optimize TA/driver Android build

1) Modify "Android.mk" of TA to remove dependence on Makefile
2) Add "aosp_optee.mk" in tdk to compile TA
3) Add "TARGET_ENABLE_TA_ENCRYPT" macro to encrypt TA
4) Modify "Android.mk" of linuxdriver

Change-Id: I6f072f915c9d18ed00a5db21255bb3f022426f38

19 files changed, 259 insertions, 854 deletions

diff --git a/aosp_optee.mk b/aosp_optee.mk
new file mode 100644
index 0000000..b75d528
--- a/dev/null
+++ b/aosp_optee.mk
@@ -0,0 +1,68 @@
+##########################################################
+## Lines for building TAs automatically                 ##
+## will only be included in Android.mk for TAs          ##
+## local_module:
+## local_module_ta_name:
+##     need to be defined before include for this       ##
+##########################################################
+
+OPTEE_CROSS_COMPILE := arm-linux-gnueabihf-
+CROSS_COMPILE_LINE := CROSS_COMPILE=$(OPTEE_CROSS_COMPILE)
+OPTEE_TA_OUT_DIR ?= $(PRODUCT_OUT)/optee/ta
+
+TOP_ROOT_ABS := $(realpath $(TOP))
+TA_DEV_KIT_DIR := vendor/amlogic/tdk/ta_export
+
+ifeq ($(TARGET_ENABLE_TA_SIGN), true)
+TDK_PATH := $(TOP_ROOT_ABS)/vendor/amlogic/tdk
+TA_SIGN_AUTO_TOOL := $(TDK_PATH)/ta_export/scripts/sign_ta_auto.py
+endif
+
+include $(CLEAR_VARS)
+local_module_path ?= $(TARGET_OUT)/lib/optee_armtz
+LOCAL_MODULE := $(local_module)
+LOCAL_PREBUILT_MODULE_FILE := $(OPTEE_TA_OUT_DIR)/$(LOCAL_MODULE)
+LOCAL_MODULE_PATH := $(local_module_path)
+LOCAL_MODULE_CLASS := EXECUTABLES
+LOCAL_MODULE_TAGS := optional
+
+TA_TMP_DIR := $(subst /,_,$(LOCAL_PATH))
+TA_TMP_FILE := $(OPTEE_TA_OUT_DIR)/$(TA_TMP_DIR)/$(LOCAL_MODULE)
+
+$(LOCAL_PREBUILT_MODULE_FILE): $(TA_TMP_FILE)
+	@mkdir -p $(dir $@)
+ifeq ($(TARGET_ENABLE_TA_SIGN), true)
+ifeq ($(TARGET_ENABLE_TA_ENCRYPT), true)
+	$(TA_SIGN_AUTO_TOOL) --in=$< --out=$@ --encrypt=1
+else
+	$(TA_SIGN_AUTO_TOOL) --in=$< --out=$@ --encrypt=0
+endif
+else #else ifeq ($(TARGET_ENABLE_TA_SIGN), true)
+	cp -uvf $< $@
+endif
+
+$(TA_TMP_FILE): PRIVATE_TA_SRC_DIR := $(LOCAL_PATH)
+$(TA_TMP_FILE): PRIVATE_TA_TMP_FILE := $(TA_TMP_FILE)
+$(TA_TMP_FILE): PRIVATE_TA_TMP_DIR := $(TA_TMP_DIR)
+$(TA_TMP_FILE): FORCE
+	@echo "Start building TA for $(PRIVATE_TA_SRC_DIR) $(PRIVATE_TA_TMP_FILE)..."
+	$(MAKE) -C $(TOP_ROOT_ABS)/$(PRIVATE_TA_SRC_DIR) O=$(TOP_ROOT_ABS)/$(OPTEE_TA_OUT_DIR)/$(PRIVATE_TA_TMP_DIR) \
+		TA_DEV_KIT_DIR=$(TOP_ROOT_ABS)/$(TA_DEV_KIT_DIR) \
+		$(CROSS_COMPILE_LINE)
+	@echo "Finished building TA for $(PRIVATE_TA_SRC_DIR) $(PRIVATE_TA_TMP_FILE)..."
+
+FORCE:
+
+include $(BUILD_PREBUILT)
+
+include $(CLEAR_VARS)
+LOCAL_MODULE := $(local_module_ta_name)
+LOCAL_MODULE_TAGS := optional
+LOCAL_MODULE_CLASS := SHARED_LIBRARIES
+
+LOCAL_REQUIRED_MODULES := $(local_module)
+
+include $(BUILD_PHONY_PACKAGE)
+
+local_module_ta_name :=
+
diff --git a/demos/hello_world/ta/Android.mk b/demos/hello_world/ta/Android.mk
index 316d57a..6fa7c49 100644
--- a/demos/hello_world/ta/Android.mk
+++ b/demos/hello_world/ta/Android.mk
@@ -1,55 +1,9 @@
-LOCAL_PATH:= $(call my-dir)
-TDK_PATH:=../../../
-TA_BINARY=8aaaf200-2450-11e4-abe2-0002a5d5c51b
-TA_CROSS_COMPILE=arm-linux-gnueabihf-
-TA_EXPORT_DIR := out/target/product/$(TARGET_BOOTLOADER_BOARD_NAME)/system/lib/teetz
-OUTPUT_DIR = ../out/ta
-
-include $(CLEAR_VARS)
-
-$(info $(shell make CROSS_COMPILE=$(TA_CROSS_COMPILE) -C $(LOCAL_PATH) O=$(OUTPUT_DIR) TDK_DIR=$(TDK_PATH)))
-
-$(info $(shell if [ ! -e $(TA_EXPORT_DIR) ]; then mkdir -p $(TA_EXPORT_DIR); fi))
-
-ta_file := $(OUTPUT_DIR)/$(TA_BINARY).ta
-
-ifeq ($(TARGET_ENABLE_TA_SIGN), true)
-$(info $(shell $(TA_GEN_CERT_TOOL) --root_rsa_key=$(TA_ROOT_PRIV_KEY) \
-		--ta_rsa_key=$(TA_USER_PUB_KEY) \
-		--uuid=$(TA_BINARY) \
-		--ta_rsa_key_sig=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_rsa_key.sig \
-		--root_aes_key=$(TA_ROOT_AES_KEY) \
-		--ta_aes_key=$(TA_USER_AES_KEY) \
-		--ta_aes_iv=$(TA_USER_AES_IV) \
-		--ta_aes_key_iv_enc=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_aes_key_enc.bin ))
-$(info $(shell $(TA_SIGN_TOOL) --ta_rsa_key=$(TA_USER_PRIV_KEY) \
-		--ta_rsa_key_sig=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_rsa_key.sig \
-		--ta_aes_key=$(TA_USER_AES_KEY) \
-		--ta_aes_iv=$(TA_USER_AES_IV) \
-		--ta_aes_key_iv_enc=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_aes_key_enc.bin \
-		--in=$(LOCAL_PATH)/$(OUTPUT_DIR)/$(TA_BINARY).ta \
-		--out=$(LOCAL_PATH)/$(OUTPUT_DIR)/$(TA_BINARY).ta ))
-$(info $(shell rm -f $(LOCAL_PATH)/$(OUTPUT_DIR)/ta_rsa_key.sig ))
-$(info $(shell rm -f $(LOCAL_PATH)/$(OUTPUT_DIR)/ta_aes_key_enc.bin ))
-endif
-
-$(info $(shell mkdir -p $(PRODUCT_OUT)/obj/lib))
-$(info $(shell cp -vf $(LOCAL_PATH)/$(OUTPUT_DIR)/$(TA_BINARY).ta $(PRODUCT_OUT)/obj/lib))
-
-LOCAL_MODULE := $(TA_BINARY)
-LOCAL_SRC_FILES := $(ta_file)
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_CLASS := SHARED_LIBRARIES
-LOCAL_MODULE_SUFFIX := .ta
-LOCAL_MODULE_PATH := $(PRODUCT_OUT)/system/lib/teetz
-LOCAL_STRIP_MODULE := false
-include $(BUILD_PREBUILT)
-
-include $(CLEAR_VARS)
-LOCAL_MODULE := tee_helloworld_ta
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_CLASS := SHARED_LIBRARIES
-
-LOCAL_REQUIRED_MODULES := $(TA_BINARY)
-
-include $(BUILD_PHONY_PACKAGE)
+LOCAL_PATH := $(call my-dir)
+TDK_PATH := $(realpath $(TOP))/vendor/amlogic/tdk
+local_module := 8aaaf200-2450-11e4-abe2-0002a5d5c51b.ta
+# This overrides the path of the output artifact so it won't be
+# included into the system image
+local_module_path := $(PRODUCT_OUT)/system/lib/teetz
+local_module_ta_name := tee_helloworld_ta
+
+include $(TDK_PATH)/aosp_optee.mk
diff --git a/demos/optee_test/ta/aes_perf/Android.mk b/demos/optee_test/ta/aes_perf/Android.mk
index d3c0a21..4aa9fe3 100644
--- a/demos/optee_test/ta/aes_perf/Android.mk
+++ b/demos/optee_test/ta/aes_perf/Android.mk
@@ -1,55 +1,9 @@
-LOCAL_PATH:= $(call my-dir)
-TDK_PATH:=../../../../ta_export
-TA_BINARY=e626662e-c0e2-485c-b8c8-09fbce6edf3d
-TA_CROSS_COMPILE=arm-linux-gnueabihf-
-TA_EXPORT_DIR := out/target/product/$(TARGET_BOOTLOADER_BOARD_NAME)/system/lib/teetz
-OUTPUT_DIR := ../../out/ta/$(notdir $(LOCAL_PATH))
-
-include $(CLEAR_VARS)
-
-$(info $(shell make CROSS_COMPILE=$(TA_CROSS_COMPILE) -C $(LOCAL_PATH) O=$(OUTPUT_DIR) TA_DEV_KIT_DIR=$(TDK_PATH)))
-
-$(info $(shell if [ ! -e $(TA_EXPORT_DIR) ]; then mkdir -p $(TA_EXPORT_DIR); fi))
-
-ta_file := $(OUTPUT_DIR)/$(TA_BINARY).ta
-
-ifeq ($(TARGET_ENABLE_TA_SIGN), true)
-$(info $(shell $(TA_GEN_CERT_TOOL) --root_rsa_key=$(TA_ROOT_PRIV_KEY) \
-		--ta_rsa_key=$(TA_USER_PUB_KEY) \
-		--uuid=$(TA_BINARY) \
-		--ta_rsa_key_sig=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_rsa_key.sig \
-		--root_aes_key=$(TA_ROOT_AES_KEY) \
-		--ta_aes_key=$(TA_USER_AES_KEY) \
-		--ta_aes_iv=$(TA_USER_AES_IV) \
-		--ta_aes_key_iv_enc=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_aes_key_enc.bin ))
-$(info $(shell $(TA_SIGN_TOOL) --ta_rsa_key=$(TA_USER_PRIV_KEY) \
-		--ta_rsa_key_sig=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_rsa_key.sig \
-		--ta_aes_key=$(TA_USER_AES_KEY) \
-		--ta_aes_iv=$(TA_USER_AES_IV) \
-		--ta_aes_key_iv_enc=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_aes_key_enc.bin \
-		--in=$(LOCAL_PATH)/$(OUTPUT_DIR)/$(TA_BINARY).ta \
-		--out=$(LOCAL_PATH)/$(OUTPUT_DIR)/$(TA_BINARY).ta ))
-$(info $(shell rm -f $(LOCAL_PATH)/$(OUTPUT_DIR)/ta_rsa_key.sig ))
-$(info $(shell rm -f $(LOCAL_PATH)/$(OUTPUT_DIR)/ta_aes_key_enc.bin ))
-endif
-
-$(info $(shell mkdir -p $(PRODUCT_OUT)/obj/lib))
-$(info $(shell cp -vf $(LOCAL_PATH)/$(OUTPUT_DIR)/$(TA_BINARY).ta $(PRODUCT_OUT)/obj/lib))
-
-LOCAL_MODULE := $(TA_BINARY)
-LOCAL_SRC_FILES := $(ta_file)
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_CLASS := SHARED_LIBRARIES
-LOCAL_MODULE_SUFFIX := .ta
-LOCAL_MODULE_PATH := $(TA_EXPORT_DIR)
-LOCAL_STRIP_MODULE := false
-include $(BUILD_PREBUILT)
-
-include $(CLEAR_VARS)
-LOCAL_MODULE := tee_aes_perf_ta
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_CLASS := SHARED_LIBRARIES
-
-LOCAL_REQUIRED_MODULES := $(TA_BINARY)
-
-include $(BUILD_PHONY_PACKAGE)
+LOCAL_PATH := $(call my-dir)
+TDK_PATH := $(realpath $(TOP))/vendor/amlogic/tdk
+local_module := e626662e-c0e2-485c-b8c8-09fbce6edf3d.ta
+# This overrides the path of the output artifact so it won't be
+# included into the system image
+local_module_path := $(PRODUCT_OUT)/system/lib/teetz
+local_module_ta_name := tee_aes_perf_ta
+
+include $(TDK_PATH)/aosp_optee.mk
diff --git a/demos/optee_test/ta/concurrent/Android.mk b/demos/optee_test/ta/concurrent/Android.mk
index 6000836..c1032eb 100644
--- a/demos/optee_test/ta/concurrent/Android.mk
+++ b/demos/optee_test/ta/concurrent/Android.mk
@@ -1,55 +1,9 @@
-LOCAL_PATH:= $(call my-dir)
-TDK_PATH:=../../../../ta_export
-TA_BINARY=e13010e0-2ae1-11e5-896a-0002a5d5c51b
-TA_CROSS_COMPILE=arm-linux-gnueabihf-
-TA_EXPORT_DIR := out/target/product/$(TARGET_BOOTLOADER_BOARD_NAME)/system/lib/teetz
-OUTPUT_DIR := ../../out/ta/$(notdir $(LOCAL_PATH))
-
-include $(CLEAR_VARS)
-
-$(info $(shell make CROSS_COMPILE=$(TA_CROSS_COMPILE) -C $(LOCAL_PATH) O=$(OUTPUT_DIR) TA_DEV_KIT_DIR=$(TDK_PATH)))
-
-$(info $(shell if [ ! -e $(TA_EXPORT_DIR) ]; then mkdir -p $(TA_EXPORT_DIR); fi))
