1*344aa361SAndroid Build Coastguard Worker# 2*344aa361SAndroid Build Coastguard Worker# Copyright (c) 2021, Google, Inc. All rights reserved 3*344aa361SAndroid Build Coastguard Worker# 4*344aa361SAndroid Build Coastguard Worker# Permission is hereby granted, free of charge, to any person obtaining 5*344aa361SAndroid Build Coastguard Worker# a copy of this software and associated documentation files 6*344aa361SAndroid Build Coastguard Worker# (the "Software"), to deal in the Software without restriction, 7*344aa361SAndroid Build Coastguard Worker# including without limitation the rights to use, copy, modify, merge, 8*344aa361SAndroid Build Coastguard Worker# publish, distribute, sublicense, and/or sell copies of the Software, 9*344aa361SAndroid Build Coastguard Worker# and to permit persons to whom the Software is furnished to do so, 10*344aa361SAndroid Build Coastguard Worker# subject to the following conditions: 11*344aa361SAndroid Build Coastguard Worker# 12*344aa361SAndroid Build Coastguard Worker# The above copyright notice and this permission notice shall be 13*344aa361SAndroid Build Coastguard Worker# included in all copies or substantial portions of the Software. 14*344aa361SAndroid Build Coastguard Worker# 15*344aa361SAndroid Build Coastguard Worker# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 16*344aa361SAndroid Build Coastguard Worker# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 17*344aa361SAndroid Build Coastguard Worker# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 18*344aa361SAndroid Build Coastguard Worker# IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY 19*344aa361SAndroid Build Coastguard Worker# CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, 20*344aa361SAndroid Build Coastguard Worker# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 21*344aa361SAndroid Build Coastguard Worker# SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 22*344aa361SAndroid Build Coastguard Worker# 23*344aa361SAndroid Build Coastguard Worker 24*344aa361SAndroid Build Coastguard Worker# The following set of variables must can be passed to trusty_app.mk: 25*344aa361SAndroid Build Coastguard Worker# 26*344aa361SAndroid Build Coastguard Worker# APP_NAME - an output file name (without extension) 27*344aa361SAndroid Build Coastguard Worker# APP_TOP_MODULE - top module to compile 28*344aa361SAndroid Build Coastguard Worker# APP_BUILDDIR - build directory 29*344aa361SAndroid Build Coastguard Worker# 30*344aa361SAndroid Build Coastguard Worker# To sign the app with a different key than the default one from 31*344aa361SAndroid Build Coastguard Worker# APPLOADER_SIGN_KEY_ID, set the following variable in rules.mk: 32*344aa361SAndroid Build Coastguard Worker# APPLOADER_SIGN_KEY_ID_FOR_$(MODULE) 33*344aa361SAndroid Build Coastguard Worker# 34*344aa361SAndroid Build Coastguard Worker# To encrypt an application, set the similar encryption variable: 35*344aa361SAndroid Build Coastguard Worker# APPLOADER_ENCRYPT_KEY_ID_FOR_$(MODULE) 36*344aa361SAndroid Build Coastguard Worker# 37*344aa361SAndroid Build Coastguard Worker# The following variable is modified and can be used by the caller: 38*344aa361SAndroid Build Coastguard Worker# LOADABLE_APP_LIST - list of loadable app locations 39*344aa361SAndroid Build Coastguard Worker 40*344aa361SAndroid Build Coastguard Worker# Build a loadable application 41*344aa361SAndroid Build Coastguard Workerifeq ($(strip $(LOADABLE_APP_TOOL)),) 42*344aa361SAndroid Build Coastguard WorkerLOADABLE_APP_TOOL := $(BUILDDIR)/host_tools/apploader_package_tool 43*344aa361SAndroid Build Coastguard Workerendif 44*344aa361SAndroid Build Coastguard Worker 45*344aa361SAndroid Build Coastguard Workerifeq ($(strip $(APP_ELF)),) 46*344aa361SAndroid Build Coastguard WorkerAPP_ELF := $(_MODULES_$(APP_TOP_MODULE)_TRUSTY_APP_ELF) 