| # Copyright 2019 The ChromiumOS Authors |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| import("//common-mk/flatbuffer.gni") |
| import("//common-mk/pkg_config.gni") |
| import("//common-mk/proto_library.gni") |
| |
| group("all") { |
| deps = [ |
| ":install_error_h", |
| ":install_headers", |
| ":install_headers_overalls", |
| ":install_headers_structures", |
| ":libhwsec", |
| ":libhwsec_client", |
| ] |
| if (use.test) { |
| deps += [ |
| ":hwsec_testrunner", |
| ":libhwsec_test", |
| ] |
| } |
| if (use.fuzzer) { |
| deps += [ |
| ":libhwsec_tpm1_cmk_migration_parser_fuzzer", |
| ":libhwsec_tpm2_backend_fuzzer", |
| ] |
| } |
| } |
| |
| pkg_config("target_defaults") { |
| pkg_deps = [ |
| "absl", |
| "libbrillo", |
| "libchrome", |
| "libcrossystem", |
| "libmetrics", |
| "libtpm_manager-client", |
| "openssl", |
| "system_api", |
| ] |
| if (use.fuzzer) { |
| pkg_deps += [ "protobuf" ] |
| } else { |
| pkg_deps += [ "protobuf-lite" ] |
| } |
| |
| libs = [ |
| "hwsec-foundation", |
| "tpm_manager", |
| ] |
| |
| defines = [ |
| "BUILD_LIBHWSEC", |
| "USE_TPM_DYNAMIC=${use.tpm_dynamic}", |
| "USE_TPM1=${use.tpm}||${use.test}", |
| "USE_TPM2=${use.tpm2}||${use.test}", |
| "USE_FUZZER=${use.fuzzer}", |
| ] |
| |
| cflags = [ "-Wconsumed" ] |
| } |
| |
| static_library("overalls_library") { |
| sources = [ |
| "overalls/overalls_api.cc", |
| "overalls/overalls_singleton.cc", |
| ] |
| configs += [ |
| ":target_defaults", |
| "//common-mk:pic", |
| ] |
| } |
| |
| source_set("error_library") { |
| sources = [ |
| "error/tpm_error.cc", |
| "error/tpm_manager_error.cc", |
| "error/tpm_nvram_error.cc", |
| "error/tpm_retry_action.cc", |
| ] |
| deps = [] |
| if (use.tpm2 || use.fuzzer || use.test) { |
| sources += [ "error/tpm2_error.cc" ] |
| deps += [ ":install_tpm2_error_h" ] |
| } |
| if (use.tpm || use.fuzzer || use.test) { |
| sources += [ "error/tpm1_error.cc" ] |
| deps += [ ":install_tpm1_error_h" ] |
| } |
| configs += [ |
| ":target_defaults", |
| "//common-mk:pic", |
| ] |
| } |
| |
| install_config("install_tpm1_headers") { |
| sources = [ "test_utils/tpm1/test_fixture.h" ] |
| install_path = "/usr/include/chromeos/libhwsec/test_utils/tpm1" |
| } |
| |
| install_config("install_tpm1_error_h") { |
| sources = [ "error/tpm1_error.h" ] |
| install_path = "/usr/include/chromeos/libhwsec/error" |
| } |
| |
| install_config("install_tpm2_error_h") { |
| sources = [ "error/tpm2_error.h" ] |
| install_path = "/usr/include/chromeos/libhwsec/error" |
| } |
| |
| shared_library("libhwsec_test") { |
| sources = [ |
| "factory/tpm2_simulator_factory_for_test.cc", |
| "platform/fake_platform.cc", |
| "proxy/tpm2_simulator_proxy_for_test.cc", |
| "test_utils/fake_tpm_nvram_for_test.cc", |
| ] |
| if (use.tpm) { |
| sources += [ "test_utils/tpm1/test_fixture.cc" ] |
| } |
| pkg_deps = [ "libcrossystem-test" ] |
| configs += [ ":target_defaults" ] |
| libs = [ |
| "tpm2", |
| "tpm2_simulator_executor", |
| "trunks", |
| "trunks_test", |
| "trunksd_lib", |
| "pinweaver", |
