From 719d4a8bde829927f5cfd8761d9f5f5527bb8bdb Mon Sep 17 00:00:00 2001 From: David Drysdale Date: Mon, 5 Dec 2022 10:24:51 +0000 Subject: [PATCH] Allow selection of Trusty KeyMint HAL implementation By default, the existing C++ implementation of KeyMint will continue to be used. However, this can be overridden at build time to force use of the Rust implementation by setting export TRUSTY_KEYMINT_IMPL=rust Note that this requires a concomitant change to the bootloader prebuilts that include the Trusty prebuilts, to include the corresponding Rust version of the KeyMint TA. Bug: 197891150 Bug: 225036046 Test: VtsAidlKeyMintTargetTest Change-Id: I05b4b7d49cea0ac1c10b3a2e8fa5c49374aa1675 --- trusty/trusty-base.mk | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/trusty/trusty-base.mk b/trusty/trusty-base.mk index 06097091d..7b4aa2633 100644 --- a/trusty/trusty-base.mk +++ b/trusty/trusty-base.mk @@ -22,8 +22,21 @@ # For gatekeeper, we include the generic -service and -impl to use legacy # HAL loading of gatekeeper.trusty. +# Allow the KeyMint HAL service implementation to be selected at build time. This needs to be +# done in sync with the TA implementation included in Trusty. Possible values are: +# +# - Rust implementation: export TRUSTY_KEYMINT_IMPL=rust +# - C++ implementation: (any other value of TRUSTY_KEYMINT_IMPL) + +ifeq ($(TRUSTY_KEYMINT_IMPL),rust) + LOCAL_KEYMINT_PRODUCT_PACKAGE := android.hardware.security.keymint-service.rust.trusty +else + # Default to the C++ implementation + LOCAL_KEYMINT_PRODUCT_PACKAGE := android.hardware.security.keymint-service.trusty +endif + PRODUCT_PACKAGES += \ - android.hardware.security.keymint-service.trusty \ + $(LOCAL_KEYMINT_PRODUCT_PACKAGE) \ android.hardware.gatekeeper@1.0-service.trusty \ trusty_apploader \ RemoteProvisioner