47*344aa361SAndroid Build Coastguard Workerendif 48*344aa361SAndroid Build Coastguard Workerifeq ($(strip $(APP_MANIFEST)),) 49*344aa361SAndroid Build Coastguard WorkerAPP_MANIFEST := $(_MODULES_$(APP_TOP_MODULE)_TRUSTY_APP_MANIFEST_BIN) 50*344aa361SAndroid Build Coastguard Workerendif 51*344aa361SAndroid Build Coastguard Worker 52*344aa361SAndroid Build Coastguard WorkerINITIAL_APP := $(patsubst %.elf,%.app.initial,$(APP_ELF)) 53*344aa361SAndroid Build Coastguard WorkerLOADABLE_APP := $(patsubst %.elf,%.app,$(APP_ELF)) 54*344aa361SAndroid Build Coastguard Worker 55*344aa361SAndroid Build Coastguard Worker$(INITIAL_APP): LOADABLE_APP_TOOL := $(LOADABLE_APP_TOOL) 56*344aa361SAndroid Build Coastguard Worker$(INITIAL_APP): LOG_NAME := $(APP_TOP_MODULE) 57*344aa361SAndroid Build Coastguard Worker$(INITIAL_APP): $(APP_ELF) $(APP_MANIFEST) $(LOADABLE_APP_TOOL) 58*344aa361SAndroid Build Coastguard Worker @$(MKDIR) 59*344aa361SAndroid Build Coastguard Worker @$(call ECHO,$(LOG_NAME),building app,$@) 60*344aa361SAndroid Build Coastguard Worker $(NOECHO)$(LOADABLE_APP_TOOL) -m build $@ $< $(word 2,$^) 61*344aa361SAndroid Build Coastguard Worker @$(call ECHO_DONE_SILENT,$(LOG_NAME),building app,$@) 62*344aa361SAndroid Build Coastguard Worker 63*344aa361SAndroid Build Coastguard Workerifneq ($(APPLOADER_ENCRYPT_KEY_ID_FOR_$(APP_TOP_MODULE)),) 64*344aa361SAndroid Build Coastguard WorkerAPP_ENCRYPT_KEY_ID := $(APPLOADER_ENCRYPT_KEY_ID_FOR_$(APP_TOP_MODULE)) 65*344aa361SAndroid Build Coastguard WorkerAPP_ENCRYPT_KEY_FILE := $(APPLOADER_ENCRYPT_KEY_$(APP_ENCRYPT_KEY_ID)_FILE) 66*344aa361SAndroid Build Coastguard Workerendif 67*344aa361SAndroid Build Coastguard Worker 68*344aa361SAndroid Build Coastguard Workerifneq ($(APP_ENCRYPT_KEY_FILE),) 69*344aa361SAndroid Build Coastguard WorkerENCRYPTED_APP := $(patsubst %.elf,%.app.encrypted,$(APP_ELF)) 70*344aa361SAndroid Build Coastguard Worker 71*344aa361SAndroid Build Coastguard Worker$(ENCRYPTED_APP): LOADABLE_APP_TOOL := $(LOADABLE_APP_TOOL) 72*344aa361SAndroid Build Coastguard Worker$(ENCRYPTED_APP): APP_ENCRYPT_KEY_FILE := $(APP_ENCRYPT_KEY_FILE) 73*344aa361SAndroid Build Coastguard Worker$(ENCRYPTED_APP): APP_ENCRYPT_KEY_ID := $(APP_ENCRYPT_KEY_ID) 74*344aa361SAndroid Build Coastguard Worker$(ENCRYPTED_APP): LOG_NAME := $(APP_TOP_MODULE) 75*344aa361SAndroid Build Coastguard Worker$(ENCRYPTED_APP): $(INITIAL_APP) $(APP_ENCRYPT_KEY_FILE) $(LOADABLE_APP_TOOL) 76*344aa361SAndroid Build Coastguard Worker @$(MKDIR) 77*344aa361SAndroid Build Coastguard Worker @$(call ECHO,$(LOG_NAME),building app,$@) 78*344aa361SAndroid Build Coastguard Worker $(NOECHO)$(LOADABLE_APP_TOOL) -m encrypt $@ $< \ 79*344aa361SAndroid Build Coastguard Worker $(APP_ENCRYPT_KEY_FILE) $(APP_ENCRYPT_KEY_ID) 80*344aa361SAndroid Build Coastguard Worker @$(call ECHO_DONE_SILENT,$(LOG_NAME),building app,$@) 81*344aa361SAndroid Build Coastguard Worker 82*344aa361SAndroid Build Coastguard WorkerUNSIGNED_APP := $(ENCRYPTED_APP) 83*344aa361SAndroid Build Coastguard Workerelse 84*344aa361SAndroid Build Coastguard WorkerUNSIGNED_APP := $(INITIAL_APP) 85*344aa361SAndroid Build Coastguard Workerendif 86*344aa361SAndroid Build Coastguard Worker 87*344aa361SAndroid Build Coastguard Worker# If we have an app-specific key identifier then use it, 88*344aa361SAndroid Build Coastguard Worker# otherwise use the global default 89*344aa361SAndroid Build Coastguard Workerifneq ($(APPLOADER_SIGN_KEY_ID_FOR_$(APP_TOP_MODULE)),) 90*344aa361SAndroid Build Coastguard WorkerAPP_SIGN_KEY_ID := $(APPLOADER_SIGN_KEY_ID_FOR_$(APP_TOP_MODULE)) 91*344aa361SAndroid Build Coastguard Workerelse 92*344aa361SAndroid Build Coastguard WorkerAPP_SIGN_KEY_ID := $(APPLOADER_SIGN_KEY_ID) 93*344aa361SAndroid Build Coastguard Workerendif 94*344aa361SAndroid Build Coastguard Worker 