Google Git
Sign in
android/trusty/device/x86/generic-x86_64/31b1500acf9fd8fac8866b50c1d1950d083b136a^!/.
commit
31b1500acf9fd8fac8866b50c1d1950d083b136a
[log]
author
Armelle Laine <armellel@google.com>
Sat Feb 15 14:04:01 2025 +0000
committer
Armelle Laine <armellel@google.com>
Sat Feb 15 14:04:01 2025 +0000
tree
dcf52c47964144f5894ef9ee09430409f0b6b3e3
parent
e416981c40a97fbf9d1da549b057370fe606c1f9 [diff]
project: vm-x86_64-security*.mk: update VM makefiles

fix placeholder-hal target:
- secure storage app also requires the metrics app
- complement with few missing app configs

fix security VM:
- remove secure storage

Bug: 394704863
Test: build any of the security VM targets
Change-Id: I7c5eb608968ef7b69af80966d2d0af63a6f6b0db

diff --git a/project/vm-x86_64-security-inc.mk b/project/vm-x86_64-security-inc.mk
index fd8e935..3e0aaf8 100644
--- a/project/vm-x86_64-security-inc.mk
+++ b/project/vm-x86_64-security-inc.mk

@@ -13,21 +13,18 @@
 # limitations under the License.
 #
 
-WITH_FAKE_HWRNG ?= false
-WITH_FAKE_HWKEY ?= false
-WITH_FAKE_KEYBOX ?= false
-
 include project/generic-x86_64-inc.mk
 
 #
 # overwrite list of TAs
 #
+TRUSTY_VM_INCLUDE_KEYMINT ?= true
+TRUSTY_VM_INCLUDE_GATEKEEPER ?= true
 
 # compiled from source
 TRUSTY_BUILTIN_USER_TASKS := \
 	trusty/user/app/gatekeeper \
 	trusty/user/app/keymint/app \
-	trusty/user/app/storage \
 	trusty/user/base/app/device_tree \
 
 ifeq (true,$(call TOBOOL,$(USER_COVERAGE_ENABLED)))

diff --git a/project/vm-x86_64-security-placeholder-trusted-hal-inc.mk b/project/vm-x86_64-security-placeholder-trusted-hal-inc.mk
index 7348785..8ae7741 100644
--- a/project/vm-x86_64-security-placeholder-trusted-hal-inc.mk
+++ b/project/vm-x86_64-security-placeholder-trusted-hal-inc.mk

@@ -13,22 +13,27 @@
 # limitations under the License.
 #
 
+#
+# complement with the placeholder trusted hals
+#
 WITH_FAKE_HWRNG ?= true
 WITH_FAKE_HWKEY ?= true
 WITH_FAKE_KEYBOX ?= true
 
-# Storage should send error reports to the metrics service
+# Derive RPMB key using HKDF
+WITH_HKDF_RPMB_KEY ?= true
+
 STORAGE_ENABLE_ERROR_REPORTING ?= true
 STORAGE_AIDL_ENABLED ?= true
+TRUSTY_VM_INCLUDE_SECURE_STORAGE_HAL ?= true
+
+KEYMINT_TRUSTY_VM ?= nonsecure
 
 include project/vm-x86_64-security-inc.mk
 
-#
-# complement with the placeholder trusted hals
-#
-
 TRUSTY_BUILTIN_USER_TASKS += \
 	trusty/user/app/storage \
+	trusty/user/base/app/metrics \
 	trusty/user/app/sample/hwaes \
 	trusty/user/app/sample/hwbcc \
 	trusty/user/app/sample/hwcrypto \

diff --git a/project/vm-x86_64-test-placeholder-trusted-hal-inc.mk b/project/vm-x86_64-test-placeholder-trusted-hal-inc.mk
index 6205e8d..c878745 100644
--- a/project/vm-x86_64-test-placeholder-trusted-hal-inc.mk
+++ b/project/vm-x86_64-test-placeholder-trusted-hal-inc.mk

@@ -13,22 +13,25 @@
 # limitations under the License.
 #
 
+#
+# complement with the placeholder trusted hals
+#
 WITH_FAKE_HWRNG ?= true
 WITH_FAKE_HWKEY ?= true
 WITH_FAKE_KEYBOX ?= true
 
+# Derive RPMB key using HKDF
+WITH_HKDF_RPMB_KEY ?= true
+
+STORAGE_ENABLE_ERROR_REPORTING ?= true
+STORAGE_AIDL_ENABLED ?= true
+TRUSTY_VM_INCLUDE_SECURE_STORAGE_HAL ?= true
+
 include project/vm-x86_64-test-inc.mk
 
-#
-# complement with the placeholder trusted hals
-#
-
-# Storage should send error reports to the metrics service
-STORAGE_ENABLE_ERROR_REPORTING := true
-STORAGE_AIDL_ENABLED := true
-
 TRUSTY_BUILTIN_USER_TASKS += \
 	trusty/user/app/storage \
+	trusty/user/base/app/metrics \
 	trusty/user/app/sample/hwaes \
 	trusty/user/app/sample/hwbcc \
 	trusty/user/app/sample/hwcrypto \