4.7. CMake Options¶
4.7.1. PTMW_Applet¶
-
PTMW_Applet
¶
The Secure Element Applet
You can compile host library for different Applets listed below. Please note, some of these Applets may be for NXP Internal use only.
-DPTMW_Applet=None
: Compiling without any Applet Support-DPTMW_Applet=A71CH
: A71CH (ECC)-DPTMW_Applet=SE05X_A
: SE050 Type A (ECC)-DPTMW_Applet=SE05X_B
: SE050 Type B (RSA)-DPTMW_Applet=SE05X_C
: SE050 (Super set of A + B)-DPTMW_Applet=SE051_H
: SE051 with SPAKE Support-DPTMW_Applet=AUTH
: AUTH-DPTMW_Applet=SE050_E
: SE050E
4.7.2. PTMW_SE05X_Ver¶
-
PTMW_SE05X_Ver
¶
SE05X Applet version.
Selection of Applet version 03_XX enables SE050 features. Selection of Applet version 06_00 enables SE051 features.
-DPTMW_SE05X_Ver=03_XX
: SE050-DPTMW_SE05X_Ver=06_00
: SE051-DPTMW_SE05X_Ver=07_02
: SE051
4.7.3. PTMW_Host¶
-
PTMW_Host
¶
Host where the software stack is running
e.g. Windows, PC Linux, Embedded Linux, Kinetis like embedded platform
-DPTMW_Host=Darwin
: OS X / Macintosh-DPTMW_Host=PCLinux32
: PC/Laptop Linux with 32bit libraries-DPTMW_Host=PCLinux64
: PC/Laptop Linux with 64bit libraries-DPTMW_Host=PCWindows
: PC/Laptop Windows-DPTMW_Host=Cygwin
: Using Cygwin-DPTMW_Host=frdmk64f
: Embedded Kinetis Freedom K64F-DPTMW_Host=evkmimxrt1060
: Embedded Kinetis i.MX RT 1060-DPTMW_Host=evkmimxrt1170
: Embedded Kinetis i.MX RT1170-DPTMW_Host=lpcxpresso55s
: Embedded LPCXpresso55s (No demarcation of secure/non-secure world)-DPTMW_Host=lpcxpresso55s_ns
: Non Secure world of LPCXpresso55s-DPTMW_Host=lpcxpresso55s_s
: Secure world of LPCXpresso55s-DPTMW_Host=iMXLinux
: Embedded Linux on i.MX-DPTMW_Host=Raspbian
: Embedded Linux on RaspBerry PI-DPTMW_Host=Android
: Android
4.7.4. PTMW_SMCOM¶
-
PTMW_SMCOM
¶
Communication Interface
How the host library communicates to the Secure Element. This may be directly over an I2C interface on embedded platform. Or sometimes over Remote protocol like JRCP_V1 / JRCP_V1_AM / JRCP_V2 / VCOM from PC.
-DPTMW_SMCOM=None
: Not using any Communication layer-DPTMW_SMCOM=JRCP_V2
: Socket Interface New Implementation-DPTMW_SMCOM=JRCP_V1
: Socket Interface Old Implementation.This is the interface used from Host PC when when we run jrcpv1_server from the linux PC.
-DPTMW_SMCOM=JRCP_V1_AM
: JRCP_V1 extended with Access manager features-DPTMW_SMCOM=VCOM
: Virtual COM Port-DPTMW_SMCOM=SCI2C
: Smart Card I2C for A71CH and A71CH-DPTMW_SMCOM=T1oI2C
: T=1 over I2C for SE050-DPTMW_SMCOM=PCSC
: CCID PC/SC reader interface
4.7.5. PTMW_HostCrypto¶
-
PTMW_HostCrypto
¶
Counterpart Crypto on Host
What is being used as a cryptographic library on the host. As of now only OpenSSL / mbedTLS is supported
-DPTMW_HostCrypto=MBEDTLS
: Use mbedTLS as host crypto-DPTMW_HostCrypto=OPENSSL
: Use OpenSSL as host crypto-DPTMW_HostCrypto=User
: User Implementation of Host Cryptoe.g. Files at
sss/src/user/crypto
have low level AES/CMAC primitives. The files atsss/src/user
use those primitives. This becomes an example for users with their own AES Implementation This then becomes integration without mbedTLS/OpenSSL for SCP03 / AESKey.Note
ECKey abstraction is not implemented/available yet.
