xref: /trusty/device/arm/generic-arm64/project/generic-arm-inc.mk

# Copyright (C) 2015 The Android Open Source Project
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#

LOCAL_DIR := $(GET_LOCAL_DIR)

DEBUG ?= 2
SMP_MAX_CPUS ?= 8
SMP_CPU_CLUSTER_SHIFT ?= 2
GIC_VERSION ?= 2
# Use modern KM wrapping key size (256-bits)
TRUSTY_KM_WRAPPING_KEY_SIZE ?= 32

TARGET := generic-arm64

ifeq (false,$(call TOBOOL,$(KERNEL_32BIT)))

# Arm64 address space configuration
USER_ASPACE_BASE   := 0x0000000000008000

ifeq (false,$(call TOBOOL,$(USER_32BIT)))
USER_ASPACE_SIZE   := 0x0000ffffffff8000
GLOBAL_DEFINES += MMU_USER_SIZE_SHIFT=48
else
USER_ASPACE_SIZE   := 0x00000000ffff8000
GLOBAL_DEFINES += MMU_USER_SIZE_SHIFT=32
endif

KERNEL_BASE_ASLR   ?= true

else

KERNEL_BASE        := 0xc0000000

# ASLR is allowed on 32-bit platforms, but they are usually more space
# conscious, and the extra page tables and weight from PIE may be more than
# they want to pay.
# Set ASLR := true explicitly if you are a 32-bit platform and want ASLR.
ASLR               ?= false

endif

# select timer
ifeq (true,$(call TOBOOL,$(KERNEL_32BIT)))
# 32 bit Secure EL1 with a 64 bit EL3 gets the non-secure physical timer
TIMER_ARM_GENERIC_SELECTED ?= CNTP
else
TIMER_ARM_GENERIC_SELECTED ?= CNTPS
endif
GLOBAL_DEFINES += TIMER_ARM_GENERIC_SELECTED=$(TIMER_ARM_GENERIC_SELECTED)

#
# GLOBAL definitions
#

# requires linker GC
WITH_LINKER_GC := 1

# Need support for Non-secure memory mapping
WITH_NS_MAPPING := true

# do not relocate kernel in physical memory
GLOBAL_DEFINES += WITH_NO_PHYS_RELOCATION=1

# limit heap grows
GLOBAL_DEFINES += HEAP_GROW_SIZE=8192

# enable LTO in user-tasks modules
USER_LTO_ENABLED ?= true

# enable LTO in kernel modules
KERNEL_LTO_ENABLED ?= true

# enable cfi in trusty modules
USER_CFI_ENABLED ?= true
KERNEL_CFI_ENABLED ?= true

# Storage should send error reports to the metrics service
STORAGE_ENABLE_ERROR_REPORTING := true
STORAGE_AIDL_ENABLED ?= true

ifeq ($(shell expr $(DEBUG) \>= 2), 1)
CFI_DIAGNOSTICS ?= true
endif

# disable UBSan by default
UBSAN_ENABLED ?= false
ifeq (true,$(call TOBOOL,$(UBSAN_ENABLED)))
include trusty/kernel/lib/ubsan/enable.mk
endif

ifeq (false,$(call TOBOOL,$(KERNEL_32BIT)))
KERNEL_SCS_ENABLED ?= true
ifeq (false,$(call TOBOOL,$(USER_32BIT)))
# enable shadow call stack in user-tasks modules
USER_SCS_ENABLED ?= true
endif
endif

# fall back to user-space stack protector if user-space SCS is off
ifneq (true,$(call TOBOOL,$(USER_SCS_ENABLED)))
USER_STACK_PROTECTOR ?= true
endif

# Allow the KeyMint TA implementation to be selected at build time.  This needs to be
# done in sync with the HAL service implementation included in Android.  Possible values are:
#
# - Rust implementation:   export TRUSTY_KEYMINT_IMPL=rust
# - C++ implementation:    (any other value of TRUSTY_KEYMINT_IMPL)

ifeq ($(TRUSTY_KEYMINT_IMPL),rust)
    TRUSTY_KEYMINT_USER_TASK := trusty/user/app/keymint/app
else
    # Default to the C++ implementation
    TRUSTY_KEYMINT_USER_TASK := trusty/user/app/keymaster
endif

# Allow inclusion of the Secretkeeper TA to be selected at build time.
ifeq (true,$(call TOBOOL,$(SECRETKEEPER_ENABLED)))
     TRUSTY_SECRETKEEPER_USER_TASK := trusty/user/app/secretkeeper/app
endif

#
# Modules to be compiled into lk.bin
#
MODULES += \
	trusty/kernel/lib/trusty \
	trusty/kernel/lib/metrics \
	trusty/kernel/services/apploader \
	trusty/kernel/services/smc \

# Add lib/sm by default but allow building without it
LIB_SM_ENABLED ?= true
ifeq (true,$(call TOBOOL,$(LIB_SM_ENABLED)))
    MODULES += \
		trusty/kernel/lib/memlog \
		trusty/kernel/lib/sm \

endif

#
# Set user space arch
#
ifeq (true,$(call TOBOOL,$(KERNEL_32BIT)))
TRUSTY_USER_ARCH := arm
else
ifeq (true,$(call TOBOOL,$(USER_32BIT)))
TRUSTY_USER_ARCH := arm
GLOBAL_DEFINES += USER_32BIT=1
else
TRUSTY_USER_ARCH := arm64
endif
endif

#
# user tasks to be compiled into lk.bin
#

# prebuilt
TRUSTY_PREBUILT_USER_TASKS :=

# compiled from source
TRUSTY_BUILTIN_USER_TASKS := \
	trusty/user/app/avb \
	trusty/user/app/cast-auth/app \
	trusty/user/app/confirmationui \
	trusty/user/app/gatekeeper \
	$(TRUSTY_KEYMINT_USER_TASK) \
	$(TRUSTY_SECRETKEEPER_USER_TASK) \
	trusty/user/app/sample/hwaes \
	trusty/user/app/sample/hwbcc \
	trusty/user/app/sample/hwcrypto \
	trusty/user/app/sample/hwwsk \
	trusty/user/app/sample/secure_fb_mock_impl \
	trusty/user/app/storage \
	trusty/user/base/app/apploader \
	trusty/user/base/app/device_tree \
	trusty/user/base/app/metrics \
	trusty/user/base/app/system_state_server_static \

MODULES += \
	trusty/user/base/app/device_tree/tests/dtb \
	trusty/user/base/app/device_tree/tests/dtb/base \

ifeq (true,$(call TOBOOL,$(USER_COVERAGE_ENABLED)))
TRUSTY_ALL_USER_TASKS += \
	trusty/user/base/app/coverage \

endif

ifeq (true,$(call TOBOOL,$(UNITTEST_COVERAGE_ENABLED)))
TRUSTY_ALL_USER_TASKS += \
	trusty/user/base/app/line-coverage \

endif

# on generic-arm64 hwcrypto requires FAKE HWRNG and HWKEY services
WITH_FAKE_HWRNG ?= true
WITH_FAKE_HWKEY ?= true
WITH_FAKE_KEYBOX ?= true

# This project requires trusty IPC
WITH_TRUSTY_IPC := true

SYMTAB_ENABLED ?= true

# include software implementation of a SPI loopback device
WITH_SW_SPI_LOOPBACK ?= true

EXTRA_BUILDRULES += trusty/kernel/app/trusty/user-tasks.mk