4.7. CMake Options¶
4.7.1. Applet¶
-
Applet¶ The Secure Element Applet
You can compile host library for different Applets listed below. Please note, some of these Applets may be for NXP Internal use only.
-DApplet=None: Compiling without any Applet Support-DApplet=A71CH: A71CH (ECC)-DApplet=SE05X_A: SE050 Type A (ECC)-DApplet=SE05X_B: SE050 Type B (RSA)-DApplet=SE05X_C: SE050 (Super set of A + B)
4.7.2. SE05X_Ver¶
-
SE05X_Ver¶ SE50 Applet version.
03_XX would only enable features of version 03.XX version of applet. But, this would be compatibility would be added for newer versions of the Applet. When 04_XX is selected, it would expose features available in 04_XX at compile time.
-DSE05X_Ver=03_XX: SE050
4.7.3. Host¶
-
Host¶ Host where the software stack is running
e.g. Windows, PC Linux, Embedded Linux, Kinetis like embedded platform
-DHost=Darwin: OS X / Macintosh-DHost=PCLinux32: PC/Laptop Linux with 32bit libraries-DHost=PCLinux64: PC/Laptop Linux with 64bit libraries-DHost=PCWindows: PC/Laptop Windows-DHost=Cygwin: Using Cygwin-DHost=frdmk64f: Embedded Kinetis Freedom K64F-DHost=evkbimxrt1050: Embedded Kinetis i.MX RT 1050-DHost=lpcxpresso55s: Embedded LPCXpresso55s (No demarcation of secure/non-secure world)-DHost=lpcxpresso55s_ns: Non Secure world of LPCXpresso55s-DHost=lpcxpresso55s_s: Secure world of LPCXpresso55s-DHost=iMXLinux: Embedded Linux on i.MX-DHost=Raspbian: Embedded Linux on RaspBerry PI-DHost=Android: Android
4.7.4. SMCOM¶
-
SMCOM¶ Communication Interface
How the host library communicates to the Secure Element. This may be directly over an I2C interface on embedded platform. Or sometimes over Remote protocol like JRCP_V1 / JRCP_V2 / VCOM from PC.
-DSMCOM=None: Not using any Communication layer-DSMCOM=JRCP_V2: Socket Interface New Implementation-DSMCOM=JRCP_V1: Socket Interface Old Implementation.This is the interface used from Host PC when when we run jrcpv1_server from the linux PC.
-DSMCOM=VCOM: Virtual COM Port-DSMCOM=SCI2C: Smart Card I2C for A71CH and A71CH-DSMCOM=T1oI2C: T=1 over I2C for SE050-DSMCOM=PCSC: CCID PC/SC reader interface
4.7.5. HostCrypto¶
-
HostCrypto¶ Counterpart Crypto on Host
What is being used as a cryptographic library on the host. As of now only OpenSSL / mbedTLS is supported
-DHostCrypto=MBEDTLS: Use mbedTLS as host crypto-DHostCrypto=OPENSSL: Use OpenSSL as host crypto-DHostCrypto=User: User Implementation of Host Cryptoe.g. Files at
sss/src/user/cryptohave low level AES/CMAC primitives. The files atsss/src/useruse those primitives. This becomes an example for users with their own AES Implementation This then becomes integration without mbedTLS/OpenSSL for SCP03 / AESKey.Note
ECKey abstraction is not implemented/available yet.
-DHostCrypto=None: NO Host CryptoNote, this is unsecure and only provided for experimentation on platforms that do not have an mbedTLS PORT Many Feature Control have to be disabled to have a valid build.
4.7.6. RTOS¶
-
RTOS¶ Choice of Operating system
Default would mean nothing special. i.e. Without any RTOS on embedded system, or default APIs on PC/Linux
-DRTOS=Default: No specific RTOS. Either bare matal on embedded system or native linux or Windows OS-DRTOS=FreeRTOS: Free RTOS for embedded systems
4.7.7. mbedTLS_ALT¶
-
mbedTLS_ALT¶ ALT Engine implementation for mbedTLS
When set to None, mbedTLS would not use ALT Implementation to connect to / use Secure Element. This needs to be set to SSS for Cloud Demos over SSS APIs
-DmbedTLS_ALT=SSS: Use SSS Layer ALT implementation-DmbedTLS_ALT=A71CH: Legacy implementation-DmbedTLS_ALT=None: Not using any mbedTLS_ALTWhen this is selected, cloud demos can not work with mbedTLS
4.7.8. SCP¶
-
SCP¶ Secure Channel Protocol
In case we enable secure channel to Secure Element, which interface to be used.
-DSCP=None-DSCP=SCP03_SSS: Use SSS Layer for SCP. Used for SE050 family.-DSCP=SCP03_HostCrypto: Use Host Crypto Layer for SCP03. Legacy implementation. Used for older demos of A71CH Family.
4.7.9. SE05X_Auth¶
-
SE05X_Auth¶ SE050 Authentication
This settings is used by examples to connect using various options to authenticate to the Applet.