| ] |
| install_path = "lib" |
| deps = [ |
| ":hardware_abstraction_internal_library", |
| ":libhwsec", |
| ] |
| } |
| |
| config("libhwsec_tpm1_config") { |
| libs = [ "tspi" ] |
| } |
| |
| config("libhwsec_tpm2_config") { |
| libs = [ "trunks" ] |
| } |
| |
| flatbuffer("python-flatbuffers-reflection") { |
| flatc_out_dir = "python" |
| flatc_args = [ "--python" ] |
| sources = [ "${sysroot}/usr/include/flatbuffers/reflection.fbs" ] |
| } |
| |
| flatbuffer("signature-sealed-data-flatbuffers") { |
| flatc_out_dir = "include/libhwsec/structures" |
| flatc_args = [ |
| # Default flatbuffer flags used in Chrome OS. |
| "--cpp", |
| "--keep-prefix", |
| |
| # Generate code for enums using C++11 scoped enums. |
| "--scoped-enums", |
| ] |
| sources = [ "structures/signature_sealed_data.fbs" ] |
| } |
| |
| flatbuffer("signature-sealed-data-flatbuffers-binding-binary") { |
| flatc_out_dir = "bfbs" |
| flatc_args = [ |
| "--binary", |
| "--schema", |
| ] |
| sources = [ "structures/signature_sealed_data.fbs" ] |
| } |
| |
| # Put the generator in the same folder that the generated flatbuffers |
| # reflection python library exist. |
| copy("flatbuffers-binding-generator") { |
| sources = [ |
| "../libhwsec-foundation/flatbuffers/flatbuffer_cpp_binding_generator.py", |
| ] |
| outputs = [ "${root_gen_dir}/python/flatbuffer_cpp_binding_generator.py" ] |
| deps = [ ":python-flatbuffers-reflection" ] |
| } |
| |
| action("signature-sealed-data-flatbuffers-binding-generate") { |
| script = "${root_gen_dir}/python/flatbuffer_cpp_binding_generator.py" |
| inputs = [ "structures/signature_sealed_data.fbs" ] |
| outputs = [ |
| "${root_gen_dir}/include/libhwsec/structures/signature_sealed_data.h", |
| "${root_gen_dir}/include/libhwsec/structures/signature_sealed_data_flatbuffer.h", |
| "${root_gen_dir}/include/libhwsec/structures/signature_sealed_data.cc", |
| "${root_gen_dir}/include/libhwsec/structures/signature_sealed_data_test_utils.h", |
| ] |
| args = [ |
| "--output_dir=${root_gen_dir}/include/libhwsec/structures", |
| "--guard_prefix=LIBLWSEC_STRUCTURES_SIGNATURE_SEALED_DATA", |
| "--flatbuffer_header_include_paths", |
| "libhwsec/structures/signature_sealed_data.h", |
| "--flatbuffer_header_include_paths", |
| "libhwsec/structures/signature_sealed_data_generated.h", |
| "--flatbuffer_header_include_paths", |
| "libhwsec-foundation/flatbuffers/basic_objects.h", |
| "--impl_include_paths", |
| "libhwsec/structures/signature_sealed_data.h", |
| "--impl_include_paths", |
| "libhwsec/structures/signature_sealed_data_flatbuffer.h", |
| "--impl_include_paths", |
| "libhwsec-foundation/flatbuffers/flatbuffer_secure_allocator_bridge.h", |
| "--test_utils_header_include_path", |
| "libhwsec/structures/signature_sealed_data.h", |
| "${root_gen_dir}/bfbs/signature_sealed_data.bfbs", |
| ] |
| deps = [ |
| ":flatbuffers-binding-generator", |
| ":signature-sealed-data-flatbuffers", |
| ":signature-sealed-data-flatbuffers-binding-binary", |
| ] |
| } |
| |
