1# Copyright (C) 2021 The Android Open Source Project 2# 3# Licensed under the Apache License, Version 2.0 (the "License"); 4# you may not use this file except in compliance with the License. 5# You may obtain a copy of the License at 6# 7# http://www.apache.org/licenses/LICENSE-2.0 8# 9# Unless required by applicable law or agreed to in writing, software 10# distributed under the License is distributed on an "AS IS" BASIS, 11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12# See the License for the specific language governing permissions and 13# limitations under the License. 14# 15 16LOCAL_DIR := $(GET_LOCAL_DIR) 17 18PACKAGE_DIR := $(TRUSTY_TOP)/trusty/user/base/lib/apploader_package 19OPEN_DICE_DIR := $(TRUSTY_TOP)/external/open-dice 20 21HOST_TOOL_NAME := apploader_package_tool 22 23HOST_SRCS := \ 24 $(LOCAL_DIR)/apploader_package_tool.cpp \ 25 $(LOCAL_DIR)/../app_manifest_parser.cpp \ 26 $(PACKAGE_DIR)/cose.cpp \ 27 $(OPEN_DICE_DIR)/src/cbor_reader.c \ 28 $(OPEN_DICE_DIR)/src/cbor_writer.c \ 29 30HOST_INCLUDE_DIRS := \ 31 trusty/user/base/interface/apploader/include \ 32 trusty/user/base/lib/apploader_package/include \ 33 trusty/user/base/lib/apploader_policy_engine/include \ 34 external/open-dice/include \ 35 36# libcppbor checks if __TRUSTY__ is defined to determine whether it's linked 37# into Android or Trusty; the library uses some Android-specific logging and 38# other APIs that host tools don't provide, so we define __TRUSTY__ here to 39# disable all the Android-specific code in libcppbor. 40HOST_FLAGS := -D__TRUSTY__ 41 42# The COSE code also needs to use different APIs/macros for error printing 43# depending on whether it's compiled for a host tool or Trusty application. 44HOST_FLAGS += -D__COSE_HOST__ 45 46# Select app package signing variant 47ifeq (true,$(call TOBOOL,$(APPLOADER_PACKAGE_SIGN_P384))) 48HOST_FLAGS += -DAPPLOADER_PACKAGE_SIGN_P384 49endif 50 51# Select app package cipher variant 52ifeq (true,$(call TOBOOL,$(APPLOADER_PACKAGE_CIPHER_A256))) 53HOST_FLAGS += -DAPPLOADER_PACKAGE_CIPHER_A256 54endif 55 56# Build as a static binary for portability 57HOST_STATIC_LINK := true 58 59HOST_LIBS := \ 60 c++ \ 61 62# Build and statically link in boringssl so we don't have to worry about what 63# version the host environment provides. OpenSSL 3.0 deprecates several of the 64# low-level APIs used for trusty app signing and encryption. 65HOST_DEPS := \ 66 trusty/user/base/host/boringssl \ 67 trusty/kernel/lib/app_manifest/host \ 68 69# If requested, the apploader can be built with the policy engine for key 70# checking functionality. This requires the policy engine API be 71# implemented in a host library. 72ifeq (true,$(call TOBOOL,$(APPLOADER_PACKAGE_TOOL_WITH_POLICY_ENGINE))) 73HOST_FLAGS += -DWITH_APPLOADER_POLICY_ENGINE 74HOST_DEPS += $(TRUSTY_APPLOADER_POLICY_ENGINE)/host 75endif 76 77include make/host_tool.mk 78