-DSE05X_Auth=None: Use the default session (i.e. session less) login-DSE05X_Auth=UserID: Do User Authentication with UserID-DSE05X_Auth=PlatfSCP03: Use Platform SCP for connection to SE-DSE05X_Auth=AESKey: Do User Authentication with AES KeyEarlier this was called AppletSCP03
-DSE05X_Auth=ECKey: Do User Authentication with EC KeyEarlier this was called FastSCP
-DSE05X_Auth=UserID_PlatfSCP03: UserID and PlatfSCP03-DSE05X_Auth=AESKey_PlatfSCP03: AESKey and PlatfSCP03-DSE05X_Auth=ECKey_PlatfSCP03: ECKey and PlatfSCP03
4.7.10. A71CH_AUTH¶
-
A71CH_AUTH¶ A71CH Authentication
This settings is used by SSS-API based examples to connect using either plain or authenticated to the A71CH.
-DA71CH_AUTH=None: Plain communication, not authenticated or encrypted-DA71CH_AUTH=SCP03: SCP03 enabled
4.7.11. Log¶
-
Log¶ Logging
-DLog=Default: Default Logging-DLog=Verbose: Very Verbose logging-DLog=Silent: Totally silent logging
4.7.12. CMAKE_BUILD_TYPE¶
-
CMAKE_BUILD_TYPE¶ See https://cmake.org/cmake/help/latest/variable/CMAKE_BUILD_TYPE.html
For embedded builds, this choices sets optimization levels. For MSVC builds, build type is selected from IDE As well
-DCMAKE_BUILD_TYPE=Debug: For developer-DCMAKE_BUILD_TYPE=Release: Optimization enabled and debug symbols removed-DCMAKE_BUILD_TYPE=RelWithDebInfo: Optimization enabled but with debug symbols-DCMAKE_BUILD_TYPE=: Empty Allowed
4.7.13. Feature Control¶
Using these options, you can enable/disable individual features.
-
SSSFTR_SE05X_AES¶ SE05X Secure Element : Symmetric AES
-
SSSFTR_SE05X_ECC¶ SE05X Secure Element : Elliptic Curve Cryptography
-
SSSFTR_SE05X_RSA¶ SE05X Secure Element : RSA
-
SSSFTR_SE05X_KEY_SET¶ SE05X Secure Element : KEY operations : SET Key
-
SSSFTR_SE05X_KEY_GET¶ SE05X Secure Element : KEY operations : GET Key
-
SSSFTR_SE05X_AuthECKey¶ SE05X Secure Element : Authenticate via ECKey
-
SSSFTR_SE05X_AuthSession¶ SE05X Secure Element : Allow creation of user/authenticated session.
If the intended deployment only uses Platform SCP Or it is a pure session less integration, this can save some code size.
-
SSSFTR_SE05X_CREATE_DELETE_CRYPTOOBJ¶ SE05X Secure Element : Allow creation/deletion of Crypto Objects
If disabled, new Crytpo Objects are neither created and old/existing Crypto Objects are not deleted. It is assumed that during provisioning phase, the required Crypto Objects are pre-created or they are never going to be needed.
-
SSSFTR_SW_AES¶ Software : Symmetric AES
-
SSSFTR_SW_ECC¶ Software : Elliptic Curve Cryptography
-
SSSFTR_SW_RSA¶ Software : RSA
-
SSSFTR_SW_KEY_SET¶ Software : KEY operations : SET Key
-
SSSFTR_SW_KEY_GET¶ Software : KEY operations : GET Key
-
SSSFTR_SW_TESTCOUNTERPART¶ Software : Used as a test counterpart
e.g. Major part of the mebdTLS SSS layer is purely used for testing of Secure Element implementation, and can be avoided fully during many production scenarios.
4.7.14. Deprecated Defines¶
Keept and for time being for backwards compatibility. They will be removed in some future release.