95*344aa361SAndroid Build Coastguard Workerifneq ($(APP_SIGN_KEY_ID),) 96*344aa361SAndroid Build Coastguard WorkerAPP_SIGN_KEY_FILE := $(APPLOADER_SIGN_PRIVATE_KEY_$(APP_SIGN_KEY_ID)_FILE) 97*344aa361SAndroid Build Coastguard Workerendif 98*344aa361SAndroid Build Coastguard Worker 99*344aa361SAndroid Build Coastguard Workerifneq ($(APP_SIGN_KEY_FILE),) 100*344aa361SAndroid Build Coastguard Worker$(LOADABLE_APP): LOADABLE_APP_TOOL := $(LOADABLE_APP_TOOL) 101*344aa361SAndroid Build Coastguard Worker$(LOADABLE_APP): APP_SIGN_KEY_FILE := $(APP_SIGN_KEY_FILE) 102*344aa361SAndroid Build Coastguard Worker$(LOADABLE_APP): APP_SIGN_KEY_ID := $(APP_SIGN_KEY_ID) 103*344aa361SAndroid Build Coastguard Worker$(LOADABLE_APP): LOG_NAME := $(APP_TOP_MODULE) 104*344aa361SAndroid Build Coastguard Worker$(LOADABLE_APP): $(UNSIGNED_APP) $(APP_SIGN_KEY_FILE) $(LOADABLE_APP_TOOL) 105*344aa361SAndroid Build Coastguard Worker @$(MKDIR) 106*344aa361SAndroid Build Coastguard Worker @$(call ECHO,$(LOG_NAME),building app,$@) 107*344aa361SAndroid Build Coastguard Worker $(NOECHO)$(LOADABLE_APP_TOOL) -m sign $@ $< \ 108*344aa361SAndroid Build Coastguard Worker $(APP_SIGN_KEY_FILE) $(APP_SIGN_KEY_ID) 109*344aa361SAndroid Build Coastguard Worker @$(call ECHO_DONE_SILENT,$(LOG_NAME),building app,$@) 110*344aa361SAndroid Build Coastguard Workerelse 111*344aa361SAndroid Build Coastguard Worker# If we don't have a signature file, just use the unsigned file as the output 112*344aa361SAndroid Build Coastguard Worker# This is needed because modules that import loadable apps, e.g., 113*344aa361SAndroid Build Coastguard Worker# app-mgmt-test, need the app files to exist 114*344aa361SAndroid Build Coastguard Worker# Note: apploader will refuse to load the unsigned application 115*344aa361SAndroid Build Coastguard Worker$(LOADABLE_APP): LOG_NAME := $(APP_TOP_MODULE) 116*344aa361SAndroid Build Coastguard Worker$(LOADABLE_APP): $(UNSIGNED_APP) 117*344aa361SAndroid Build Coastguard Worker @$(MKDIR) 118*344aa361SAndroid Build Coastguard Worker @$(call ECHO,$(LOG_NAME),building app,$@) 119*344aa361SAndroid Build Coastguard Worker @cp $< $@ 120*344aa361SAndroid Build Coastguard Worker @$(call ECHO_DONE_SILENT,$(LOG_NAME),building app,$@) 121*344aa361SAndroid Build Coastguard Worker 122*344aa361SAndroid Build Coastguard Worker$(warning Loadable application is not signed: $(LOADABLE_APP)) 123*344aa361SAndroid Build Coastguard Workerendif 124*344aa361SAndroid Build Coastguard Worker 125*344aa361SAndroid Build Coastguard WorkerGENERATED += $(LOADABLE_APP) 126*344aa361SAndroid Build Coastguard WorkerEXTRA_BUILDDEPS += $(LOADABLE_APP) 127*344aa361SAndroid Build Coastguard WorkerLOADABLE_APP_LIST += $(LOADABLE_APP) 128*344aa361SAndroid Build Coastguard Worker 129*344aa361SAndroid Build Coastguard Worker# Reset local variables 130*344aa361SAndroid Build Coastguard WorkerAPP_NAME := 131*344aa361SAndroid Build Coastguard WorkerAPP_BUILDDIR := 132*344aa361SAndroid Build Coastguard WorkerAPP_TOP_MODULE := 133*344aa361SAndroid Build Coastguard Worker 134*344aa361SAndroid Build Coastguard WorkerLOADABLE_APP_TOOL := 135*344aa361SAndroid Build Coastguard WorkerAPP_ELF := 136*344aa361SAndroid Build Coastguard WorkerAPP_MANIFEST := 137*344aa361SAndroid Build Coastguard Worker 138*344aa361SAndroid Build Coastguard WorkerINITIAL_APP := 139*344aa361SAndroid Build Coastguard WorkerUNSIGNED_APP := 140*344aa361SAndroid Build Coastguard WorkerENCRYPTED_APP := 141*344aa361SAndroid Build Coastguard WorkerLOADABLE_APP := 142*344aa361SAndroid Build Coastguard Worker 143*344aa361SAndroid Build Coastguard WorkerAPP_SIGN_KEY_ID := 144*344aa361SAndroid Build Coastguard WorkerAPP_SIGN_KEY_FILE := 145*344aa361SAndroid Build Coastguard WorkerAPP_ENCRYPT_KEY_ID := 146*344aa361SAndroid Build Coastguard WorkerAPP_ENCRYPT_KEY_FILE := 147