1# 2# Copyright (c) 2020 Huawei Device Co., Ltd. 3# Licensed under the Apache License, Version 2.0 (the "License"); 4# you may not use this file except in compliance with the License. 5# You may obtain a copy of the License at 6# 7# http://www.apache.org/licenses/LICENSE-2.0 8# 9# Unless required by applicable law or agreed to in writing, software 10# distributed under the License is distributed on an "AS IS" BASIS, 11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12# See the License for the specific language governing permissions and 13# limitations under the License. 14 15declare_args() { 16 # whether use huks 17 huks_enabled = true 18 19 # for HUKS can compile on liteos_m 20 disable_huks_binary = false 21 22 # cut abilities for authentication 23 disable_authenticate = false 24 25 # if HUKS use mbedtls engine 26 huks_use_mbedtls = true 27 28 # whether use lite storeage 29 huks_use_lite_storage = false 30 31 # whether use hardware root key for better security 32 huks_use_hardware_root_key = false 33 34 # whether use hks config file 35 huks_config_file = "" 36 37 # config hks key store path in mini or lite system 38 huks_key_store_path = "/storage/" 39 40 # config hks key store path in standard system 41 huks_key_store_standard_path = "/data/service/el1/public/huks_service" 42 43 # whether huks enable log 44 huks_enable_log = false 45 46 # specify the path of MbedTls huks depends on 47 huks_dependency_mbedtls_path = "" 48 49 # specify the path of OpenSSL huks depends on 50 huks_dependency_openssl_path = "" 51 52 # specify the uid white list for change key owner 53 huks_uid_trust_list_define = "{}" 54 55 # whether enable key file auto-upgrade 56 huks_enable_upgrade_key = true 57 58 # whether enable upgrade key file for l1 sdk to l1 service, default as false 59 huks_enable_upgrade_small_to_service = false 60 61 # whether enable upgrade root key component from V1 to V2, default as true 62 huks_enable_upgrade_rkc_v1tov2 = true 63 64 # whether enable upgrade key derivation algorithm 65 huks_enable_upgrade_derive_key_alg = true 66 67 # default security level supported by huks is software 68 huks_security_level = "software" 69 70 # default tdd running environment do not change this config in your device 71 huks_test_suite_running_environment = "system" 72 73 # config lite hap key store path in mini or lite system 74 huks_lite_hap_store_path = "user/ace/data" 75 76 # whether use rkc in standard system 77 huks_use_rkc_in_standard = false 78 79 # config rkc store path in standard system 80 huks_use_rkc_in_standard_path = "data/data/huks_service" 81 82 # config is qemu risc-v mini system 83 huks_qemu_enabled = false 84 85 # whether enable upgrade key storage secure level 86 huks_enable_upgrade_key_storage_secure_level = true 87 88 # sa upgrade config, organized as {uid, needDe, needFrontUser} 89 huks_sa_upgrade_config = "{ { 3074, true, false }, { 3515, true, false }, { 3058, true, false }, { 6666, true, false }, { 1002, true, false }, { 3012, true, false }, { 1042, true, false }, { 1010, true, false }, { 5522, true, false }, { 6226, true, false } }" 90 91 # hap upgrade config, organized as {hapName, needDe, needFrontUser} 92 huks_hap_upgrade_config = "{}" 93 94 # whether enable skip upgrade key storage secure level 95 huks_enable_skip_upgrade_key_storage_secure_level = true 96 97 # sa temporary skip upgrade config 98 huks_sa_skip_upgrade_config = 99 "{ 0, 3553, 3333, 3046, 3520, 7008, 1027, 1024 }" 100 101 # hap temporary skip upgrade config 102 huks_hap_skip_upgrade_config = "{}" 103 104 # whether enable huks hdi in system in standard 105 huks_enable_hdi_in_standard = true 106 107 # trusted list for change storage level 108 huks_change_storage_level_config = "{ 0, 3333 }" 109} 110