make/loadable_app.mk - platform/prebuilts/trusty/sysroot - Git at Google

 #
 # Copyright (c) 2021, Google, Inc. All rights reserved
 #
 # Permission is hereby granted, free of charge, to any person obtaining
 # a copy of this software and associated documentation files
 # (the "Software"), to deal in the Software without restriction,
 # including without limitation the rights to use, copy, modify, merge,
 # publish, distribute, sublicense, and/or sell copies of the Software,
 # and to permit persons to whom the Software is furnished to do so,
 # subject to the following conditions:
 #
 # The above copyright notice and this permission notice shall be
 # included in all copies or substantial portions of the Software.
 #
 # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
 # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
 # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
 # IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
 # CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
 # TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
 # SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 #

 # The following set of variables must can be passed to trusty_app.mk:
 #
 #     APP_NAME - an output file name (without extension)
 #     APP_TOP_MODULE - top module to compile
 #     APP_BUILDDIR - build directory
 #
 # To sign the app with a different key than the default one from
 # APPLOADER_SIGN_KEY_ID, set the following variable in rules.mk:
 #     APPLOADER_SIGN_KEY_ID_FOR_$(MODULE)
 #
 # To encrypt an application, set the similar encryption variable:
 #     APPLOADER_ENCRYPT_KEY_ID_FOR_$(MODULE)
 #
 # The following variable is modified and can be used by the caller:
 #     LOADABLE_APP_LIST - list of loadable app locations

 # Build a loadable application
 ifeq ($(strip $(LOADABLE_APP_TOOL)),)
 LOADABLE_APP_TOOL := $(BUILDDIR)/host_tools/apploader_package_tool
 endif

 ifeq ($(strip $(APP_ELF)),)
 APP_ELF := $(_MODULES_$(APP_TOP_MODULE)_TRUSTY_APP_ELF)
 endif
 ifeq ($(strip $(APP_MANIFEST)),)
 APP_MANIFEST := $(_MODULES_$(APP_TOP_MODULE)_TRUSTY_APP_MANIFEST_BIN)
 endif

 INITIAL_APP := $(patsubst %.elf,%.app.initial,$(APP_ELF))
 LOADABLE_APP := $(patsubst %.elf,%.app,$(APP_ELF))

 $(INITIAL_APP): LOADABLE_APP_TOOL := $(LOADABLE_APP_TOOL)
 $(INITIAL_APP): $(APP_ELF) $(APP_MANIFEST) $(LOADABLE_APP_TOOL)
 	@$(MKDIR)
 	@echo building $@ from $<
 	$(NOECHO)$(LOADABLE_APP_TOOL) -m build $@ $< $(word 2,$^)

 ifneq ($(APPLOADER_ENCRYPT_KEY_ID_FOR_$(APP_TOP_MODULE)),)
 APP_ENCRYPT_KEY_ID := $(APPLOADER_ENCRYPT_KEY_ID_FOR_$(APP_TOP_MODULE))
 APP_ENCRYPT_KEY_FILE := $(APPLOADER_ENCRYPT_KEY_$(APP_ENCRYPT_KEY_ID)_FILE)
 endif

 ifneq ($(APP_ENCRYPT_KEY_FILE),)
 ENCRYPTED_APP := $(patsubst %.elf,%.app.encrypted,$(APP_ELF))

 $(ENCRYPTED_APP): LOADABLE_APP_TOOL := $(LOADABLE_APP_TOOL)
 $(ENCRYPTED_APP): APP_ENCRYPT_KEY_FILE := $(APP_ENCRYPT_KEY_FILE)
 $(ENCRYPTED_APP): APP_ENCRYPT_KEY_ID := $(APP_ENCRYPT_KEY_ID)
 $(ENCRYPTED_APP): $(INITIAL_APP) $(APP_ENCRYPT_KEY_FILE) $(LOADABLE_APP_TOOL)
 	@$(MKDIR)
 	@echo building $@ from $<
 	$(NOECHO)$(LOADABLE_APP_TOOL) -m encrypt $@ $< \
 		$(APP_ENCRYPT_KEY_FILE) $(APP_ENCRYPT_KEY_ID)

