tequilaOS/platform_system_core
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_core/trusty/trusty-base.mk
David Drysdale 8e1c267cdf Initial Secretkeeper HAL service for Trusty 
Disabled by default; enable with `export SECRETKEEPER_ENABLED=y` before
building.

Also needs the Secretkeeper TA to be present in Trusty; if the TA is
absent, the HAL service will (repeatedly) fail to connect.

Test: build, VtsSecretkeeperTargetTest
Bug: 306364873
Change-Id: I529013395d0e3afbff4a24b663088adce2a23805
2024-01-11 09:45:20 +00:00

57 lines
2.1 KiB
Makefile
Raw Blame History

#
# Copyright (C) 2016 The Android Open-Source Project
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
#
# This makefile should be included by devices that use Trusty TEE
# to pull in the baseline set of Trusty specific modules.
#
# For gatekeeper, we include the generic -service and -impl to use legacy
# HAL loading of gatekeeper.trusty.
# Allow the KeyMint HAL service implementation to be selected at build time. This needs to be
# done in sync with the TA implementation included in Trusty. Possible values are:
#
# - Rust implementation: export TRUSTY_KEYMINT_IMPL=rust
# - C++ implementation: (any other value of TRUSTY_KEYMINT_IMPL)
ifeq ($(TRUSTY_KEYMINT_IMPL),rust)
LOCAL_KEYMINT_PRODUCT_PACKAGE := android.hardware.security.keymint-service.rust.trusty
else
# Default to the C++ implementation
LOCAL_KEYMINT_PRODUCT_PACKAGE := android.hardware.security.keymint-service.trusty
endif
# TODO(b/306364873): move this to be flag-controlled?
ifeq ($(SECRETKEEPER_ENABLED),)
LOCAL_SECRETKEEPER_PRODUCT_PACKAGE :=
else
LOCAL_SECRETKEEPER_PRODUCT_PACKAGE := android.hardware.security.secretkeeper.trusty
endif
PRODUCT_PACKAGES += \
$(LOCAL_KEYMINT_PRODUCT_PACKAGE) \
$(LOCAL_SECRETKEEPER_PRODUCT_PACKAGE) \
android.hardware.gatekeeper-service.trusty \
trusty_apploader \
PRODUCT_PROPERTY_OVERRIDES += \
ro.hardware.keystore_desede=true \
ro.hardware.keystore=trusty \
ro.hardware.gatekeeper=trusty
PRODUCT_COPY_FILES += \
frameworks/native/data/etc/android.hardware.keystore.app_attest_key.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.keystore.app_attest_key.xml
Reference in a new issue View git blame Copy permalink