMM return 0 } # For TEEgris truslet function set_env_TEEGRIS() { export TA_UUID=00000000-0000-0000-0000-4b45594d5354 export HW_CRYPTO=TEEGRIS export COMMON_LIB_ARCH_DIR=TEEgris check_path_var "TEEGRIS_SDK_ROOT_$1" || return 1 eval export TEEGRIS_SDK_ROOT='$TEEGRIS_SDK_ROOT_'$1 eval export TEEGRIS_TZ_VER='$TEEGRIS_TZ_VER_'$1 eval export USE_TEEGRIS_ROT_API='$USE_TEEGRIS_ROT_API_'$1 return 0 } function print_env_val() { echo "KMSRK_ROOT_PATH : $KMSRK_ROOT_PATH" echo "KM_ROOT_PATH : $KM_ROOT_PATH" echo "GK_ROOT_PATH : $GK_ROOT_PATH" echo "HWVAULT_ROOT_PATH : $HWVAULT_ROOT_PATH" echo "ROOT_OF_TRUST_API : $ROOT_OF_TRUST_API" echo "USE_SPU_PROV : $USE_SPU_PROV" echo "USE_STRONGBOX : $USE_STRONGBOX" echo "USE_FBE_WRAPPED_KEY : $USE_FBE_WRAPPED_KEY" echo "SUPPORT_PROCA : $SUPPORT_PROCA" echo "USE_GRDM : $USE_GRDM" echo "USE_HWVAULT : $USE_HWVAULT" echo "SUPPORT_RKP : $SUPPORT_RKP" echo "USE_LEGACY_SIGN : $USE_LEGACY_SIGN" echo "SIGNING_MODEL : $SIGNING_MODEL" echo "MODEL_KEY_NAME : $MODEL_KEY_NAME" echo "TZ_SCRYPTO_VERSION : $TZ_SCRYPTO_VERSION" echo "TZ_SCRYPTO_BASE_PATH : $TZ_SCRYPTO_BASE_PATH" echo "TZ_SCRYPTO_HEADER_PATH : $TZ_SCRYPTO_HEADER_PATH" echo "TZ_SCRYPTO_TOOLS_PATH : $TZ_SCRYPTO_TOOLS_PATH" echo "TZ_SCRYPTO_LIB64 : $TZ_SCRYPTO_LIB64" echo "TZ_SCRYPTO_TOOLS_IMPRINT: $TZ_SCRYPTO_TOOLS_IMPRINT" return 0 } # Common function set_env() { local cur="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" test "$1" == "list" && return 0 export DEVELOPER_LOCAL_BUILD=true export KMSRK_ROOT_PATH=${cur%/keymint*} check_path_var 'KMSRK_ROOT_PATH' || return 1 export KM_ROOT_PATH=${cur%/keymint*}/keymint check_path_var 'KM_ROOT_PATH' || return 1 export GK_ROOT_PATH=${cur%/keymint*}/gatekeeper check_path_var 'GK_ROOT_PATH' || return 1 export HWVAULT_ROOT_PATH=$KMSRK_ROOT_PATH/../common/lib/hwvault check_path_var 'HWVAULT_ROOT_PATH' || return 1 eval export ROOT_OF_TRUST_API='$ROOT_OF_TRUST_API_'$1 eval export KNOX_EXTENSION='$KNOX_EXTENSION_'$1 eval export USE_SPU_PROV='$USE_SPU_PROV_'$1 eval export USE_STRONGBOX='$USE_STRONGBOX_'$1 eval export USE_FBE_WRAPPED_KEY='$USE_FBE_WRAPPED_KEY_'$1 eval export SUPPORT_PROCA='$SUPPORT_PROCA_'$1 eval export USE_GRDM='$USE_GRDM_'$1 eval export MODEL_KEY_NAME='$MODEL_KEY_NAME_'$1 eval export USE_HWVAULT='$USE_HWVAULT_'$1 eval export SUPPORT_RKP='$SUPPORT_RKP_'$1 if [[ "$TARGET_SOC" = "tg"* ]]; then eval set_env_TEEGRIS $1 || return $? else eval set_env_QUALCOMM $1 || return $? fi set_env_sign $1 || return 1 # SCrypto - SCRYPTO_SDK_ROOT : //CONFIDENTIAL/TRUSTEDAPPS/SDK/SCRYPTO, should be defined in user_config.sh check_path_var "SCRYPTO_SDK_ROOT" || return 1 eval export SCRYPTO_VER='$SCRYPTO_VER_'$1 test -z "$SCRYPTO_VER" && export SCRYPTO_VER=2 eval export TZ_SCRYPTO_VERSION=${SCRYPTO_VER/_/.} eval export TZ_SCRYPTO_BASE_PATH=$SCRYPTO_SDK_ROOT/scrypto_v$TZ_SCRYPTO_VERSION eval export TZ_SCRYPTO_HEADER_PATH=$TZ_SCRYPTO_BASE_PATH/include eval export TZ_SCRYPTO_TOOLS_PATH=$TZ_SCRYPTO_BASE_PATH/tools eval export TZ_SCRYPTO_TOOLS_IMPRINT=$TZ_SCRYPTO_TOOLS_PATH/imprint256 if [[ "$HW_CRYPTO" = "QUALCOMM" ]]; then eval export TZ_SCRYPTO_LIB64=$TZ_SCRYPTO_BASE_PATH/libs/scrypto_v${TZ_SCRYPTO_VERSION}_x64_qsee_release.a fi print_env_val || return 1 return 0 } export TARGET_DIR="$1" if [[ "$TARGET_DIR" = "tg"* ]]; then export TARGET_SOC="${TARGET_DIR}" else export TARGET_SOC="${TARGET%%_*}" fi check_target $1 || return 1 set_env $1 || return 1