| # The sources that contain HWSEC_EXPORT. |
| # The exported symbols should only be linked to one shared library. |
| source_set("hardware_abstraction_external_library") { |
| sources = [ |
| "${root_gen_dir}/include/libhwsec/structures/signature_sealed_data.cc", |
| "factory/factory_impl.cc", |
| "middleware/middleware_owner.cc", |
| "structures/key.cc", |
| ] |
| |
| libs = [] |
| |
| if (use.fuzzer) { |
| sources += [ "factory/fuzzed_factory.cc" ] |
| } |
| |
| configs += [ |
| ":target_defaults", |
| "//common-mk:pic", |
| ] |
| |
| deps = [ ":signature-sealed-data-flatbuffers-binding-generate" ] |
| } |
| |
| proto_library("oobe_config_encrypted_data_proto") { |
| proto_in_dir = "." |
| proto_out_dir = "include/libhwsec/" |
| sources = [ "${proto_in_dir}/frontend/oobe_config/encrypted_data.proto" ] |
| } |
| |
| # The sources that don't contain HWSEC_EXPORT. |
| # This can be linked to multiple shared library. |
| source_set("hardware_abstraction_internal_library") { |
| sources = [ |
| "backend/digest_algorithms.cc", |
| "error/tpm_retry_handler.cc", |
| "frontend/arc_attestation/frontend_impl.cc", |
| "frontend/attestation/frontend_impl.cc", |
| "frontend/bootlockbox/frontend_impl.cc", |
| "frontend/chaps/frontend_impl.cc", |
| "frontend/client/frontend_impl.cc", |
| "frontend/cryptohome/frontend_impl.cc", |
| "frontend/frontend_impl.cc", |
| "frontend/local_data_migration/frontend_impl.cc", |
| "frontend/oobe_config/frontend_impl.cc", |
| "frontend/optee-plugin/frontend_impl.cc", |
| "frontend/pinweaver/frontend_impl.cc", |
| "frontend/recovery_crypto/frontend_impl.cc", |
| "frontend/u2fd/frontend_impl.cc", |
| "frontend/u2fd/vendor_frontend_impl.cc", |
| "middleware/function_name.cc", |
| "middleware/metrics.cc", |
| "platform/platform_impl.cc", |
| "proxy/proxy.cc", |
| "proxy/proxy_impl.cc", |
| ] |
| |
| libs = [] |
| |
| configs += [ |
| ":target_defaults", |
| "//common-mk:pic", |
| ] |
| |
| if (use.tpm || use.test) { |
| sources += [ |
| "backend/tpm1/attestation.cc", |
| "backend/tpm1/backend.cc", |
| "backend/tpm1/config.cc", |
| "backend/tpm1/da_mitigation.cc", |
| "backend/tpm1/deriving.cc", |
| "backend/tpm1/encryption.cc", |
| "backend/tpm1/key_management.cc", |
| "backend/tpm1/pinweaver.cc", |
| "backend/tpm1/random.cc", |
| "backend/tpm1/recovery_crypto.cc", |
| "backend/tpm1/sealing.cc", |
| "backend/tpm1/signature_sealing.cc", |
| "backend/tpm1/signing.cc", |
| "backend/tpm1/state.cc", |
| "backend/tpm1/storage.cc", |
| "backend/tpm1/tss_helper.cc", |
| "backend/tpm1/u2f.cc", |
| "backend/tpm1/vendor.cc", |
| "backend/tpm1/version_attestation.cc", |
| ] |
| libs += [ "tspi" ] |
| } |
| |
| if (use.tpm || use.test || use.fuzzer) { |
| sources += [ "backend/tpm1/static_utils.cc" ] |
| libs += [ "tspi" ] |
| } |
| |
| if (use.tpm2 || use.test) { |
| sources += [ |
| "backend/tpm2/attestation.cc", |
| "backend/tpm2/backend.cc", |
| "backend/tpm2/config.cc", |
| "backend/tpm2/da_mitigation.cc", |
| "backend/tpm2/deriving.cc", |
| "backend/tpm2/encryption.cc", |