WithApplet_SE05Xis renamed toSSS_HAVE_APPLET_SE05X_IOTWithApplet_SE050_Ais renamed toSSS_HAVE_APPLET_SE05X_AWithApplet_SE050_Bis renamed toSSS_HAVE_APPLET_SE05X_BWithApplet_SE050_Cis renamed toSSS_HAVE_APPLET_SE05X_CSSS_HAVE_SE050_Ais renamed toSSS_HAVE_APPLET_SE05X_ASSS_HAVE_SE050_Bis renamed toSSS_HAVE_APPLET_SE05X_BSSS_HAVE_SE050_Cis renamed toSSS_HAVE_APPLET_SE05X_CSSS_HAVE_SE05Xis renamed toSSS_HAVE_APPLET_SE05X_IOTSSS_HAVE_SEis renamed toSSS_HAVE_APPLETSSS_HAVE_LOOPBACKis renamed toSSS_HAVE_APPLET_LOOPBACKSSS_HAVE_ALTis renamed toSSS_HAVE_MBEDTLS_ALTWithApplet_Noneis renamed toSSS_HAVE_APPLET_NONESSS_HAVE_Noneis renamed toSSS_HAVE_APPLET_NONEWithApplet_A71CHis renamed toSSS_HAVE_APPLET_A71CHSSS_HAVE_A71CHis renamed toSSS_HAVE_APPLET_A71CHWithApplet_A71CLis renamed toSSS_HAVE_APPLET_A71CLSSS_HAVE_A71CLis renamed toSSS_HAVE_APPLET_A71CLWithApplet_A71CH_SIMis renamed toSSS_HAVE_APPLET_A71CH_SIMSSS_HAVE_A71CH_SIMis renamed toSSS_HAVE_APPLET_A71CH_SIMWithApplet_SE05X_Ais renamed toSSS_HAVE_APPLET_SE05X_ASSS_HAVE_SE05X_Ais renamed toSSS_HAVE_APPLET_SE05X_AWithApplet_SE05X_Bis renamed toSSS_HAVE_APPLET_SE05X_BSSS_HAVE_SE05X_Bis renamed toSSS_HAVE_APPLET_SE05X_BWithApplet_SE05X_Cis renamed toSSS_HAVE_APPLET_SE05X_CSSS_HAVE_SE05X_Cis renamed toSSS_HAVE_APPLET_SE05X_CWithApplet_SE05X_Lis renamed toSSS_HAVE_APPLET_SE05X_LSSS_HAVE_SE05X_Lis renamed toSSS_HAVE_APPLET_SE05X_LWithApplet_LoopBackis renamed toSSS_HAVE_APPLET_LOOPBACKSSS_HAVE_LoopBackis renamed toSSS_HAVE_APPLET_LOOPBACKSSS_HAVE_MBEDTLSis renamed toSSS_HAVE_HOSTCRYPTO_MBEDTLSSSS_HAVE_MBEDCRYPTOis renamed toSSS_HAVE_HOSTCRYPTO_MBEDCRYPTOSSS_HAVE_OPENSSLis renamed toSSS_HAVE_HOSTCRYPTO_OPENSSLSSS_HAVE_USERis renamed toSSS_HAVE_HOSTCRYPTO_USERSSS_HAVE_NONEis renamed toSSS_HAVE_HOSTCRYPTO_NONESSS_HAVE_ALT_SSSis renamed toSSS_HAVE_MBEDTLS_ALT_SSSSSS_HAVE_ALT_A71CHis renamed toSSS_HAVE_MBEDTLS_ALT_A71CHSSS_HAVE_ALT_NONEis renamed toSSS_HAVE_MBEDTLS_ALT_NONESSS_HAVE_SE05X_Auth_Noneis renamed toSSS_HAVE_SE05X_AUTH_NONESSS_HAVE_SE05X_Auth_UserIDis renamed toSSS_HAVE_SE05X_AUTH_USERIDSSS_HAVE_SE05X_Auth_PlatfSCP03is renamed toSSS_HAVE_SE05X_AUTH_PLATFSCP03SSS_HAVE_SE05X_Auth_AESKeyis renamed toSSS_HAVE_SE05X_AUTH_AESKEYSSS_HAVE_SE05X_Auth_ECKeyis renamed toSSS_HAVE_SE05X_AUTH_ECKEYSSS_HAVE_SE05X_Auth_UserID_PlatfSCP03is renamed toSSS_HAVE_SE05X_AUTH_USERID_PLATFSCP03SSS_HAVE_SE05X_Auth_AESKey_PlatfSCP03is renamed toSSS_HAVE_SE05X_AUTH_AESKEY_PLATFSCP03SSS_HAVE_SE05X_Auth_ECKey_PlatfSCP03is renamed toSSS_HAVE_SE05X_AUTH_ECKEY_PLATFSCP03
-
WithNXPNFCRdLib¶ Compile in NXP NFC RdLib support
Default is OFF
Use NXP NFC RdLib. This is used mainly for RC663 + SAM Use Cases. Package available under NDA is needed to use this feature
-
WithOPCUA_open62541¶ Compile With open62541 Support
Default is OFF
Compile with OPC UA. By default it is disabled from compilation.
Create and use shared libraries
Default is OFF
Create shared libraries. Applicable for Engine DLL and other use cases.
4.7.15. NXP Internal Options¶
These options are not supported outside NXP.
-
NXPInternal¶ NXP Internal
Default is OFF. (ON only within NXP)
Note
For deliveries outside NXP, this option is disabled.
-
WithCodeCoverage¶ Compile with Code Coverage
Default is OFF
4.7.16. Other Variables¶
-
WithExtCustomerCode¶ Include code from ../customer
Default is OFF
Include code from external folder. This way, experimental code can be included in build from outside the simw-top repository.
-
SIMW_INSTALL_INC_DIR¶ Location where library header files are installed for linux based targets. (Used for iMX Linux)
Default location is
</usr/local/>include/se05x
Location where miscellaneous scripts get copiled for linux based targets. (Used for iMX Linux)
e.g.
cmake_options.makwhich has current cmake build settings.Default location is
</usr/local/>share/se05x
