1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
|
# Copyright (C) 2015 The Android Open Source Project
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
LOCAL_DIR := $(GET_LOCAL_DIR)
DEBUG ?= 2
SMP_MAX_CPUS ?= 8
SMP_CPU_CLUSTER_SHIFT ?= 2
GIC_VERSION ?= 2
# Use modern KM wrapping key size (256-bits)
TRUSTY_KM_WRAPPING_KEY_SIZE ?= 32
TARGET := generic-arm64
ifeq (false,$(call TOBOOL,$(KERNEL_32BIT)))
# Arm64 address space configuration
USER_ASPACE_BASE := 0x0000000000008000
ifeq (false,$(call TOBOOL,$(USER_32BIT)))
USER_ASPACE_SIZE := 0x0000ffffffff8000
GLOBAL_DEFINES += MMU_USER_SIZE_SHIFT=48
else
USER_ASPACE_SIZE := 0x00000000ffff8000
GLOBAL_DEFINES += MMU_USER_SIZE_SHIFT=32
endif
KERNEL_BASE_ASLR ?= true
else
KERNEL_BASE := 0xc0000000
# ASLR is allowed on 32-bit platforms, but they are usually more space
# conscious, and the extra page tables and weight from PIE may be more than
# they want to pay.
# Set ASLR := true explicitly if you are a 32-bit platform and want ASLR.
ASLR ?= false
endif
# select timer
ifeq (true,$(call TOBOOL,$(KERNEL_32BIT)))
# 32 bit Secure EL1 with a 64 bit EL3 gets the non-secure physical timer
GLOBAL_DEFINES += TIMER_ARM_GENERIC_SELECTED=CNTP
else
GLOBAL_DEFINES += TIMER_ARM_GENERIC_SELECTED=CNTPS
endif
#
# GLOBAL definitions
#
# requires linker GC
WITH_LINKER_GC := 1
# Need support for Non-secure memory mapping
WITH_NS_MAPPING := true
# do not relocate kernel in physical memory
GLOBAL_DEFINES += WITH_NO_PHYS_RELOCATION=1
# limit heap grows
GLOBAL_DEFINES += HEAP_GROW_SIZE=8192
# enable LTO in user-tasks modules
USER_LTO_ENABLED ?= true
# enable LTO in kernel modules
KERNEL_LTO_ENABLED ?= true
# enable cfi in trusty modules
USER_CFI_ENABLED ?= true
KERNEL_CFI_ENABLED ?= true
ifeq ($(shell expr $(DEBUG) \>= 2), 1)
CFI_DIAGNOSTICS ?= true
endif
# disable UBSan by default
UBSAN_ENABLED ?= false
ifeq (true,$(call TOBOOL,$(UBSAN_ENABLED)))
include trusty/kernel/lib/ubsan/enable.mk
endif
ifeq (false,$(call TOBOOL,$(KERNEL_32BIT)))
KERNEL_SCS_ENABLED ?= true
ifeq (false,$(call TOBOOL,$(USER_32BIT)))
# enable shadow call stack in user-tasks modules
USER_SCS_ENABLED ?= true
endif
endif
# fall back to user-space stack protector if user-space SCS is off
ifneq (true,$(call TOBOOL,$(USER_SCS_ENABLED)))
USER_STACK_PROTECTOR ?= true
endif
#
# Modules to be compiled into lk.bin
#
MODULES += \
trusty/kernel/lib/sm \
trusty/kernel/lib/trusty \
trusty/kernel/lib/memlog \
trusty/kernel/lib/metrics \
trusty/kernel/services/apploader \
trusty/kernel/services/smc \
#
# Set user space arch
#
ifeq (true,$(call TOBOOL,$(KERNEL_32BIT)))
TRUSTY_USER_ARCH := arm
else
ifeq (true,$(call TOBOOL,$(USER_32BIT)))
TRUSTY_USER_ARCH := arm
GLOBAL_DEFINES += USER_32BIT=1
else
TRUSTY_USER_ARCH := arm64
endif
endif
#
# user tasks to be compiled into lk.bin
#
# prebuilt
TRUSTY_PREBUILT_USER_TASKS :=
# compiled from source
TRUSTY_BUILTIN_USER_TASKS := \
trusty/user/app/avb \
trusty/user/app/cast-auth/app \
trusty/user/app/confirmationui \
trusty/user/app/gatekeeper \
trusty/user/app/keymaster \
trusty/user/app/sample/hwaes \
trusty/user/app/sample/hwbcc \
trusty/user/app/sample/hwcrypto \
trusty/user/app/sample/secure_fb_mock_impl \
trusty/user/app/storage \
trusty/user/base/app/apploader \
trusty/user/base/app/metrics \
trusty/user/base/app/system_state_server_static \
ifeq (true,$(call TOBOOL,$(USER_COVERAGE_ENABLED)))
TRUSTY_ALL_USER_TASKS += \
trusty/user/base/app/coverage \
endif
# on generic-arm64 hwcrypto requires FAKE HWRNG and HWKEY services
WITH_FAKE_HWRNG ?= true
WITH_FAKE_HWKEY ?= true
# This project requires trusty IPC
WITH_TRUSTY_IPC := true
SYMTAB_ENABLED ?= true
# include software implementation of a SPI loopback device
WITH_SW_SPI_LOOPBACK ?= true
EXTRA_BUILDRULES += trusty/kernel/app/trusty/user-tasks.mk
|