-
-ta_file := $(OUTPUT_DIR)/$(TA_BINARY).ta
-
-ifeq ($(TARGET_ENABLE_TA_SIGN), true)
-$(info $(shell $(TA_GEN_CERT_TOOL) --root_rsa_key=$(TA_ROOT_PRIV_KEY) \
-		--ta_rsa_key=$(TA_USER_PUB_KEY) \
-		--uuid=$(TA_BINARY) \
-		--ta_rsa_key_sig=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_rsa_key.sig \
-		--root_aes_key=$(TA_ROOT_AES_KEY) \
-		--ta_aes_key=$(TA_USER_AES_KEY) \
-		--ta_aes_iv=$(TA_USER_AES_IV) \
-		--ta_aes_key_iv_enc=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_aes_key_enc.bin ))
-$(info $(shell $(TA_SIGN_TOOL) --ta_rsa_key=$(TA_USER_PRIV_KEY) \
-		--ta_rsa_key_sig=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_rsa_key.sig \
-		--ta_aes_key=$(TA_USER_AES_KEY) \
-		--ta_aes_iv=$(TA_USER_AES_IV) \
-		--ta_aes_key_iv_enc=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_aes_key_enc.bin \
-		--in=$(LOCAL_PATH)/$(OUTPUT_DIR)/$(TA_BINARY).ta \
-		--out=$(LOCAL_PATH)/$(OUTPUT_DIR)/$(TA_BINARY).ta ))
-$(info $(shell rm -f $(LOCAL_PATH)/$(OUTPUT_DIR)/ta_rsa_key.sig ))
-$(info $(shell rm -f $(LOCAL_PATH)/$(OUTPUT_DIR)/ta_aes_key_enc.bin ))
-endif
-
-$(info $(shell mkdir -p $(PRODUCT_OUT)/obj/lib))
-$(info $(shell cp -vf $(LOCAL_PATH)/$(OUTPUT_DIR)/$(TA_BINARY).ta $(PRODUCT_OUT)/obj/lib))
-
-LOCAL_MODULE := $(TA_BINARY)
-LOCAL_SRC_FILES := $(ta_file)
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_CLASS := SHARED_LIBRARIES
-LOCAL_MODULE_SUFFIX := .ta
-LOCAL_MODULE_PATH := $(TA_EXPORT_DIR)
-LOCAL_STRIP_MODULE := false
-include $(BUILD_PREBUILT)
-
-include $(CLEAR_VARS)
-LOCAL_MODULE := tee_concurrent_ta
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_CLASS := SHARED_LIBRARIES
-
-LOCAL_REQUIRED_MODULES := $(TA_BINARY)
-
-include $(BUILD_PHONY_PACKAGE)
+LOCAL_PATH := $(call my-dir)
+TDK_PATH := $(realpath $(TOP))/vendor/amlogic/tdk
+local_module := e13010e0-2ae1-11e5-896a-0002a5d5c51b.ta
+# This overrides the path of the output artifact so it won't be
+# included into the system image
+local_module_path := $(PRODUCT_OUT)/system/lib/teetz
+local_module_ta_name := tee_concurrent_ta
+
+include $(TDK_PATH)/aosp_optee.mk
diff --git a/demos/optee_test/ta/concurrent_large/Android.mk b/demos/optee_test/ta/concurrent_large/Android.mk
index 3d5336d..45ee7b8 100644
--- a/demos/optee_test/ta/concurrent_large/Android.mk
+++ b/demos/optee_test/ta/concurrent_large/Android.mk
@@ -1,55 +1,9 @@
-LOCAL_PATH:= $(call my-dir)
-TDK_PATH:=../../../../ta_export
-TA_BINARY=5ce0c432-0ab0-40e5-a056-782ca0e6aba2
-TA_CROSS_COMPILE=arm-linux-gnueabihf-
-TA_EXPORT_DIR := out/target/product/$(TARGET_BOOTLOADER_BOARD_NAME)/system/lib/teetz
-OUTPUT_DIR := ../../out/ta/$(notdir $(LOCAL_PATH))
-
-include $(CLEAR_VARS)
-
-$(info $(shell make CROSS_COMPILE=$(TA_CROSS_COMPILE) -C $(LOCAL_PATH) O=$(OUTPUT_DIR) TA_DEV_KIT_DIR=$(TDK_PATH)))
-
-$(info $(shell if [ ! -e $(TA_EXPORT_DIR) ]; then mkdir -p $(TA_EXPORT_DIR); fi))
-
-ta_file := $(OUTPUT_DIR)/$(TA_BINARY).ta
-
-ifeq ($(TARGET_ENABLE_TA_SIGN), true)
-$(info $(shell $(TA_GEN_CERT_TOOL) --root_rsa_key=$(TA_ROOT_PRIV_KEY) \
-		--ta_rsa_key=$(TA_USER_PUB_KEY) \
-		--uuid=$(TA_BINARY) \
-		--ta_rsa_key_sig=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_rsa_key.sig \
-		--root_aes_key=$(TA_ROOT_AES_KEY) \
-		--ta_aes_key=$(TA_USER_AES_KEY) \
-		--ta_aes_iv=$(TA_USER_AES_IV) \
-		--ta_aes_key_iv_enc=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_aes_key_enc.bin ))
-$(info $(shell $(TA_SIGN_TOOL) --ta_rsa_key=$(TA_USER_PRIV_KEY) \
-		--ta_rsa_key_sig=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_rsa_key.sig \
-		--ta_aes_key=$(TA_USER_AES_KEY) \
-		--ta_aes_iv=$(TA_USER_AES_IV) \
-		--ta_aes_key_iv_enc=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_aes_key_enc.bin \
-		--in=$(LOCAL_PATH)/$(OUTPUT_DIR)/$(TA_BINARY).ta \
-		--out=$(LOCAL_PATH)/$(OUTPUT_DIR)/$(TA_BINARY).ta ))
-$(info $(shell rm -f $(LOCAL_PATH)/$(OUTPUT_DIR)/ta_rsa_key.sig ))
-$(info $(shell rm -f $(LOCAL_PATH)/$(OUTPUT_DIR)/ta_aes_key_enc.bin ))
-endif
-
-$(info $(shell mkdir -p $(PRODUCT_OUT)/obj/lib))
-$(info $(shell cp -vf $(LOCAL_PATH)/$(OUTPUT_DIR)/$(TA_BINARY).ta $(PRODUCT_OUT)/obj/lib))
-
-LOCAL_MODULE := $(TA_BINARY)
-LOCAL_SRC_FILES := $(ta_file)
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_CLASS := SHARED_LIBRARIES
-LOCAL_MODULE_SUFFIX := .ta
-LOCAL_MODULE_PATH := $(TA_EXPORT_DIR)
-LOCAL_STRIP_MODULE := false
-include $(BUILD_PREBUILT)
-
-include $(CLEAR_VARS)
-LOCAL_MODULE := tee_concurrent_large_ta
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_CLASS := SHARED_LIBRARIES
-
-LOCAL_REQUIRED_MODULES := $(TA_BINARY)
-
-include $(BUILD_PHONY_PACKAGE)
+LOCAL_PATH := $(call my-dir)
+TDK_PATH := $(realpath $(TOP))/vendor/amlogic/tdk
+local_module := 5ce0c432-0ab0-40e5-a056-782ca0e6aba2.ta
+# This overrides the path of the output artifact so it won't be
+# included into the system image
+local_module_path := $(PRODUCT_OUT)/system/lib/teetz
+local_module_ta_name := tee_concurrent_large_ta
+
+include $(TDK_PATH)/aosp_optee.mk
diff --git a/demos/optee_test/ta/create_fail_test/Android.mk b/demos/optee_test/ta/create_fail_test/Android.mk
index e0a4d10..1b28be5 100644
--- a/demos/optee_test/ta/create_fail_test/Android.mk
+++ b/demos/optee_test/ta/create_fail_test/Android.mk
@@ -1,55 +1,9 @@
-LOCAL_PATH:= $(call my-dir)
-TDK_PATH:=../../../../ta_export
-TA_BINARY=c3f6e2c0-3548-11e1-b86c-0800200c9a66
-TA_CROSS_COMPILE=arm-linux-gnueabihf-
-TA_EXPORT_DIR := out/target/product/$(TARGET_BOOTLOADER_BOARD_NAME)/system/lib/teetz
-OUTPUT_DIR := ../../out/ta/$(notdir $(LOCAL_PATH))
-
-include $(CLEAR_VARS)
-
-$(info $(shell make CROSS_COMPILE=$(TA_CROSS_COMPILE) -C $(LOCAL_PATH) O=$(OUTPUT_DIR) TA_DEV_KIT_DIR=$(TDK_PATH)))
-
-$(info $(shell if [ ! -e $(TA_EXPORT_DIR) ]; then mkdir -p $(TA_EXPORT_DIR); fi))
-
-ta_file := $(OUTPUT_DIR)/$(TA_BINARY).ta
-
-ifeq ($(TARGET_ENABLE_TA_SIGN), true)
-$(info $(shell $(TA_GEN_CERT_TOOL) --root_rsa_key=$(TA_ROOT_PRIV_KEY) \
-		--ta_rsa_key=$(TA_USER_PUB_KEY) \
-		--uuid=$(TA_BINARY) \
-		--ta_rsa_key_sig=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_rsa_key.sig \
-		--root_aes_key=$(TA_ROOT_AES_KEY) \
-		--ta_aes_key=$(TA_USER_AES_KEY) \
-		--ta_aes_iv=$(TA_USER_AES_IV) \
-		--ta_aes_key_iv_enc=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_aes_key_enc.bin ))
-$(info $(shell $(TA_SIGN_TOOL) --ta_rsa_key=$(TA_USER_PRIV_KEY) \
-		--ta_rsa_key_sig=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_rsa_key.sig \
-		--ta_aes_key=$(TA_USER_AES_KEY) \
-		--ta_aes_iv=$(TA_USER_AES_IV) \
-		--ta_aes_key_iv_enc=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_aes_key_enc.bin \
-		--in=$(LOCAL_PATH)/$(OUTPUT_DIR)/$(TA_BINARY).ta \
-		--out=$(LOCAL_PATH)/$(OUTPUT_DIR)/$(TA_BINARY).ta ))
-$(info $(shell rm -f $(LOCAL_PATH)/$(OUTPUT_DIR)/ta_rsa_key.sig ))
-$(info $(shell rm -f $(LOCAL_PATH)/$(OUTPUT_DIR)/ta_aes_key_enc.bin ))
-endif
-
-$(info $(shell mkdir -p $(PRODUCT_OUT)/obj/lib))
-$(info $(shell cp -vf $(LOCAL_PATH)/$(OUTPUT_DIR)/$(TA_BINARY).ta $(PRODUCT_OUT)/obj/lib))
-
-LOCAL_MODULE := $(TA_BINARY)
-LOCAL_SRC_FILES := $(ta_file)
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_CLASS := SHARED_LIBRARIES
-LOCAL_MODULE_SUFFIX := .ta
-LOCAL_MODULE_PATH := $(TA_EXPORT_DIR)
-LOCAL_STRIP_MODULE := false
-include $(BUILD_PREBUILT)
-
-include $(CLEAR_VARS)
-LOCAL_MODULE := tee_fail_test_ta
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_CLASS := SHARED_LIBRARIES
-
-LOCAL_REQUIRED_MODULES := $(TA_BINARY)
-
-include $(BUILD_PHONY_PACKAGE)
+LOCAL_PATH := $(call my-dir)
+TDK_PATH := $(realpath $(TOP))/vendor/amlogic/tdk
+local_module := c3f6e2c0-3548-11e1-b86c-0800200c9a66.ta
+# This overrides the path of the output artifact so it won't be
+# included into the system image
+local_module_path := $(PRODUCT_OUT)/system/lib/teetz
+local_module_ta_name := tee_fail_test_ta
+
+include $(TDK_PATH)/aosp_optee.mk
diff --git a/demos/optee_test/ta/crypt/Android.mk b/demos/optee_test/ta/crypt/Android.mk
index 68ad6d2..fd7c7c1 100644
--- a/demos/optee_test/ta/crypt/Android.mk
+++ b/demos/optee_test/ta/crypt/Android.mk
@@ -1,55 +1,9 @@
-LOCAL_PATH:= $(call my-dir)
-TDK_PATH:=../../../../ta_export
-TA_BINARY=cb3e5ba0-adf1-11e0-998b-0002a5d5c51b
-TA_CROSS_COMPILE=arm-linux-gnueabihf-
-TA_EXPORT_DIR := out/target/product/$(TARGET_BOOTLOADER_BOARD_NAME)/system/lib/teetz
-OUTPUT_DIR := ../../out/ta/$(notdir $(LOCAL_PATH))
-
-include $(CLEAR_VARS)
-
-$(info $(shell make CROSS_COMPILE=$(TA_CROSS_COMPILE) -C $(LOCAL_PATH) O=$(OUTPUT_DIR) TA_DEV_KIT_DIR=$(TDK_PATH)))
-
-$(info $(shell if [ ! -e $(TA_EXPORT_DIR) ]; then mkdir -p $(TA_EXPORT_DIR); fi))
-
-ta_file := $(OUTPUT_DIR)/$(TA_BINARY).ta
-
-ifeq ($(TARGET_ENABLE_TA_SIGN), true)
-$(info $(shell $(TA_GEN_CERT_TOOL) --root_rsa_key=$(TA_ROOT_PRIV_KEY) \
-		--ta_rsa_key=$(TA_USER_PUB_KEY) \
-		--uuid=$(TA_BINARY) \
-		--ta_rsa_key_sig=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_rsa_key.sig \
-		--root_aes_key=$(TA_ROOT_AES_KEY) \
-		--ta_aes_key=$(TA_USER_AES_KEY) \
-		--ta_aes_iv=$(TA_USER_AES_IV) \
-		--ta_aes_key_iv_enc=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_aes_key_enc.bin ))
-$(info $(shell $(TA_SIGN_TOOL) --ta_rsa_key=$(TA_USER_PRIV_KEY) \
