f28e284141
Flag control for enabling Secretkeeper is done in the device-specific makefiles, triggering whether they set SECRETKEEPER_ENABLED:=true Test: none, comment change Change-Id: I399d1840519864687aca6c53697317d449eed325
56 lines
2 KiB
Makefile
56 lines
2 KiB
Makefile
#
|
|
# Copyright (C) 2016 The Android Open-Source Project
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
#
|
|
|
|
#
|
|
# This makefile should be included by devices that use Trusty TEE
|
|
# to pull in the baseline set of Trusty specific modules.
|
|
#
|
|
|
|
# For gatekeeper, we include the generic -service and -impl to use legacy
|
|
# HAL loading of gatekeeper.trusty.
|
|
|
|
# Allow the KeyMint HAL service implementation to be selected at build time. This needs to be
|
|
# done in sync with the TA implementation included in Trusty. Possible values are:
|
|
#
|
|
# - Rust implementation: export TRUSTY_KEYMINT_IMPL=rust
|
|
# - C++ implementation: (any other value of TRUSTY_KEYMINT_IMPL)
|
|
|
|
ifeq ($(TRUSTY_KEYMINT_IMPL),rust)
|
|
LOCAL_KEYMINT_PRODUCT_PACKAGE := android.hardware.security.keymint-service.rust.trusty
|
|
else
|
|
# Default to the C++ implementation
|
|
LOCAL_KEYMINT_PRODUCT_PACKAGE := android.hardware.security.keymint-service.trusty
|
|
endif
|
|
|
|
ifeq ($(SECRETKEEPER_ENABLED),true)
|
|
LOCAL_SECRETKEEPER_PRODUCT_PACKAGE := android.hardware.security.secretkeeper.trusty
|
|
else
|
|
LOCAL_SECRETKEEPER_PRODUCT_PACKAGE :=
|
|
endif
|
|
|
|
PRODUCT_PACKAGES += \
|
|
$(LOCAL_KEYMINT_PRODUCT_PACKAGE) \
|
|
$(LOCAL_SECRETKEEPER_PRODUCT_PACKAGE) \
|
|
android.hardware.gatekeeper-service.trusty \
|
|
trusty_apploader \
|
|
|
|
PRODUCT_PROPERTY_OVERRIDES += \
|
|
ro.hardware.keystore_desede=true \
|
|
ro.hardware.keystore=trusty \
|
|
ro.hardware.gatekeeper=trusty
|
|
|
|
PRODUCT_COPY_FILES += \
|
|
frameworks/native/data/etc/android.hardware.keystore.app_attest_key.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.keystore.app_attest_key.xml
|