 UNSIGNED_APP := $(ENCRYPTED_APP)
 else
 UNSIGNED_APP := $(INITIAL_APP)
 endif

 # If we have an app-specific key identifier then use it,
 # otherwise use the global default
 ifneq ($(APPLOADER_SIGN_KEY_ID_FOR_$(APP_TOP_MODULE)),)
 APP_SIGN_KEY_ID := $(APPLOADER_SIGN_KEY_ID_FOR_$(APP_TOP_MODULE))
 else
 APP_SIGN_KEY_ID := $(APPLOADER_SIGN_KEY_ID)
 endif

 ifneq ($(APP_SIGN_KEY_ID),)
 APP_SIGN_KEY_FILE := $(APPLOADER_SIGN_PRIVATE_KEY_$(APP_SIGN_KEY_ID)_FILE)
 endif

 ifneq ($(APP_SIGN_KEY_FILE),)
 $(LOADABLE_APP): LOADABLE_APP_TOOL := $(LOADABLE_APP_TOOL)
 $(LOADABLE_APP): APP_SIGN_KEY_FILE := $(APP_SIGN_KEY_FILE)
 $(LOADABLE_APP): APP_SIGN_KEY_ID := $(APP_SIGN_KEY_ID)
 $(LOADABLE_APP): $(UNSIGNED_APP) $(APP_SIGN_KEY_FILE) $(LOADABLE_APP_TOOL)
 	@$(MKDIR)
 	@echo building $@ from $<
 	$(NOECHO)$(LOADABLE_APP_TOOL) -m sign $@ $< \
 		$(APP_SIGN_KEY_FILE) $(APP_SIGN_KEY_ID)
 else
 # If we don't have a signature file, just use the unsigned file as the output
 # This is needed because modules that import loadable apps, e.g.,
 # app-mgmt-test, need the app files to exist
 # Note: apploader will refuse to load the unsigned application
 $(LOADABLE_APP): $(UNSIGNED_APP)
 	@$(MKDIR)
 	@echo copying $< to $@
 	@cp $< $@

 $(warning Loadable application is not signed: $(LOADABLE_APP))
 endif

 GENERATED += $(LOADABLE_APP)
 EXTRA_BUILDDEPS += $(LOADABLE_APP)
 LOADABLE_APP_LIST += $(LOADABLE_APP)

 # Reset local variables
 APP_NAME :=
 APP_BUILDDIR :=
 APP_TOP_MODULE :=

 LOADABLE_APP_TOOL :=
 APP_ELF :=
 APP_MANIFEST :=

 INITIAL_APP :=
 UNSIGNED_APP :=
 ENCRYPTED_APP :=
 LOADABLE_APP :=

 APP_SIGN_KEY_ID :=
 APP_SIGN_KEY_FILE :=
 APP_ENCRYPT_KEY_ID :=
 APP_ENCRYPT_KEY_FILE :=
	#
	# Copyright (c) 2021, Google, Inc. All rights reserved
	#
	# Permission is hereby granted, free of charge, to any person obtaining
	# a copy of this software and associated documentation files
	# (the "Software"), to deal in the Software without restriction,
	# including without limitation the rights to use, copy, modify, merge,
	# publish, distribute, sublicense, and/or sell copies of the Software,
	# and to permit persons to whom the Software is furnished to do so,
	# subject to the following conditions:
	#
	# The above copyright notice and this permission notice shall be
	# included in all copies or substantial portions of the Software.
	#
	# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
	# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
	# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
	# IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
	# CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
	# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
	# SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
	#

	# The following set of variables must can be passed to trusty_app.mk:
	#
	# APP_NAME - an output file name (without extension)
	# APP_TOP_MODULE - top module to compile
	# APP_BUILDDIR - build directory
	#
	# To sign the app with a different key than the default one from
	# APPLOADER_SIGN_KEY_ID, set the following variable in rules.mk:
	# APPLOADER_SIGN_KEY_ID_FOR_$(MODULE)
	#
	# To encrypt an application, set the similar encryption variable:
	# APPLOADER_ENCRYPT_KEY_ID_FOR_$(MODULE)
	#
	# The following variable is modified and can be used by the caller:
	# LOADABLE_APP_LIST - list of loadable app locations

	# Build a loadable application
	ifeq ($(strip $(LOADABLE_APP_TOOL)),)
	LOADABLE_APP_TOOL := $(BUILDDIR)/host_tools/apploader_package_tool
	endif

	ifeq ($(strip $(APP_ELF)),)
	APP_ELF := $(_MODULES_$(APP_TOP_MODULE)_TRUSTY_APP_ELF)
	endif
	ifeq ($(strip $(APP_MANIFEST)),)
	APP_MANIFEST := $(_MODULES_$(APP_TOP_MODULE)_TRUSTY_APP_MANIFEST_BIN)
	endif

	INITIAL_APP := $(patsubst %.elf,%.app.initial,$(APP_ELF))
	LOADABLE_APP := $(patsubst %.elf,%.app,$(APP_ELF))