-		--ta_rsa_key_sig=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_rsa_key.sig \
-		--ta_aes_key=$(TA_USER_AES_KEY) \
-		--ta_aes_iv=$(TA_USER_AES_IV) \
-		--ta_aes_key_iv_enc=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_aes_key_enc.bin \
-		--in=$(LOCAL_PATH)/$(OUTPUT_DIR)/$(TA_BINARY).ta \
-		--out=$(LOCAL_PATH)/$(OUTPUT_DIR)/$(TA_BINARY).ta ))
-$(info $(shell rm -f $(LOCAL_PATH)/$(OUTPUT_DIR)/ta_rsa_key.sig ))
-$(info $(shell rm -f $(LOCAL_PATH)/$(OUTPUT_DIR)/ta_aes_key_enc.bin ))
-endif
-
-$(info $(shell mkdir -p $(PRODUCT_OUT)/obj/lib))
-$(info $(shell cp -vf $(LOCAL_PATH)/$(OUTPUT_DIR)/$(TA_BINARY).ta $(PRODUCT_OUT)/obj/lib))
-
-LOCAL_MODULE := $(TA_BINARY)
-LOCAL_SRC_FILES := $(ta_file)
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_CLASS := SHARED_LIBRARIES
-LOCAL_MODULE_SUFFIX := .ta
-LOCAL_MODULE_PATH := $(TA_EXPORT_DIR)
-LOCAL_STRIP_MODULE := false
-include $(BUILD_PREBUILT)
-
-include $(CLEAR_VARS)
-LOCAL_MODULE := tee_crypt_ta
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_CLASS := SHARED_LIBRARIES
-
-LOCAL_REQUIRED_MODULES := $(TA_BINARY)
-
-include $(BUILD_PHONY_PACKAGE)
+LOCAL_PATH := $(call my-dir)
+TDK_PATH := $(realpath $(TOP))/vendor/amlogic/tdk
+local_module := cb3e5ba0-adf1-11e0-998b-0002a5d5c51b.ta
+# This overrides the path of the output artifact so it won't be
+# included into the system image
+local_module_path := $(PRODUCT_OUT)/system/lib/teetz
+local_module_ta_name := tee_crypt_ta
+
+include $(TDK_PATH)/aosp_optee.mk
diff --git a/demos/optee_test/ta/os_test/Android.mk b/demos/optee_test/ta/os_test/Android.mk
index 1b6d576..b50caa7 100644
--- a/demos/optee_test/ta/os_test/Android.mk
+++ b/demos/optee_test/ta/os_test/Android.mk
@@ -1,55 +1,9 @@
-LOCAL_PATH:= $(call my-dir)
-TDK_PATH:=../../../../ta_export
-TA_BINARY=5b9e0e40-2636-11e1-ad9e-0002a5d5c51b
-TA_CROSS_COMPILE=arm-linux-gnueabihf-
-TA_EXPORT_DIR := out/target/product/$(TARGET_BOOTLOADER_BOARD_NAME)/system/lib/teetz
-OUTPUT_DIR := ../../out/ta/$(notdir $(LOCAL_PATH))
-
-include $(CLEAR_VARS)
-
-$(info $(shell make CROSS_COMPILE=$(TA_CROSS_COMPILE) -C $(LOCAL_PATH) O=$(OUTPUT_DIR) TA_DEV_KIT_DIR=$(TDK_PATH)))
-
-$(info $(shell if [ ! -e $(TA_EXPORT_DIR) ]; then mkdir -p $(TA_EXPORT_DIR); fi))
-
-ta_file := $(OUTPUT_DIR)/$(TA_BINARY).ta
-
-ifeq ($(TARGET_ENABLE_TA_SIGN), true)
-$(info $(shell $(TA_GEN_CERT_TOOL) --root_rsa_key=$(TA_ROOT_PRIV_KEY) \
-		--ta_rsa_key=$(TA_USER_PUB_KEY) \
-		--uuid=$(TA_BINARY) \
-		--ta_rsa_key_sig=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_rsa_key.sig \
-		--root_aes_key=$(TA_ROOT_AES_KEY) \
-		--ta_aes_key=$(TA_USER_AES_KEY) \
-		--ta_aes_iv=$(TA_USER_AES_IV) \
-		--ta_aes_key_iv_enc=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_aes_key_enc.bin ))
-$(info $(shell $(TA_SIGN_TOOL) --ta_rsa_key=$(TA_USER_PRIV_KEY) \
-		--ta_rsa_key_sig=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_rsa_key.sig \
-		--ta_aes_key=$(TA_USER_AES_KEY) \
-		--ta_aes_iv=$(TA_USER_AES_IV) \
-		--ta_aes_key_iv_enc=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_aes_key_enc.bin \
-		--in=$(LOCAL_PATH)/$(OUTPUT_DIR)/$(TA_BINARY).ta \
-		--out=$(LOCAL_PATH)/$(OUTPUT_DIR)/$(TA_BINARY).ta ))
-$(info $(shell rm -f $(LOCAL_PATH)/$(OUTPUT_DIR)/ta_rsa_key.sig ))
-$(info $(shell rm -f $(LOCAL_PATH)/$(OUTPUT_DIR)/ta_aes_key_enc.bin ))
-endif
-
-$(info $(shell mkdir -p $(PRODUCT_OUT)/obj/lib))
-$(info $(shell cp -vf $(LOCAL_PATH)/$(OUTPUT_DIR)/$(TA_BINARY).ta $(PRODUCT_OUT)/obj/lib))
-
-LOCAL_MODULE := $(TA_BINARY)
-LOCAL_SRC_FILES := $(ta_file)
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_CLASS := SHARED_LIBRARIES
-LOCAL_MODULE_SUFFIX := .ta
-LOCAL_MODULE_PATH := $(TA_EXPORT_DIR)
-LOCAL_STRIP_MODULE := false
-include $(BUILD_PREBUILT)
-
-include $(CLEAR_VARS)
-LOCAL_MODULE := tee_os_test_ta
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_CLASS := SHARED_LIBRARIES
-
-LOCAL_REQUIRED_MODULES := $(TA_BINARY)
-
-include $(BUILD_PHONY_PACKAGE)
+LOCAL_PATH := $(call my-dir)
+TDK_PATH := $(realpath $(TOP))/vendor/amlogic/tdk
+local_module := 5b9e0e40-2636-11e1-ad9e-0002a5d5c51b.ta
+# This overrides the path of the output artifact so it won't be
+# included into the system image
+local_module_path := $(PRODUCT_OUT)/system/lib/teetz
+local_module_ta_name := tee_os_test_ta
+
+include $(TDK_PATH)/aosp_optee.mk
diff --git a/demos/optee_test/ta/rpc_test/Android.mk b/demos/optee_test/ta/rpc_test/Android.mk
index 85fa3a9..3322ea3 100644
--- a/demos/optee_test/ta/rpc_test/Android.mk
+++ b/demos/optee_test/ta/rpc_test/Android.mk
@@ -1,55 +1,9 @@
-LOCAL_PATH:= $(call my-dir)
-TDK_PATH:=../../../../ta_export
-TA_BINARY=d17f73a0-36ef-11e1-984a-0002a5d5c51b
-TA_CROSS_COMPILE=arm-linux-gnueabihf-
-TA_EXPORT_DIR := out/target/product/$(TARGET_BOOTLOADER_BOARD_NAME)/system/lib/teetz
-OUTPUT_DIR := ../../out/ta/$(notdir $(LOCAL_PATH))
-
-include $(CLEAR_VARS)
-
-$(info $(shell make CROSS_COMPILE=$(TA_CROSS_COMPILE) -C $(LOCAL_PATH) O=$(OUTPUT_DIR) TA_DEV_KIT_DIR=$(TDK_PATH)))
-
-$(info $(shell if [ ! -e $(TA_EXPORT_DIR) ]; then mkdir -p $(TA_EXPORT_DIR); fi))
-
-ta_file := $(OUTPUT_DIR)/$(TA_BINARY).ta
-
-ifeq ($(TARGET_ENABLE_TA_SIGN), true)
-$(info $(shell $(TA_GEN_CERT_TOOL) --root_rsa_key=$(TA_ROOT_PRIV_KEY) \
-		--ta_rsa_key=$(TA_USER_PUB_KEY) \
-		--uuid=$(TA_BINARY) \
-		--ta_rsa_key_sig=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_rsa_key.sig \
-		--root_aes_key=$(TA_ROOT_AES_KEY) \
-		--ta_aes_key=$(TA_USER_AES_KEY) \
-		--ta_aes_iv=$(TA_USER_AES_IV) \
-		--ta_aes_key_iv_enc=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_aes_key_enc.bin ))
-$(info $(shell $(TA_SIGN_TOOL) --ta_rsa_key=$(TA_USER_PRIV_KEY) \
-		--ta_rsa_key_sig=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_rsa_key.sig \
-		--ta_aes_key=$(TA_USER_AES_KEY) \
-		--ta_aes_iv=$(TA_USER_AES_IV) \
-		--ta_aes_key_iv_enc=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_aes_key_enc.bin \
-		--in=$(LOCAL_PATH)/$(OUTPUT_DIR)/$(TA_BINARY).ta \
-		--out=$(LOCAL_PATH)/$(OUTPUT_DIR)/$(TA_BINARY).ta ))
-$(info $(shell rm -f $(LOCAL_PATH)/$(OUTPUT_DIR)/ta_rsa_key.sig ))
-$(info $(shell rm -f $(LOCAL_PATH)/$(OUTPUT_DIR)/ta_aes_key_enc.bin ))
-endif
-
-$(info $(shell mkdir -p $(PRODUCT_OUT)/obj/lib))
-$(info $(shell cp -vf $(LOCAL_PATH)/$(OUTPUT_DIR)/$(TA_BINARY).ta $(PRODUCT_OUT)/obj/lib))
-
-LOCAL_MODULE := $(TA_BINARY)
-LOCAL_SRC_FILES := $(ta_file)
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_CLASS := SHARED_LIBRARIES
-LOCAL_MODULE_SUFFIX := .ta
-LOCAL_MODULE_PATH := $(TA_EXPORT_DIR)
-LOCAL_STRIP_MODULE := false
-include $(BUILD_PREBUILT)
-
-include $(CLEAR_VARS)
-LOCAL_MODULE := tee_rpc_test_ta
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_CLASS := SHARED_LIBRARIES
-
-LOCAL_REQUIRED_MODULES := $(TA_BINARY)
-
-include $(BUILD_PHONY_PACKAGE)
+LOCAL_PATH := $(call my-dir)
+TDK_PATH := $(realpath $(TOP))/vendor/amlogic/tdk
+local_module := d17f73a0-36ef-11e1-984a-0002a5d5c51b.ta
+# This overrides the path of the output artifact so it won't be
+# included into the system image
+local_module_path := $(PRODUCT_OUT)/system/lib/teetz
+local_module_ta_name := tee_rpc_test_ta
+
+include $(TDK_PATH)/aosp_optee.mk
diff --git a/demos/optee_test/ta/sdp_basic/Android.mk b/demos/optee_test/ta/sdp_basic/Android.mk
index 1f55352..8b3d75e 100644
--- a/demos/optee_test/ta/sdp_basic/Android.mk
+++ b/demos/optee_test/ta/sdp_basic/Android.mk
@@ -1,55 +1,9 @@
-LOCAL_PATH:= $(call my-dir)
-TDK_PATH:=../../../../ta_export
-TA_BINARY=12345678-5b69-11e4-9dbb-101f74f00099
-TA_CROSS_COMPILE=arm-linux-gnueabihf-
-TA_EXPORT_DIR := out/target/product/$(TARGET_BOOTLOADER_BOARD_NAME)/system/lib/teetz
-OUTPUT_DIR := ../../out/ta/$(notdir $(LOCAL_PATH))
-
-include $(CLEAR_VARS)
-
-$(info $(shell make CROSS_COMPILE=$(TA_CROSS_COMPILE) -C $(LOCAL_PATH) O=$(OUTPUT_DIR) TA_DEV_KIT_DIR=$(TDK_PATH)))
-
-$(info $(shell if [ ! -e $(TA_EXPORT_DIR) ]; then mkdir -p $(TA_EXPORT_DIR); fi))
-
-ta_file := $(OUTPUT_DIR)/$(TA_BINARY).ta
-
-ifeq ($(TARGET_ENABLE_TA_SIGN), true)
-$(info $(shell $(TA_GEN_CERT_TOOL) --root_rsa_key=$(TA_ROOT_PRIV_KEY) \
-		--ta_rsa_key=$(TA_USER_PUB_KEY) \
-		--uuid=$(TA_BINARY) \
-		--ta_rsa_key_sig=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_rsa_key.sig \
-		--root_aes_key=$(TA_ROOT_AES_KEY) \
-		--ta_aes_key=$(TA_USER_AES_KEY) \
-		--ta_aes_iv=$(TA_USER_AES_IV) \
-		--ta_aes_key_iv_enc=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_aes_key_enc.bin ))
-$(info $(shell $(TA_SIGN_TOOL) --ta_rsa_key=$(TA_USER_PRIV_KEY) \
-		--ta_rsa_key_sig=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_rsa_key.sig \
-		--ta_aes_key=$(TA_USER_AES_KEY) \
-		--ta_aes_iv=$(TA_USER_AES_IV) \
-		--ta_aes_key_iv_enc=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_aes_key_enc.bin \
-		--in=$(LOCAL_PATH)/$(OUTPUT_DIR)/$(TA_BINARY).ta \
-		--out=$(LOCAL_PATH)/$(OUTPUT_DIR)/$(TA_BINARY).ta ))
-$(info $(shell rm -f $(LOCAL_PATH)/$(OUTPUT_DIR)/ta_rsa_key.sig ))
-$(info $(shell rm -f $(LOCAL_PATH)/$(OUTPUT_DIR)/ta_aes_key_enc.bin ))
-endif
-
-$(info $(shell mkdir -p $(PRODUCT_OUT)/obj/lib))
-$(info $(shell cp -vf $(LOCAL_PATH)/$(OUTPUT_DIR)/$(TA_BINARY).ta $(PRODUCT_OUT)/obj/lib))
