1// 2// Copyright (C) 2020 The Android Open Source Project 3// 4// Licensed under the Apache License, Version 2.0 (the "License"); 5// you may not use this file except in compliance with the License. 6// You may obtain a copy of the License at 7// 8// http://www.apache.org/licenses/LICENSE-2.0 9// 10// Unless required by applicable law or agreed to in writing, software 11// distributed under the License is distributed on an "AS IS" BASIS, 12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13// See the License for the specific language governing permissions and 14// limitations under the License. 15 16package { 17 default_applicable_licenses: ["Android-Apache-2.0"], 18} 19 20cc_defaults { 21 name: "secure_env_defaults", 22 shared_libs: [ 23 "libbase", 24 "libcppbor", 25 "libcppcose_rkp", 26 "libcrypto", 27 "libcutils", 28 "libcuttlefish_security", 29 "libcuttlefish_transport", 30 "libgatekeeper", 31 "libjsoncpp", 32 "libkeymaster_messages", 33 "libkeymaster_portable", 34 "liblog", 35 "libpuresoftkeymasterdevice_host", 36 "libsoft_attestation_cert", 37 "tpm2-tss2-esys", 38 "tpm2-tss2-mu", 39 "tpm2-tss2-rc", 40 "tpm2-tss2-tcti", 41 ], 42 static_libs: [ 43 "libscrypt_static", 44 "ms-tpm-20-ref-lib", 45 ], 46 cflags: [ 47 "-fno-rtti", // Required for libkeymaster_portable 48 ], 49 target: { 50 not_windows: { 51 static_libs: [ 52 "libcuttlefish_host_config", 53 ], 54 shared_libs: [ 55 "libcuttlefish_fs", 56 "libcuttlefish_kernel_log_monitor_utils", 57 "libcuttlefish_utils", 58 "libfruit", 59 ], 60 }, 61 linux: { 62 static_libs: [ 63 "libc++_static", 64 ], 65 }, 66 darwin: { 67 enabled: true, 68 }, 69 windows: { 70 cflags: [ 71 "-DNOGDI", 72 ], 73 static_libs: ["libcuttlefish_utils_result"], 74 }, 75 }, 76} 77 78common_libsecure_srcs = [ 79 "composite_serialization.cpp", 80 "encrypted_serializable.cpp", 81 "gatekeeper_responder.cpp", 82 "hmac_serializable.cpp", 83 "in_process_tpm.cpp", 84 "json_serializable.cpp", 85 "keymaster_responder.cpp", 86 "primary_key_builder.cpp", 87 "storage/storage.cpp", 88 "storage/tpm_storage.cpp", 89 "tpm_attestation_record.cpp", 90 "tpm_auth.cpp", 91 "tpm_commands.cpp", 92 "tpm_encrypt_decrypt.cpp", 93 "tpm_ffi.cpp", 94 "tpm_gatekeeper.cpp", 95 "tpm_hmac.cpp", 96 "tpm_key_blob_maker.cpp", 97 "tpm_keymaster_context.cpp", 98 "tpm_keymaster_enforcement.cpp", 99 "tpm_random_source.cpp", 100 "tpm_remote_provisioning_context.cpp", 101 "tpm_resource_manager.cpp", 102 "tpm_serialize.cpp", 103] 104 105// Things blocking us to use oemlock on windows: 106// 1. Missing transport implementation 107// 2. Missing file utils 108// 3. Base64 isn't supported (need for software oemlock implementation) 109cc_library { 110 name: "libsecure_env_not_windows", 111 shared_libs: [ 112 "libcuttlefish_command_util", 113 "libcuttlefish_run_cvd_proto", 114 "libprotobuf-cpp-full", 115 ], 116 srcs: common_libsecure_srcs + [ 117 "confui_sign_server.cpp", 118 "device_tpm.cpp", 119 "oemlock/oemlock.cpp", 120 "oemlock/oemlock_responder.cpp", 121 "storage/insecure_json_storage.cpp", 122 "suspend_resume_handler.cpp", 123 "worker_thread_loop_body.cpp", 124 ], 125 target: { 126 darwin: { 127 enabled: true, 128 }, 129 }, 130 defaults: [ 131 "cuttlefish_buildhost_only", 132 "secure_env_defaults", 133 ], 134} 135 136// Rust FFI bindings to access TPM-specific functionality in C/C++. 137rust_bindgen_host { 138 name: "libsecure_env_tpm", 139 source_stem: "libsecure_env_tpm", 140 crate_name: "secure_env_tpm", 141 wrapper_src: "tpm_ffi.h", 142 vendor_available: true, 143 static_libs: [ 144 "libsecure_env_not_windows", 145 ], 146 defaults: [ 147 "cuttlefish_buildhost_only", 148 "secure_env_defaults", 149 ], 150} 151 152cc_binary_host { 153 name: "secure_env", 154 static_libs: [ 155 "libgflags_cuttlefish", 156 ], 157 target: { 158 windows: { 159 enabled: true, 160 srcs: [ 161 "secure_env_windows_main.cpp", 162 ], 163 shared_libs: [ 164 "libsecure_env_win", 165 ], 166 }, 167 not_windows: { 168 srcs: [ 169 "secure_env_not_windows_main.cpp", 170 ], 171 shared_libs: [ 172 "libcuttlefish_command_util", 173 "libcuttlefish_run_cvd_proto", 174 ], 175 static_libs: [ 176 "libsecure_env_not_windows", 177 ], 178 }, 179 darwin: { 180 enabled: true, 181 }, 182 linux: { 183 shared_libs: [ 184 "libkmr_cf_ffi", 185 ], 186 }, 187 }, 188 defaults: [ 189 "cuttlefish_buildhost_only", 190 "secure_env_defaults", 191 ], 192} 193 194cc_library { 195 name: "libsecure_env_win", 196 srcs: common_libsecure_srcs + [ 197 "secure_env_windows_lib.cpp", 198 ], 199 header_libs: [ 200 "cuttlefish_common_headers", 201 ], 202 target: { 203 windows: { 204 enabled: true, 205 }, 206 not_windows: { 207 enabled: false, 208 }, 209 host: { 210 compile_multilib: "64", 211 }, 212 }, 213 device_supported: false, 214 host_supported: true, 215 defaults: ["secure_env_defaults"], 216} 217 218cc_test_host { 219 name: "libsecure_env_test", 220 srcs: [ 221 "encrypted_serializable_test.cpp", 222 "test_tpm.cpp", 223 ], 224 static_libs: [ 225 "libsecure_env_not_windows", 226 ], 227 defaults: [ 228 "cuttlefish_buildhost_only", 229 "secure_env_defaults", 230 ], 231 test_options: { 232 unit_test: true, 233 }, 234} 235