| "backend/tpm2/key_management.cc", |
| "backend/tpm2/pinweaver.cc", |
| "backend/tpm2/random.cc", |
| "backend/tpm2/recovery_crypto.cc", |
| "backend/tpm2/ro_data.cc", |
| "backend/tpm2/sealing.cc", |
| "backend/tpm2/session_management.cc", |
| "backend/tpm2/signature_sealing.cc", |
| "backend/tpm2/signing.cc", |
| "backend/tpm2/state.cc", |
| "backend/tpm2/static_utils.cc", |
| "backend/tpm2/storage.cc", |
| "backend/tpm2/u2f.cc", |
| "backend/tpm2/vendor.cc", |
| "backend/tpm2/version_attestation.cc", |
| ] |
| libs += [ "trunks" ] |
| } |
| |
| public_deps = [ ":signature-sealed-data-flatbuffers-binding-generate" ] |
| deps = [ ":oobe_config_encrypted_data_proto" ] |
| } |
| |
| shared_library("libhwsec") { |
| configs += [ ":target_defaults" ] |
| all_dependent_configs = [] |
| install_path = "lib" |
| deps = [ |
| ":error_library", |
| ":hardware_abstraction_external_library", |
| ":hardware_abstraction_internal_library", |
| ] |
| if (use.tpm2 || use.fuzzer || use.test) { |
| all_dependent_configs += [ ":libhwsec_tpm2_config" ] |
| } |
| if (use.tpm || use.fuzzer || use.test) { |
| all_dependent_configs += [ ":libhwsec_tpm1_config" ] |
| deps += [ ":overalls_library" ] |
| } |
| } |
| |
| executable("libhwsec_client") { |
| sources = [ "client/main.cc" ] |
| configs += [ ":target_defaults" ] |
| install_path = "bin" |
| |
| deps = [ ":libhwsec" ] |
| } |
| |
| install_config("install_headers") { |
| sources = [ "hwsec_export.h" ] |
| install_path = "/usr/include/chromeos/libhwsec" |
| } |
| |
| install_config("install_headers_structures") { |
| sources = [ |
| "${root_gen_dir}/include/libhwsec/structures/signature_sealed_data.h", |
| "${root_gen_dir}/include/libhwsec/structures/signature_sealed_data_flatbuffer.h", |
| "${root_gen_dir}/include/libhwsec/structures/signature_sealed_data_generated.h", |
| "${root_gen_dir}/include/libhwsec/structures/signature_sealed_data_test_utils.h", |
| ] |
| install_path = "/usr/include/chromeos/libhwsec/structures" |
| |
| deps = [ ":signature-sealed-data-flatbuffers-binding-generate" ] |
| } |
| |
| install_config("install_headers_overalls") { |
| sources = [ |
| "overalls/overalls.h", |
| "overalls/overalls_api.h", |
| ] |
| install_path = "/usr/include/chromeos/libhwsec/overalls" |
| } |
| |
| install_config("install_error_h") { |
| sources = [ "error/tpm_error.h" ] |
| install_path = "/usr/include/chromeos/libhwsec/error" |
| } |
| |
| if (use.fuzzer) { |
| executable("libhwsec_tpm1_cmk_migration_parser_fuzzer") { |
| sources = [ "fuzzers/tpm1_cmk_migration_parser_fuzzer.cc" ] |
| libs = [ "hwsec-foundation" ] |
| configs += [ "//common-mk/common_fuzzer" ] |
| pkg_deps = [ |
| "libbrillo", |
| "libchrome", |
| "libchrome-test", |
| "openssl", |
| ] |
| deps = [ |
| ":error_library", |
| ":hardware_abstraction_external_library", |
| ":hardware_abstraction_internal_library", |
| ":overalls_library", |
| ] |
| } |
| |
| executable("libhwsec_tpm2_backend_fuzzer") { |
| sources = [ "fuzzers/tpm2_backend_fuzzer.cc" ] |
| configs += [ |