-
-LOCAL_MODULE := $(TA_BINARY)
-LOCAL_SRC_FILES := $(ta_file)
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_CLASS := SHARED_LIBRARIES
-LOCAL_MODULE_SUFFIX := .ta
-LOCAL_MODULE_PATH := $(TA_EXPORT_DIR)
-LOCAL_STRIP_MODULE := false
-include $(BUILD_PREBUILT)
-
-include $(CLEAR_VARS)
-LOCAL_MODULE := tee_sdp_basic_ta
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_CLASS := SHARED_LIBRARIES
-
-LOCAL_REQUIRED_MODULES := $(TA_BINARY)
-
-include $(BUILD_PHONY_PACKAGE)
+LOCAL_PATH := $(call my-dir)
+TDK_PATH := $(realpath $(TOP))/vendor/amlogic/tdk
+local_module := 12345678-5b69-11e4-9dbb-101f74f00099.ta
+# This overrides the path of the output artifact so it won't be
+# included into the system image
+local_module_path := $(PRODUCT_OUT)/system/lib/teetz
+local_module_ta_name := tee_sdp_basic_ta
+
+include $(TDK_PATH)/aosp_optee.mk
diff --git a/demos/optee_test/ta/sha_perf/Android.mk b/demos/optee_test/ta/sha_perf/Android.mk
index c6225af..9bbc982 100644
--- a/demos/optee_test/ta/sha_perf/Android.mk
+++ b/demos/optee_test/ta/sha_perf/Android.mk
@@ -1,55 +1,9 @@
-LOCAL_PATH:= $(call my-dir)
-TDK_PATH:=../../../../ta_export
-TA_BINARY=614789f2-39c0-4ebf-b235-92b32ac107ed
-TA_CROSS_COMPILE=arm-linux-gnueabihf-
-TA_EXPORT_DIR := out/target/product/$(TARGET_BOOTLOADER_BOARD_NAME)/system/lib/teetz
-OUTPUT_DIR := ../../out/ta/$(notdir $(LOCAL_PATH))
-
-include $(CLEAR_VARS)
-
-$(info $(shell make CROSS_COMPILE=$(TA_CROSS_COMPILE) -C $(LOCAL_PATH) O=$(OUTPUT_DIR) TA_DEV_KIT_DIR=$(TDK_PATH)))
-
-$(info $(shell if [ ! -e $(TA_EXPORT_DIR) ]; then mkdir -p $(TA_EXPORT_DIR); fi))
-
-ta_file := $(OUTPUT_DIR)/$(TA_BINARY).ta
-
-ifeq ($(TARGET_ENABLE_TA_SIGN), true)
-$(info $(shell $(TA_GEN_CERT_TOOL) --root_rsa_key=$(TA_ROOT_PRIV_KEY) \
-		--ta_rsa_key=$(TA_USER_PUB_KEY) \
-		--uuid=$(TA_BINARY) \
-		--ta_rsa_key_sig=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_rsa_key.sig \
-		--root_aes_key=$(TA_ROOT_AES_KEY) \
-		--ta_aes_key=$(TA_USER_AES_KEY) \
-		--ta_aes_iv=$(TA_USER_AES_IV) \
-		--ta_aes_key_iv_enc=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_aes_key_enc.bin ))
-$(info $(shell $(TA_SIGN_TOOL) --ta_rsa_key=$(TA_USER_PRIV_KEY) \
-		--ta_rsa_key_sig=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_rsa_key.sig \
-		--ta_aes_key=$(TA_USER_AES_KEY) \
-		--ta_aes_iv=$(TA_USER_AES_IV) \
-		--ta_aes_key_iv_enc=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_aes_key_enc.bin \
-		--in=$(LOCAL_PATH)/$(OUTPUT_DIR)/$(TA_BINARY).ta \
-		--out=$(LOCAL_PATH)/$(OUTPUT_DIR)/$(TA_BINARY).ta ))
-$(info $(shell rm -f $(LOCAL_PATH)/$(OUTPUT_DIR)/ta_rsa_key.sig ))
-$(info $(shell rm -f $(LOCAL_PATH)/$(OUTPUT_DIR)/ta_aes_key_enc.bin ))
-endif
-
-$(info $(shell mkdir -p $(PRODUCT_OUT)/obj/lib))
-$(info $(shell cp -vf $(LOCAL_PATH)/$(OUTPUT_DIR)/$(TA_BINARY).ta $(PRODUCT_OUT)/obj/lib))
-
-LOCAL_MODULE := $(TA_BINARY)
-LOCAL_SRC_FILES := $(ta_file)
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_CLASS := SHARED_LIBRARIES
-LOCAL_MODULE_SUFFIX := .ta
-LOCAL_MODULE_PATH := $(TA_EXPORT_DIR)
-LOCAL_STRIP_MODULE := false
-include $(BUILD_PREBUILT)
-
-include $(CLEAR_VARS)
-LOCAL_MODULE := tee_sha_perf_ta
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_CLASS := SHARED_LIBRARIES
-
-LOCAL_REQUIRED_MODULES := $(TA_BINARY)
-
-include $(BUILD_PHONY_PACKAGE)
+LOCAL_PATH := $(call my-dir)
+TDK_PATH := $(realpath $(TOP))/vendor/amlogic/tdk
+local_module := 614789f2-39c0-4ebf-b235-92b32ac107ed.ta
+# This overrides the path of the output artifact so it won't be
+# included into the system image
+local_module_path := $(PRODUCT_OUT)/system/lib/teetz
+local_module_ta_name := tee_sha_perf_ta
+
+include $(TDK_PATH)/aosp_optee.mk
diff --git a/demos/optee_test/ta/sims/Android.mk b/demos/optee_test/ta/sims/Android.mk
index e704bdb..fdd2108 100644
--- a/demos/optee_test/ta/sims/Android.mk
+++ b/demos/optee_test/ta/sims/Android.mk
@@ -1,55 +1,9 @@
-LOCAL_PATH:= $(call my-dir)
-TDK_PATH:=../../../../ta_export
-TA_BINARY=e6a33ed4-562b-463a-bb7e-ff5e15a493c8
-TA_CROSS_COMPILE=arm-linux-gnueabihf-
-TA_EXPORT_DIR := out/target/product/$(TARGET_BOOTLOADER_BOARD_NAME)/system/lib/teetz
-OUTPUT_DIR := ../../out/ta/$(notdir $(LOCAL_PATH))
-
-include $(CLEAR_VARS)
-
-$(info $(shell make CROSS_COMPILE=$(TA_CROSS_COMPILE) -C $(LOCAL_PATH) O=$(OUTPUT_DIR) TA_DEV_KIT_DIR=$(TDK_PATH)))
-
-$(info $(shell if [ ! -e $(TA_EXPORT_DIR) ]; then mkdir -p $(TA_EXPORT_DIR); fi))
-
-ta_file := $(OUTPUT_DIR)/$(TA_BINARY).ta
-
-ifeq ($(TARGET_ENABLE_TA_SIGN), true)
-$(info $(shell $(TA_GEN_CERT_TOOL) --root_rsa_key=$(TA_ROOT_PRIV_KEY) \
-		--ta_rsa_key=$(TA_USER_PUB_KEY) \
-		--uuid=$(TA_BINARY) \
-		--ta_rsa_key_sig=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_rsa_key.sig \
-		--root_aes_key=$(TA_ROOT_AES_KEY) \
-		--ta_aes_key=$(TA_USER_AES_KEY) \
-		--ta_aes_iv=$(TA_USER_AES_IV) \
-		--ta_aes_key_iv_enc=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_aes_key_enc.bin ))
-$(info $(shell $(TA_SIGN_TOOL) --ta_rsa_key=$(TA_USER_PRIV_KEY) \
-		--ta_rsa_key_sig=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_rsa_key.sig \
-		--ta_aes_key=$(TA_USER_AES_KEY) \
-		--ta_aes_iv=$(TA_USER_AES_IV) \
-		--ta_aes_key_iv_enc=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_aes_key_enc.bin \
-		--in=$(LOCAL_PATH)/$(OUTPUT_DIR)/$(TA_BINARY).ta \
-		--out=$(LOCAL_PATH)/$(OUTPUT_DIR)/$(TA_BINARY).ta ))
-$(info $(shell rm -f $(LOCAL_PATH)/$(OUTPUT_DIR)/ta_rsa_key.sig ))
-$(info $(shell rm -f $(LOCAL_PATH)/$(OUTPUT_DIR)/ta_aes_key_enc.bin ))
-endif
-
-$(info $(shell mkdir -p $(PRODUCT_OUT)/obj/lib))
-$(info $(shell cp -vf $(LOCAL_PATH)/$(OUTPUT_DIR)/$(TA_BINARY).ta $(PRODUCT_OUT)/obj/lib))
-
-LOCAL_MODULE := $(TA_BINARY)
-LOCAL_SRC_FILES := $(ta_file)
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_CLASS := SHARED_LIBRARIES
-LOCAL_MODULE_SUFFIX := .ta
-LOCAL_MODULE_PATH := $(TA_EXPORT_DIR)
-LOCAL_STRIP_MODULE := false
-include $(BUILD_PREBUILT)
-
-include $(CLEAR_VARS)
-LOCAL_MODULE := tee_sims_ta
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_CLASS := SHARED_LIBRARIES
-
-LOCAL_REQUIRED_MODULES := $(TA_BINARY)
-
-include $(BUILD_PHONY_PACKAGE)
+LOCAL_PATH := $(call my-dir)
+TDK_PATH := $(realpath $(TOP))/vendor/amlogic/tdk
+local_module := e6a33ed4-562b-463a-bb7e-ff5e15a493c8.ta
+# This overrides the path of the output artifact so it won't be
+# included into the system image
+local_module_path := $(PRODUCT_OUT)/system/lib/teetz
+local_module_ta_name := tee_sims_ta
+
+include $(TDK_PATH)/aosp_optee.mk
diff --git a/demos/optee_test/ta/socket/Android.mk b/demos/optee_test/ta/socket/Android.mk
index acc2f8e..294f65a 100644
--- a/demos/optee_test/ta/socket/Android.mk
+++ b/demos/optee_test/ta/socket/Android.mk
@@ -1,55 +1,9 @@
-LOCAL_PATH:= $(call my-dir)
-TDK_PATH:=../../../../ta_export
-TA_BINARY=873bcd08-c2c3-11e6-a937-d0bf9c45c61c
-TA_CROSS_COMPILE=arm-linux-gnueabihf-
-TA_EXPORT_DIR := out/target/product/$(TARGET_BOOTLOADER_BOARD_NAME)/system/lib/teetz
-OUTPUT_DIR := ../../out/ta/$(notdir $(LOCAL_PATH))
-
-include $(CLEAR_VARS)
-
-$(info $(shell make CROSS_COMPILE=$(TA_CROSS_COMPILE) -C $(LOCAL_PATH) O=$(OUTPUT_DIR) TA_DEV_KIT_DIR=$(TDK_PATH)))
-
-$(info $(shell if [ ! -e $(TA_EXPORT_DIR) ]; then mkdir -p $(TA_EXPORT_DIR); fi))
-
-ta_file := $(OUTPUT_DIR)/$(TA_BINARY).ta
-
-ifeq ($(TARGET_ENABLE_TA_SIGN), true)
-$(info $(shell $(TA_GEN_CERT_TOOL) --root_rsa_key=$(TA_ROOT_PRIV_KEY) \
-		--ta_rsa_key=$(TA_USER_PUB_KEY) \
-		--uuid=$(TA_BINARY) \
-		--ta_rsa_key_sig=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_rsa_key.sig \
-		--root_aes_key=$(TA_ROOT_AES_KEY) \
-		--ta_aes_key=$(TA_USER_AES_KEY) \
-		--ta_aes_iv=$(TA_USER_AES_IV) \
-		--ta_aes_key_iv_enc=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_aes_key_enc.bin ))
-$(info $(shell $(TA_SIGN_TOOL) --ta_rsa_key=$(TA_USER_PRIV_KEY) \
-		--ta_rsa_key_sig=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_rsa_key.sig \
-		--ta_aes_key=$(TA_USER_AES_KEY) \
-		--ta_aes_iv=$(TA_USER_AES_IV) \
-		--ta_aes_key_iv_enc=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_aes_key_enc.bin \
-		--in=$(LOCAL_PATH)/$(OUTPUT_DIR)/$(TA_BINARY).ta \
-		--out=$(LOCAL_PATH)/$(OUTPUT_DIR)/$(TA_BINARY).ta ))
-$(info $(shell rm -f $(LOCAL_PATH)/$(OUTPUT_DIR)/ta_rsa_key.sig ))
-$(info $(shell rm -f $(LOCAL_PATH)/$(OUTPUT_DIR)/ta_aes_key_enc.bin ))
-endif
-
-$(info $(shell mkdir -p $(PRODUCT_OUT)/obj/lib))
-$(info $(shell cp -vf $(LOCAL_PATH)/$(OUTPUT_DIR)/$(TA_BINARY).ta $(PRODUCT_OUT)/obj/lib))
-
-LOCAL_MODULE := $(TA_BINARY)
-LOCAL_SRC_FILES := $(ta_file)
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_CLASS := SHARED_LIBRARIES
-LOCAL_MODULE_SUFFIX := .ta
-LOCAL_MODULE_PATH := $(TA_EXPORT_DIR)
-LOCAL_STRIP_MODULE := false
-include $(BUILD_PREBUILT)
-
-include $(CLEAR_VARS)
-LOCAL_MODULE := tee_socket_ta
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_CLASS := SHARED_LIBRARIES
-
-LOCAL_REQUIRED_MODULES := $(TA_BINARY)
-
-include $(BUILD_PHONY_PACKAGE)
+LOCAL_PATH := $(call my-dir)
+TDK_PATH := $(realpath $(TOP))/vendor/amlogic/tdk
+local_module := 873bcd08-c2c3-11e6-a937-d0bf9c45c61c.ta