	$(INITIAL_APP): LOADABLE_APP_TOOL := $(LOADABLE_APP_TOOL)
	$(INITIAL_APP): $(APP_ELF) $(APP_MANIFEST) $(LOADABLE_APP_TOOL)
	@$(MKDIR)
	@echo building $@ from $<
	$(NOECHO)$(LOADABLE_APP_TOOL) -m build $@ $< $(word 2,$^)

	ifneq ($(APPLOADER_ENCRYPT_KEY_ID_FOR_$(APP_TOP_MODULE)),)
	APP_ENCRYPT_KEY_ID := $(APPLOADER_ENCRYPT_KEY_ID_FOR_$(APP_TOP_MODULE))
	APP_ENCRYPT_KEY_FILE := $(APPLOADER_ENCRYPT_KEY_$(APP_ENCRYPT_KEY_ID)_FILE)
	endif

	ifneq ($(APP_ENCRYPT_KEY_FILE),)
	ENCRYPTED_APP := $(patsubst %.elf,%.app.encrypted,$(APP_ELF))

	$(ENCRYPTED_APP): LOADABLE_APP_TOOL := $(LOADABLE_APP_TOOL)
	$(ENCRYPTED_APP): APP_ENCRYPT_KEY_FILE := $(APP_ENCRYPT_KEY_FILE)
	$(ENCRYPTED_APP): APP_ENCRYPT_KEY_ID := $(APP_ENCRYPT_KEY_ID)
	$(ENCRYPTED_APP): $(INITIAL_APP) $(APP_ENCRYPT_KEY_FILE) $(LOADABLE_APP_TOOL)
	@$(MKDIR)
	@echo building $@ from $<
	$(NOECHO)$(LOADABLE_APP_TOOL) -m encrypt $@ $< \
	$(APP_ENCRYPT_KEY_FILE) $(APP_ENCRYPT_KEY_ID)

	UNSIGNED_APP := $(ENCRYPTED_APP)
	else
	UNSIGNED_APP := $(INITIAL_APP)
	endif

	# If we have an app-specific key identifier then use it,
	# otherwise use the global default
	ifneq ($(APPLOADER_SIGN_KEY_ID_FOR_$(APP_TOP_MODULE)),)
	APP_SIGN_KEY_ID := $(APPLOADER_SIGN_KEY_ID_FOR_$(APP_TOP_MODULE))
	else
	APP_SIGN_KEY_ID := $(APPLOADER_SIGN_KEY_ID)
	endif

	ifneq ($(APP_SIGN_KEY_ID),)
	APP_SIGN_KEY_FILE := $(APPLOADER_SIGN_PRIVATE_KEY_$(APP_SIGN_KEY_ID)_FILE)
	endif

	ifneq ($(APP_SIGN_KEY_FILE),)
	$(LOADABLE_APP): LOADABLE_APP_TOOL := $(LOADABLE_APP_TOOL)
	$(LOADABLE_APP): APP_SIGN_KEY_FILE := $(APP_SIGN_KEY_FILE)
	$(LOADABLE_APP): APP_SIGN_KEY_ID := $(APP_SIGN_KEY_ID)
	$(LOADABLE_APP): $(UNSIGNED_APP) $(APP_SIGN_KEY_FILE) $(LOADABLE_APP_TOOL)
	@$(MKDIR)
	@echo building $@ from $<
	$(NOECHO)$(LOADABLE_APP_TOOL) -m sign $@ $< \
	$(APP_SIGN_KEY_FILE) $(APP_SIGN_KEY_ID)
	else
	# If we don't have a signature file, just use the unsigned file as the output
	# This is needed because modules that import loadable apps, e.g.,
	# app-mgmt-test, need the app files to exist
	# Note: apploader will refuse to load the unsigned application
	$(LOADABLE_APP): $(UNSIGNED_APP)
	@$(MKDIR)
	@echo copying $< to $@
	@cp $< $@

	$(warning Loadable application is not signed: $(LOADABLE_APP))
	endif

	GENERATED += $(LOADABLE_APP)
	EXTRA_BUILDDEPS += $(LOADABLE_APP)
	LOADABLE_APP_LIST += $(LOADABLE_APP)

	# Reset local variables
	APP_NAME :=
	APP_BUILDDIR :=
	APP_TOP_MODULE :=

	LOADABLE_APP_TOOL :=
	APP_ELF :=
	APP_MANIFEST :=

	INITIAL_APP :=
	UNSIGNED_APP :=
	ENCRYPTED_APP :=
	LOADABLE_APP :=

	APP_SIGN_KEY_ID :=
	APP_SIGN_KEY_FILE :=
	APP_ENCRYPT_KEY_ID :=
	APP_ENCRYPT_KEY_FILE :=