mirror of
https://gitee.com/openharmony/security_huks
synced 2024-11-23 14:50:06 +00:00
667cbdc2d5
Signed-off-by: tangboyi <tangboyi1@huawei.com> Change-Id: I22e6403b448f958a2ceb43e18d88328a20a248eb Signed-off-by: tangboyi <tangboyi1@huawei.com>
109 lines
3.3 KiB
Plaintext
Executable File
109 lines
3.3 KiB
Plaintext
Executable File
#
|
|
# Copyright (c) 2020 Huawei Device Co., Ltd.
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
declare_args() {
|
|
# whether use huks
|
|
huks_enabled = true
|
|
|
|
# for HUKS can compile on liteos_m
|
|
disable_huks_binary = false
|
|
|
|
# cut abilities for authentication
|
|
disable_authenticate = false
|
|
|
|
# if HUKS use mbedtls engine
|
|
huks_use_mbedtls = true
|
|
|
|
# whether use lite storeage
|
|
huks_use_lite_storage = false
|
|
|
|
# whether use hardware root key for better security
|
|
huks_use_hardware_root_key = false
|
|
|
|
# whether use hks config file
|
|
huks_config_file = ""
|
|
|
|
# config hks key store path in mini or lite system
|
|
huks_key_store_path = "/storage/"
|
|
|
|
# config hks key store path in standard system
|
|
huks_key_store_standard_path = "/data/service/el1/public/huks_service"
|
|
|
|
# whether huks enable log
|
|
huks_enable_log = false
|
|
|
|
# specify the path of MbedTls huks depends on
|
|
huks_dependency_mbedtls_path = ""
|
|
|
|
# specify the path of OpenSSL huks depends on
|
|
huks_dependency_openssl_path = ""
|
|
|
|
# specify the uid white list for change key owner
|
|
huks_uid_trust_list_define = "{}"
|
|
|
|
# whether enable key file auto-upgrade
|
|
huks_enable_upgrade_key = true
|
|
|
|
# whether enable upgrade key file for l1 sdk to l1 service, default as false
|
|
huks_enable_upgrade_small_to_service = false
|
|
|
|
# whether enable upgrade root key component from V1 to V2, default as true
|
|
huks_enable_upgrade_rkc_v1tov2 = true
|
|
|
|
# whether enable upgrade key derivation algorithm
|
|
huks_enable_upgrade_derive_key_alg = true
|
|
|
|
# default security level supported by huks is software
|
|
huks_security_level = "software"
|
|
|
|
# default tdd running environment do not change this config in your device
|
|
huks_test_suite_running_environment = "system"
|
|
|
|
# config lite hap key store path in mini or lite system
|
|
huks_lite_hap_store_path = "user/ace/data"
|
|
|
|
# whether use rkc in standard system
|
|
huks_use_rkc_in_standard = false
|
|
|
|
# config rkc store path in standard system
|
|
huks_use_rkc_in_standard_path = "data/data/huks_service"
|
|
|
|
# config is qemu risc-v mini system
|
|
huks_qemu_enabled = false
|
|
|
|
# whether enable upgrade key storage secure level
|
|
huks_enable_upgrade_key_storage_secure_level = true
|
|
|
|
# sa upgrade config, organized as {uid, needDe, needFrontUser}
|
|
huks_sa_upgrade_config = "{}"
|
|
|
|
# hap upgrade config, organized as {hapName, needDe, needFrontUser}
|
|
huks_hap_upgrade_config = "{}"
|
|
|
|
# whether enable skip upgrade key storage secure level
|
|
huks_enable_skip_upgrade_key_storage_secure_level = true
|
|
|
|
# sa temporary skip upgrade config
|
|
huks_sa_skip_upgrade_config = "{ 0, 3333 }"
|
|
|
|
# hap temporary skip upgrade config
|
|
huks_hap_skip_upgrade_config = "{}"
|
|
|
|
# whether enable huks hdi in system in standard
|
|
huks_enable_hdi_in_standard = true
|
|
|
|
# trusted list for change storage level
|
|
huks_change_storage_level_config = "{ 0, 3333 }"
|
|
}
|