+# This overrides the path of the output artifact so it won't be
+# included into the system image
+local_module_path := $(PRODUCT_OUT)/system/lib/teetz
+local_module_ta_name := tee_socket_ta
+
+include $(TDK_PATH)/aosp_optee.mk
diff --git a/demos/optee_test/ta/storage/Android.mk b/demos/optee_test/ta/storage/Android.mk
index bb8e35d..0516078 100644
--- a/demos/optee_test/ta/storage/Android.mk
+++ b/demos/optee_test/ta/storage/Android.mk
@@ -1,55 +1,9 @@
-LOCAL_PATH:= $(call my-dir)
-TDK_PATH:=../../../../ta_export
-TA_BINARY=b689f2a7-8adf-477a-9f99-32e90c0ad0a2
-TA_CROSS_COMPILE=arm-linux-gnueabihf-
-TA_EXPORT_DIR := out/target/product/$(TARGET_BOOTLOADER_BOARD_NAME)/system/lib/teetz
-OUTPUT_DIR := ../../out/ta/$(notdir $(LOCAL_PATH))
-
-include $(CLEAR_VARS)
-
-$(info $(shell make CROSS_COMPILE=$(TA_CROSS_COMPILE) -C $(LOCAL_PATH) O=$(OUTPUT_DIR)  TA_DEV_KIT_DIR=$(TDK_PATH)))
-
-$(info $(shell if [ ! -e $(TA_EXPORT_DIR) ]; then mkdir -p $(TA_EXPORT_DIR); fi))
-
-ta_file := $(OUTPUT_DIR)/$(TA_BINARY).ta
-
-ifeq ($(TARGET_ENABLE_TA_SIGN), true)
-$(info $(shell $(TA_GEN_CERT_TOOL) --root_rsa_key=$(TA_ROOT_PRIV_KEY) \
-		--ta_rsa_key=$(TA_USER_PUB_KEY) \
-		--uuid=$(TA_BINARY) \
-		--ta_rsa_key_sig=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_rsa_key.sig \
-		--root_aes_key=$(TA_ROOT_AES_KEY) \
-		--ta_aes_key=$(TA_USER_AES_KEY) \
-		--ta_aes_iv=$(TA_USER_AES_IV) \
-		--ta_aes_key_iv_enc=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_aes_key_enc.bin ))
-$(info $(shell $(TA_SIGN_TOOL) --ta_rsa_key=$(TA_USER_PRIV_KEY) \
-		--ta_rsa_key_sig=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_rsa_key.sig \
-		--ta_aes_key=$(TA_USER_AES_KEY) \
-		--ta_aes_iv=$(TA_USER_AES_IV) \
-		--ta_aes_key_iv_enc=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_aes_key_enc.bin \
-		--in=$(LOCAL_PATH)/$(OUTPUT_DIR)/$(TA_BINARY).ta \
-		--out=$(LOCAL_PATH)/$(OUTPUT_DIR)/$(TA_BINARY).ta ))
-$(info $(shell rm -f $(LOCAL_PATH)/$(OUTPUT_DIR)/ta_rsa_key.sig ))
-$(info $(shell rm -f $(LOCAL_PATH)/$(OUTPUT_DIR)/ta_aes_key_enc.bin ))
-endif
-
-$(info $(shell mkdir -p $(PRODUCT_OUT)/obj/lib))
-$(info $(shell cp -vf $(LOCAL_PATH)/$(OUTPUT_DIR)/$(TA_BINARY).ta $(PRODUCT_OUT)/obj/lib))
-
-LOCAL_MODULE := $(TA_BINARY)
-LOCAL_SRC_FILES := $(ta_file)
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_CLASS := SHARED_LIBRARIES
-LOCAL_MODULE_SUFFIX := .ta
-LOCAL_MODULE_PATH := $(TA_EXPORT_DIR)
-LOCAL_STRIP_MODULE := false
-include $(BUILD_PREBUILT)
-
-include $(CLEAR_VARS)
-LOCAL_MODULE := tee_storage_ta
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_CLASS := SHARED_LIBRARIES
-
-LOCAL_REQUIRED_MODULES := $(TA_BINARY)
-
-include $(BUILD_PHONY_PACKAGE)
+LOCAL_PATH := $(call my-dir)
+TDK_PATH := $(realpath $(TOP))/vendor/amlogic/tdk
+local_module := b689f2a7-8adf-477a-9f99-32e90c0ad0a2.ta
+# This overrides the path of the output artifact so it won't be
+# included into the system image
+local_module_path := $(PRODUCT_OUT)/system/lib/teetz
+local_module_ta_name := tee_storage_ta
+
+include $(TDK_PATH)/aosp_optee.mk
diff --git a/demos/optee_test/ta/storage2/Android.mk b/demos/optee_test/ta/storage2/Android.mk
index e87fe9a..fa3dde2 100644
--- a/demos/optee_test/ta/storage2/Android.mk
+++ b/demos/optee_test/ta/storage2/Android.mk
@@ -1,55 +1,9 @@
-LOCAL_PATH:= $(call my-dir)
-TDK_PATH:=../../../../ta_export
-TA_BINARY=731e279e-aafb-4575-a771-38caa6f0cca6
-TA_CROSS_COMPILE=arm-linux-gnueabihf-
-TA_EXPORT_DIR := out/target/product/$(TARGET_BOOTLOADER_BOARD_NAME)/system/lib/teetz
-OUTPUT_DIR := ../../out/ta/$(notdir $(LOCAL_PATH))
-
-include $(CLEAR_VARS)
-
-$(info $(shell make CROSS_COMPILE=$(TA_CROSS_COMPILE) -C $(LOCAL_PATH) O=$(OUTPUT_DIR) TA_DEV_KIT_DIR=$(TDK_PATH)))
-
-$(info $(shell if [ ! -e $(TA_EXPORT_DIR) ]; then mkdir -p $(TA_EXPORT_DIR); fi))
-
-ta_file := $(OUTPUT_DIR)/$(TA_BINARY).ta
-
-ifeq ($(TARGET_ENABLE_TA_SIGN), true)
-$(info $(shell $(TA_GEN_CERT_TOOL) --root_rsa_key=$(TA_ROOT_PRIV_KEY) \
-		--ta_rsa_key=$(TA_USER_PUB_KEY) \
-		--uuid=$(TA_BINARY) \
-		--ta_rsa_key_sig=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_rsa_key.sig \
-		--root_aes_key=$(TA_ROOT_AES_KEY) \
-		--ta_aes_key=$(TA_USER_AES_KEY) \
-		--ta_aes_iv=$(TA_USER_AES_IV) \
-		--ta_aes_key_iv_enc=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_aes_key_enc.bin ))
-$(info $(shell $(TA_SIGN_TOOL) --ta_rsa_key=$(TA_USER_PRIV_KEY) \
-		--ta_rsa_key_sig=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_rsa_key.sig \
-		--ta_aes_key=$(TA_USER_AES_KEY) \
-		--ta_aes_iv=$(TA_USER_AES_IV) \
-		--ta_aes_key_iv_enc=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_aes_key_enc.bin \
-		--in=$(LOCAL_PATH)/$(OUTPUT_DIR)/$(TA_BINARY).ta \
-		--out=$(LOCAL_PATH)/$(OUTPUT_DIR)/$(TA_BINARY).ta ))
-$(info $(shell rm -f $(LOCAL_PATH)/$(OUTPUT_DIR)/ta_rsa_key.sig ))
-$(info $(shell rm -f $(LOCAL_PATH)/$(OUTPUT_DIR)/ta_aes_key_enc.bin ))
-endif
-
-$(info $(shell mkdir -p $(PRODUCT_OUT)/obj/lib))
-$(info $(shell cp -vf $(LOCAL_PATH)/$(OUTPUT_DIR)/$(TA_BINARY).ta $(PRODUCT_OUT)/obj/lib))
-
-LOCAL_MODULE := $(TA_BINARY)
-LOCAL_SRC_FILES := $(ta_file)
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_CLASS := SHARED_LIBRARIES
-LOCAL_MODULE_SUFFIX := .ta
-LOCAL_MODULE_PATH := $(TA_EXPORT_DIR)
-LOCAL_STRIP_MODULE := false
-include $(BUILD_PREBUILT)
-
-include $(CLEAR_VARS)
-LOCAL_MODULE := tee_storage2_ta
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_CLASS := SHARED_LIBRARIES
-
-LOCAL_REQUIRED_MODULES := $(TA_BINARY)
-
-include $(BUILD_PHONY_PACKAGE)
+LOCAL_PATH := $(call my-dir)
+TDK_PATH := $(realpath $(TOP))/vendor/amlogic/tdk
+local_module := 731e279e-aafb-4575-a771-38caa6f0cca6.ta
+# This overrides the path of the output artifact so it won't be
+# included into the system image
+local_module_path := $(PRODUCT_OUT)/system/lib/teetz
+local_module_ta_name := tee_storage2_ta
+
+include $(TDK_PATH)/aosp_optee.mk
diff --git a/demos/optee_test/ta/storage_benchmark/Android.mk b/demos/optee_test/ta/storage_benchmark/Android.mk
index c3c708b..d036c8b 100644
--- a/demos/optee_test/ta/storage_benchmark/Android.mk
+++ b/demos/optee_test/ta/storage_benchmark/Android.mk
@@ -1,55 +1,9 @@
-LOCAL_PATH:= $(call my-dir)
-TDK_PATH:=../../../../ta_export
-TA_BINARY=f157cda0-550c-11e5-a6fa-0002a5d5c51b
-TA_CROSS_COMPILE=arm-linux-gnueabihf-
-TA_EXPORT_DIR := out/target/product/$(TARGET_BOOTLOADER_BOARD_NAME)/system/lib/teetz
-OUTPUT_DIR := ../../out/ta/$(notdir $(LOCAL_PATH))
-
-include $(CLEAR_VARS)
-
-$(info $(shell make CROSS_COMPILE=$(TA_CROSS_COMPILE) -C $(LOCAL_PATH) O=$(OUTPUT_DIR) TA_DEV_KIT_DIR=$(TDK_PATH)))
-
-$(info $(shell if [ ! -e $(TA_EXPORT_DIR) ]; then mkdir -p $(TA_EXPORT_DIR); fi))
-
-ta_file := $(OUTPUT_DIR)/$(TA_BINARY).ta
-
-ifeq ($(TARGET_ENABLE_TA_SIGN), true)
-$(info $(shell $(TA_GEN_CERT_TOOL) --root_rsa_key=$(TA_ROOT_PRIV_KEY) \
-		--ta_rsa_key=$(TA_USER_PUB_KEY) \
-		--uuid=$(TA_BINARY) \
-		--ta_rsa_key_sig=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_rsa_key.sig \
-		--root_aes_key=$(TA_ROOT_AES_KEY) \
-		--ta_aes_key=$(TA_USER_AES_KEY) \
-		--ta_aes_iv=$(TA_USER_AES_IV) \
-		--ta_aes_key_iv_enc=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_aes_key_enc.bin ))
-$(info $(shell $(TA_SIGN_TOOL) --ta_rsa_key=$(TA_USER_PRIV_KEY) \
-		--ta_rsa_key_sig=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_rsa_key.sig \
-		--ta_aes_key=$(TA_USER_AES_KEY) \
-		--ta_aes_iv=$(TA_USER_AES_IV) \
-		--ta_aes_key_iv_enc=$(LOCAL_PATH)/$(OUTPUT_DIR)/ta_aes_key_enc.bin \
-		--in=$(LOCAL_PATH)/$(OUTPUT_DIR)/$(TA_BINARY).ta \
-		--out=$(LOCAL_PATH)/$(OUTPUT_DIR)/$(TA_BINARY).ta ))
-$(info $(shell rm -f $(LOCAL_PATH)/$(OUTPUT_DIR)/ta_rsa_key.sig ))
-$(info $(shell rm -f $(LOCAL_PATH)/$(OUTPUT_DIR)/ta_aes_key_enc.bin ))
-endif
-
-$(info $(shell mkdir -p $(PRODUCT_OUT)/obj/lib))
-$(info $(shell cp -vf $(LOCAL_PATH)/$(OUTPUT_DIR)/$(TA_BINARY).ta $(PRODUCT_OUT)/obj/lib))
-
-LOCAL_MODULE := $(TA_BINARY)
-LOCAL_SRC_FILES := $(ta_file)
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_CLASS := SHARED_LIBRARIES
-LOCAL_MODULE_SUFFIX := .ta
-LOCAL_MODULE_PATH := $(TA_EXPORT_DIR)
-LOCAL_STRIP_MODULE := false
-include $(BUILD_PREBUILT)
-
-include $(CLEAR_VARS)
-LOCAL_MODULE := tee_storage_benchmark_ta
-LOCAL_MODULE_TAGS := optional
-LOCAL_MODULE_CLASS := SHARED_LIBRARIES
-
-LOCAL_REQUIRED_MODULES := $(TA_BINARY)
-
-include $(BUILD_PHONY_PACKAGE)
+LOCAL_PATH := $(call my-dir)
+TDK_PATH := $(realpath $(TOP))/vendor/amlogic/tdk
+local_module := f157cda0-550c-11e5-a6fa-0002a5d5c51b.ta
+# This overrides the path of the output artifact so it won't be
+# included into the system image
+local_module_path := $(PRODUCT_OUT)/system/lib/teetz
+local_module_ta_name := tee_storage_benchmark_ta
+
+include $(TDK_PATH)/aosp_optee.mk
diff --git a/linuxdriver/Android.mk b/linuxdriver/Android.mk
index 7ede93d..8b96dc2 100644
--- a/linuxdriver/Android.mk
+++ b/linuxdriver/Android.mk
@@ -6,46 +6,65 @@ KERNEL_DIR := kernel/common_3.14
 else
 KERNEL_DIR := common
 endif
-KERNEL_OUT_DIR := out/target/product/$(TARGET_BOOTLOADER_BOARD_NAME)/obj/KERNEL_OBJ
-KERNEL_ARCH := arm64
-PREFIX_CROSS_COMPILE := aarch64-linux-gnu-
-KERNEL_CONFIG=meson64_defconfig
 