-DPTMW_HostCrypto=None
: NO Host CryptoNote, this is unsecure and only provided for experimentation on platforms that do not have an mbedTLS PORT Many Feature Control have to be disabled to have a valid build.
4.7.6. PTMW_RTOS¶
-
PTMW_RTOS
¶
Choice of Operating system
Default would mean nothing special. i.e. Without any RTOS on embedded system, or default APIs on PC/Linux
-DPTMW_RTOS=Default
: No specific RTOS. Either bare matal on embedded system or native linux or Windows OS-DPTMW_RTOS=FreeRTOS
: Free RTOS for embedded systems
4.7.7. PTMW_mbedTLS_ALT¶
-
PTMW_mbedTLS_ALT
¶
ALT Engine implementation for mbedTLS
When set to None, mbedTLS would not use ALT Implementation to connect to / use Secure Element. This needs to be set to SSS for Cloud Demos over SSS APIs
-DPTMW_mbedTLS_ALT=SSS
: Use SSS Layer ALT implementation-DPTMW_mbedTLS_ALT=A71CH
: Legacy implementation-DPTMW_mbedTLS_ALT=PSA
: Enable TF-M based on PSA as ALT-DPTMW_mbedTLS_ALT=None
: Not using any mbedTLS_ALTWhen this is selected, cloud demos can not work with mbedTLS
4.7.8. PTMW_SCP¶
-
PTMW_SCP
¶
Secure Channel Protocol
In case we enable secure channel to Secure Element, which interface to be used.
-DPTMW_SCP=None
-DPTMW_SCP=SCP03_SSS
: Use SSS Layer for SCP. Used for SE050 family.-DPTMW_SCP=SCP03_HostCrypto
: Use Host Crypto Layer for SCP03. Legacy implementation. Used for older demos of A71CH Family.
4.7.9. PTMW_FIPS¶
-
PTMW_FIPS
¶
Enable or disable FIPS
This selection mostly impacts tests, and generally not the actual Middleware
-DPTMW_FIPS=None
: NO FIPS-DPTMW_FIPS=SE050
: SE050 IC FIPS
4.7.10. PTMW_SBL¶
-
PTMW_SBL
¶
Enable/Disable SBL Bootable support
This option is to enable/disable boot from SBL by switching linker address
-DPTMW_SBL=None
: Not SBL bootable-DPTMW_SBL=SBL_LPC55S
: SE050 based LPC55S SBL bootable
4.7.11. PTMW_SE05X_Auth¶
-
PTMW_SE05X_Auth
¶
SE050 Authentication
This settings is used by examples to connect using various options to authenticate with the Applet. The SE05X_Auth options can be changed for KSDK Demos and Examples. To change SE05X_Auth option follow below steps. Set flag
SSS_HAVE_SCP_SCP03_SSS
to 1 and Reset flagSSS_HAVE_SCP_NONE
to 0. To change SE05X_Auth option other thanNone
andPlatfSCP03
, execute se05x_Delete_and_test_provision.exe in order to provision the Authentication Key. To change SE05X_Auth option toECKey
orECKey_PlatfSCP03
, Set additional flagSSS_HAVE_HOSTCRYPTO_ANY
to 1.-DPTMW_SE05X_Auth=None
: Use the default session (i.e. session less) login-DPTMW_SE05X_Auth=UserID
: Do User Authentication with UserID-DPTMW_SE05X_Auth=PlatfSCP03
: Use Platform SCP for connection to SE-DPTMW_SE05X_Auth=AESKey
: Do User Authentication with AES KeyEarlier this was called AppletSCP03
-DPTMW_SE05X_Auth=ECKey
: Do User Authentication with EC KeyEarlier this was called FastSCP
-DPTMW_SE05X_Auth=UserID_PlatfSCP03
: UserID and PlatfSCP03-DPTMW_SE05X_Auth=AESKey_PlatfSCP03
: AESKey and PlatfSCP03-DPTMW_SE05X_Auth=ECKey_PlatfSCP03
: ECKey and PlatfSCP03
4.7.12. PTMW_A71CH_AUTH¶
-
PTMW_A71CH_AUTH
¶
A71CH Authentication
This settings is used by SSS-API based examples to connect using either plain or authenticated to the A71CH.
