platform_system_core/trusty/trusty-base.mk
David Drysdale 719d4a8bde Allow selection of Trusty KeyMint HAL implementation
By default, the existing C++ implementation of KeyMint will continue to
be used.  However, this can be overridden at build time to force use of
the Rust implementation by setting

    export TRUSTY_KEYMINT_IMPL=rust

Note that this requires a concomitant change to the bootloader prebuilts
that include the Trusty prebuilts, to include the corresponding Rust
version of the KeyMint TA.

Bug: 197891150
Bug: 225036046
Test: VtsAidlKeyMintTargetTest
Change-Id: I05b4b7d49cea0ac1c10b3a2e8fa5c49374aa1675
2022-12-06 13:51:35 +00:00

50 lines
1.8 KiB
Makefile

#
# Copyright (C) 2016 The Android Open-Source Project
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
#
# This makefile should be included by devices that use Trusty TEE
# to pull in the baseline set of Trusty specific modules.
#
# For gatekeeper, we include the generic -service and -impl to use legacy
# HAL loading of gatekeeper.trusty.
# Allow the KeyMint HAL service implementation to be selected at build time. This needs to be
# done in sync with the TA implementation included in Trusty. Possible values are:
#
# - Rust implementation: export TRUSTY_KEYMINT_IMPL=rust
# - C++ implementation: (any other value of TRUSTY_KEYMINT_IMPL)
ifeq ($(TRUSTY_KEYMINT_IMPL),rust)
LOCAL_KEYMINT_PRODUCT_PACKAGE := android.hardware.security.keymint-service.rust.trusty
else
# Default to the C++ implementation
LOCAL_KEYMINT_PRODUCT_PACKAGE := android.hardware.security.keymint-service.trusty
endif
PRODUCT_PACKAGES += \
$(LOCAL_KEYMINT_PRODUCT_PACKAGE) \
android.hardware.gatekeeper@1.0-service.trusty \
trusty_apploader \
RemoteProvisioner
PRODUCT_PROPERTY_OVERRIDES += \
ro.hardware.keystore_desede=true \
ro.hardware.keystore=trusty \
ro.hardware.gatekeeper=trusty
PRODUCT_COPY_FILES += \
frameworks/native/data/etc/android.hardware.keystore.app_attest_key.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.keystore.app_attest_key.xml