-include $(CLEAR_VARS)
-$(info $(shell if [ ! -d $(KERNEL_OUT_DIR) ]; then mkdir -p $(KERNEL_OUT_DIR); fi))
-
-$(info $(shell if [ ! -e $(KERNEL_OUT_DIR)/include/generated/autoconf.h ]; then $(MAKE) -C $(KERNEL_DIR) O=../$(KERNEL_OUT_DIR) ARCH=$(KERNEL_ARCH) CROSS_COMPILE=$(PREFIX_CROSS_COMPILE) $(KERNEL_CONFIG); fi))
-
-$(info $(shell if [ ! -e $(KERNEL_OUT_DIR)/include/generated/autoconf.h ]; then $(MAKE) -C $(KERNEL_DIR) O=../$(KERNEL_OUT_DIR) ARCH=$(KERNEL_ARCH) CROSS_COMPILE=$(PREFIX_CROSS_COMPILE) modules_prepare; fi))
-
-$(info $(shell $(MAKE) -C $(shell pwd)/$(KERNEL_OUT_DIR) M=$(shell pwd)/vendor/amlogic/tdk/linuxdriver/ ARCH=$(KERNEL_ARCH) CROSS_COMPILE=$(PREFIX_CROSS_COMPILE) modules))
+ANDROID_ROOT_ABS := $(realpath $(TOP))
 