-DPTMW_A71CH_AUTH=None
: Plain communication, not authenticated or encrypted-DPTMW_A71CH_AUTH=SCP03
: SCP03 enabled
4.7.13. PTMW_Log¶
-
PTMW_Log
¶
Logging
-DPTMW_Log=Default
: Default Logging-DPTMW_Log=Verbose
: Very Verbose logging-DPTMW_Log=Silent
: Totally silent logging
4.7.14. CMAKE_BUILD_TYPE¶
-
CMAKE_BUILD_TYPE
¶
See https://cmake.org/cmake/help/latest/variable/CMAKE_BUILD_TYPE.html
For embedded builds, this choices sets optimization levels. For MSVC builds, build type is selected from IDE As well
-DCMAKE_BUILD_TYPE=Debug
: For developer-DCMAKE_BUILD_TYPE=Release
: Optimization enabled and debug symbols removed-DCMAKE_BUILD_TYPE=RelWithDebInfo
: Optimization enabled but with debug symbols-DCMAKE_BUILD_TYPE=
: Empty Allowed
4.7.15. Feature Control¶
Using these options, you can enable/disable individual features.
See Section 3.8.4 Using feature file to reduce code size for details on it’s usage and relevance.
-
SSSFTR_SE05X_AES
¶
SE05X Secure Element : Symmetric AES
-
SSSFTR_SE05X_ECC
¶
SE05X Secure Element : Elliptic Curve Cryptography
-
SSSFTR_SE05X_RSA
¶
SE05X Secure Element : RSA
-
SSSFTR_SE05X_KEY_SET
¶
SE05X Secure Element : KEY operations : SET Key
-
SSSFTR_SE05X_KEY_GET
¶
SE05X Secure Element : KEY operations : GET Key
-
SSSFTR_SE05X_AuthECKey
¶
SE05X Secure Element : Authenticate via ECKey
-
SSSFTR_SE05X_AuthSession
¶
SE05X Secure Element : Allow creation of user/authenticated session.
If the intended deployment only uses Platform SCP Or it is a pure session less integration, this can save some code size.
-
SSSFTR_SE05X_CREATE_DELETE_CRYPTOOBJ
¶
SE05X Secure Element : Allow creation/deletion of Crypto Objects
If disabled, new Crytpo Objects are neither created and old/existing Crypto Objects are not deleted. It is assumed that during provisioning phase, the required Crypto Objects are pre-created or they are never going to be needed.
-
SSSFTR_SW_AES
¶
Software : Symmetric AES
-
SSSFTR_SW_ECC
¶
Software : Elliptic Curve Cryptography
-
SSSFTR_SW_RSA
¶
Software : RSA
-
SSSFTR_SW_KEY_SET
¶
Software : KEY operations : SET Key
-
SSSFTR_SW_KEY_GET
¶
Software : KEY operations : GET Key
-
SSSFTR_SW_TESTCOUNTERPART
¶
Software : Used as a test counterpart
e.g. Major part of the mebdTLS SSS layer is purely used for testing of Secure Element implementation, and can be avoided fully during many production scenarios.
4.7.16. Deprecated Defines¶
Keept and for time being for backwards compatibility. They will be removed in some future release.
-
WithNXPNFCRdLib
¶
Compile in NXP NFC RdLib support
Default is OFF
Use NXP NFC RdLib. This is used mainly for RC663 + SAM Use Cases. Package available under NDA is needed to use this feature
-
WithOPCUA_open62541
¶
Compile With open62541 Support
Default is OFF
Compile with OPC UA. By default it is disabled from compilation.
Create and use shared libraries
Default is OFF
Create shared libraries. Applicable for Engine DLL and other use cases.
-
WithAccessMgr_UnixSocket
¶
Compile Access Manager with UNIX socket support (Default is STREAM sockets).
Default is OFF
Compile Access Manager with unix socket support.
4.7.17. NXP Internal Options¶
These options are not supported outside NXP.
-
NXPInternal
¶
NXP Internal
Default is OFF. (ON only within NXP)
Note
For deliveries outside NXP, this option is disabled.
-
WithCodeCoverage
¶
Compile with Code Coverage
Default is OFF
4.7.18. Other Variables¶
-
WithExtCustomerTPMCode
¶
Include code from ../customer/tpm2
Default is OFF
Include code from external tpm2 folder. This way, TPM code can be included in build from outside the simw-top repository.
-
SIMW_INSTALL_INC_DIR
¶
Location where library header files are installed for linux based targets. (Used for iMX Linux)
Default location is
</usr/local/>include/se05x
Location where miscellaneous scripts get copiled for linux based targets. (Used for iMX Linux)
e.g.
cmake_options.mak
which has current cmake build settings.Default location is
</usr/local/>share/se05x