| ":libhwsec_tpm2_config", |
| ":target_defaults", |
| "//common-mk:test", |
| "//common-mk/common_fuzzer", |
| ] |
| libs = [ "trunks_test" ] |
| deps = [ |
| ":error_library", |
| ":hardware_abstraction_external_library", |
| ":hardware_abstraction_internal_library", |
| ] |
| pkg_deps = [ |
| "libchrome-test", |
| "libcrossystem-test", |
| "libtpm_manager-client-test", |
| ] |
| } |
| } |
| |
| if (use.test) { |
| pkg_config("test_config") { |
| pkg_deps = [ |
| "libchrome-test", |
| "libcrossystem-test", |
| "libtpm_manager-client-test", |
| ] |
| } |
| |
| executable("hwsec_testrunner") { |
| sources = [ |
| "backend/digest_algorithms_test.cc", |
| "error/tpm_error_test.cc", |
| "error/tpm_manager_error_test.cc", |
| "error/tpm_nvram_error_test.cc", |
| "frontend/chaps/frontend_impl_test.cc", |
| "frontend/oobe_config/frontend_impl_test.cc", |
| "middleware/function_name_test.cc", |
| "middleware/metrics_test.cc", |
| "proxy/proxy_for_test.cc", |
| ] |
| configs += [ |
| "//common-mk:test", |
| ":target_defaults", |
| ":test_config", |
| ] |
| run_test = true |
| deps = [ |
| ":hardware_abstraction_internal_library", |
| ":libhwsec", |
| ":libhwsec_test", |
| "//common-mk/testrunner", |
| ] |
| if (use.tpm || use.test) { |
| sources += [ |
| "backend/tpm1/attestation_test.cc", |
| "backend/tpm1/backend_test_base.cc", |
| "backend/tpm1/config_test.cc", |
| "backend/tpm1/da_mitigation_test.cc", |
| "backend/tpm1/deriving_test.cc", |
| "backend/tpm1/encryption_test.cc", |
| "backend/tpm1/key_management_test.cc", |
| "backend/tpm1/pinweaver_test.cc", |
| "backend/tpm1/random_test.cc", |
| "backend/tpm1/recovery_crypto_test.cc", |
| "backend/tpm1/sealing_test.cc", |
| "backend/tpm1/signature_sealing_test.cc", |
| "backend/tpm1/signing_test.cc", |
| "backend/tpm1/state_test.cc", |
| "backend/tpm1/storage_test.cc", |
| "backend/tpm1/tss_helper_test.cc", |
| "backend/tpm1/u2f_test.cc", |
| "backend/tpm1/vendor_test.cc", |
| "error/tpm1_error_test.cc", |
| "overalls/overalls_api_test.cc", |
| "overalls/overalls_singleton_test.cc", |
| ] |
| deps += [ ":overalls_library" ] |
| } |
| if (use.tpm2 || use.test) { |
| sources += [ |
| "backend/tpm2/attestation_test.cc", |
| "backend/tpm2/backend_test_base.cc", |
| "backend/tpm2/config_test.cc", |
| "backend/tpm2/da_mitigation_test.cc", |
| "backend/tpm2/deriving_test.cc", |
| "backend/tpm2/encryption_test.cc", |
| "backend/tpm2/key_management_test.cc", |
| "backend/tpm2/pinweaver_test.cc", |
| "backend/tpm2/random_test.cc", |
| "backend/tpm2/recovery_crypto_test.cc", |
| "backend/tpm2/ro_data_test.cc", |
| "backend/tpm2/sealing_test.cc", |
| "backend/tpm2/session_management_test.cc", |
| "backend/tpm2/signature_sealing_test.cc", |
| "backend/tpm2/signing_test.cc", |
| "backend/tpm2/state_test.cc", |
| "backend/tpm2/storage_test.cc", |
| "backend/tpm2/u2f_test.cc", |
| "backend/tpm2/vendor_test.cc", |
| "backend/tpm2/version_attestation_test.cc", |
| "error/tpm2_error_test.cc", |
| ] |
| libs = [ "trunks_test" ] |
| } |
| } |
| } |