-$(info $(shell mkdir -p $(PRODUCT_OUT)/obj/lib))
-$(info $(shell cp -vf $(LOCAL_PATH)/optee/optee_armtz.ko $(PRODUCT_OUT)/obj/lib))
-$(info $(shell cp -vf $(LOCAL_PATH)/optee.ko $(PRODUCT_OUT)/obj/lib))
-
-armtz_ko_file := $(wildcard $(LOCAL_PATH)/optee/*.ko)
-armtz_ko_file := $(patsubst $(LOCAL_PATH)/optee/%,%,$(armtz_ko_file))
+include $(CLEAR_VARS)
 
-core_ko_file := $(wildcard $(LOCAL_PATH)/*.ko)
-core_ko_file := $(patsubst $(LOCAL_PATH)/%,%,$(core_ko_file))
+define gen_autoconf
+if [ ! -d $(ANDROID_ROOT_ABS)/$(KERNEL_OUT_DIR) ]; \
+	   then mkdir -p $(ANDROID_ROOT_ABS)/$(KERNEL_OUT_DIR); fi
+if [ ! -e $(ANDROID_ROOT_ABS)/$(KERNEL_OUT_DIR)/include/generated/autoconf.h ];\
+	   then $(MAKE) -C $(ANDROID_ROOT_ABS)/common \
+	   O=$(ANDROID_ROOT_ABS)/$(KERNEL_OUT_DIR) \
+	   ARCH=$(KERNEL_ARCH) CROSS_COMPILE=$(PREFIX_CROSS_COMPILE) \
+	   $(KERNEL_CONFIG); \
+	   fi
+if [ ! -e $(ANDROID_ROOT_ABS)/$(KERNEL_OUT_DIR)/scripts/mod/modpost ]; then \
+	   $(MAKE) -C $(ANDROID_ROOT_ABS)/common \
+	   O=$(ANDROID_ROOT_ABS)/$(KERNEL_OUT_DIR) \
+	   ARCH=$(KERNEL_ARCH) CROSS_COMPILE=$(PREFIX_CROSS_COMPILE) \
+	   modules_prepare; \
+	   fi
+endef
 
+phony_object := optee.ko
 include $(CLEAR_VARS)
 LOCAL_MODULE := optee_armtz
-LOCAL_SRC_FILES := optee/$(armtz_ko_file)
+LOCAL_PREBUILT_MODULE_FILE := $(LOCAL_PATH)/optee/$(LOCAL_MODULE).ko
 LOCAL_MODULE_TAGS := optional
 LOCAL_MODULE_CLASS := SHARED_LIBRARIES
 LOCAL_MODULE_SUFFIX := .ko
 LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)/boot
 LOCAL_STRIP_MODULE := false
+
+$(LOCAL_PREBUILT_MODULE_FILE): $(phony_object)
+
 include $(BUILD_PREBUILT)
 
 include $(CLEAR_VARS)
 LOCAL_MODULE := optee
-LOCAL_SRC_FILES := $(core_ko_file)
+LOCAL_PREBUILT_MODULE_FILE := $(LOCAL_PATH)/$(LOCAL_MODULE).ko
 LOCAL_MODULE_TAGS := optional
 LOCAL_MODULE_CLASS := SHARED_LIBRARIES
 LOCAL_MODULE_SUFFIX := .ko
 LOCAL_MODULE_PATH := $(TARGET_ROOT_OUT)/boot
 LOCAL_STRIP_MODULE := false
+
+$(LOCAL_PREBUILT_MODULE_FILE): $(phony_object)
+
 include $(BUILD_PREBUILT)
+
+.PHONY:FORCE
+
+$(phony_object): KERNEL_OUT_DIR := $(PRODUCT_OUT)/obj/KERNEL_OBJ
+$(phony_object): KERNEL_ARCH := arm64
+$(phony_object): PREFIX_CROSS_COMPILE := aarch64-linux-gnu-
+$(phony_object): KERNEL_CONFIG = meson64_defconfig
+$(phony_object): FORCE
+	$(gen_autoconf)
+	$(MAKE) -C $(ANDROID_ROOT_ABS)/$(KERNEL_OUT_DIR) \
+	M=$(ANDROID_ROOT_ABS)/vendor/amlogic/tdk/linuxdriver/ \
+	ARCH=$(KERNEL_ARCH) CROSS_COMPILE=$(PREFIX_CROSS_COMPILE) modules
+
+FORCE:
diff --git a/ta_export/scripts/sign_ta.py b/ta_export/scripts/sign_ta.py
index c52c223..f4c5593 100755
--- a/ta_export/scripts/sign_ta.py
+++ b/ta_export/scripts/sign_ta.py
@@ -72,6 +72,7 @@ def main():
 		aes_iv = struct.pack('<IIII', \
 			0x0, 0x0, 0x0, 0x0)
 		enc_aes_key = aes_key
+		enc_aes_key_len = len(enc_aes_key) + 2 * len(aes_iv)
 	else:
 		aes_key_type = 2
 		f = open(args.ta_aes_key, 'rb')
@@ -155,6 +156,8 @@ def main():
 	f = open(args.out, 'wb')
 	f.write(shdr)
 	f.write(enc_aes_key)
+	skip_len = shdr_len + enc_aes_key_len
+	f.seek(skip_len)
 	f.write(h_elf.digest())
 	f.write(sig_ta)
 
diff --git a/ta_export/scripts/sign_ta_auto.py b/ta_export/scripts/sign_ta_auto.py
index c4f8f34..3dd331b 100755
--- a/ta_export/scripts/sign_ta_auto.py
+++ b/ta_export/scripts/sign_ta_auto.py
@@ -19,6 +19,8 @@ def get_args():
 	parser = ArgumentParser()
 	parser.add_argument('--in', required=True, dest='inf', help='unsigned ta file')
 	parser.add_argument('--out', type=str, default='null', help='signed ta file')
+	parser.add_argument('--encrypt', type=int, default=0, help='0 means no \
+			encryption')
 
 	return parser.parse_args()
 
@@ -42,6 +44,7 @@ def main():
 
 	# parse arguments
 	args = get_args()
+	target_path = os.path.abspath(os.path.dirname(args.inf));
 	if args.out == 'null':
 		args.out = args.inf
 
@@ -51,26 +54,28 @@ def main():
 	cmd1.extend(["--root_rsa_key=" + file_path + "/../keys/root_rsa_prv_key.pem"])
 	cmd1.extend(["--ta_rsa_key=" + file_path + "/../keys/ta_rsa_pub_key.pem"])
 	cmd1.extend(["--uuid=" + uuid])
-	cmd1.extend(["--ta_rsa_key_sig=" + file_path + "/ta_rsa_key.sig"])
+	cmd1.extend(["--ta_rsa_key_sig=" + target_path + "/ta_rsa_key.sig"])
 	cmd1.extend(["--root_aes_key=" + file_path + "/../keys/root_aes_key.bin"])
 	cmd1.extend(["--ta_aes_key=" + file_path + "/../keys/ta_aes_key.bin"])
 	cmd1.extend(["--ta_aes_iv=" + file_path + "/../keys/ta_aes_iv.bin"])
-	cmd1.extend(["--ta_aes_key_iv_enc=" + file_path + "/ta_aes_key_enc.bin"])
+	cmd1.extend(["--ta_aes_key_iv_enc=" + target_path + "/ta_aes_key_enc.bin"])
 	sub = subprocess.Popen(cmd1)
 	sub.communicate()
 
 	cmd2.extend(["--ta_rsa_key=" + file_path + "/../keys/ta_rsa_prv_key.pem"])
-	cmd2.extend(["--ta_rsa_key_sig=" + file_path + "/ta_rsa_key.sig"])
-	cmd2.extend(["--ta_aes_key=" + file_path + "/../keys/ta_aes_key.bin"])
+	cmd2.extend(["--ta_rsa_key_sig=" + target_path + "/ta_rsa_key.sig"])
+	if args.encrypt != 0:
+		cmd2.extend(["--ta_aes_key=" + file_path + "/../keys/ta_aes_key.bin"])
+
 	cmd2.extend(["--ta_aes_iv=" + file_path + "/../keys/ta_aes_iv.bin"])
-	cmd2.extend(["--ta_aes_key_iv_enc=" + file_path + "/ta_aes_key_enc.bin"])
+	cmd2.extend(["--ta_aes_key_iv_enc=" + target_path + "/ta_aes_key_enc.bin"])
 	cmd2.extend(["--in=" + args.inf])
 	cmd2.extend(["--out=" + args.out])
 	sub = subprocess.Popen(cmd2)
 	sub.communicate()
 
-	os.remove(sys.path[0] + "/ta_rsa_key.sig")
-	os.remove(sys.path[0] + "/ta_aes_key_enc.bin")
+	os.remove(target_path + "/ta_rsa_key.sig")
+	os.remove(target_path + "/ta_aes_key_enc.bin")
 
 if __name__ == "__main__":
 	main()