Build scripts and tools

KasperskyOS Community Edition includes the following build scripts and tools:

• nk-gen-c

  The NK compiler (nk-gen-c) generates the set of transport methods and types based on the EDL, CDL and IDL descriptions of applications, components and interfaces. The transport methods and types are needed for generating, sending, receiving and processing IPC messages.

• nk-psl-gen-c

  The nk-psl-gen-c compiler generates the source code of the Kaspersky Security Module based on the solution security policy description (security.psl) and the EDL, CDL and IDL descriptions included in the solution.

• einit

  The einit tool lets you automate the creation of code for the Einit initializing program. This program is the first to start when KasperskyOS is loaded. Then it starts all other programs and creates IPC channels between them.

• makekss

  The makekss script creates the Kaspersky Security Module.

• makeimg

  The makeimg script creates the final boot image of the KasperskyOS-based solution with all programs to be started and the Kaspersky Security Module.

nk-gen-c

The NK compiler (nk-gen-c) generates the set of transport methods and types based on the EDL, CDL and IDL descriptions. The transport methods and types are needed for generating, sending, receiving and processing IPC messages.

The NK compiler receives the EDL, CDL or IDL file and creates the following files:

• H file containing a declaration and implementation of transport methods and types.
• D file that lists the dependencies of the created C file. This file can be used for building automation using the make tool.

Syntax for using the NK compiler:

Parameters:

• FILE

  Path to the EDL, CDL or IDL description for which you need to generate transport methods and types.

• -I PATH

  Path to the folder containing auxiliary files required for generating transport methods and types. By default, these files are located in the directory /opt/KasperskyOS-Community-Edition-<version>/sysroot-aarch64-kos/include.

  It may also be used for adding other folders to search for the files required for generating the methods and types.

  To indicate more than one folder. you can use several -I switches.

• -o PATH

  Path to an existing folder where files containing transport methods and types will be created.

• -h, --help

  Displays the Help text.

• --version

  Displays the nk-gen-c version.

• --enforce-alignment-check

  Enables mandatory alignment checks for queries to memory, even if this check is disabled for the target platform. If these checks are enabled, the NK compiler adds additional alignment checks to the code of the IPC message validators.

  By default, memory query alignment check settings are defined for each platform in the file named system.platform.

• --extended-errors

  Enables extended error handling in the code of transport methods.

Selective generation

To reduce the amount of code generated by the NK compiler, you can use selective generation flags. For example, it is convenient to use the --server flag for programs that implement endpoints, and to use the --client flag for programs that are clients of the endpoints.

Selective generation flags for IDL files:

• --types

  The compiler will create only the constants and types, including the redefined ones (typedef), from the input IDL file, and the types from imported IDL files that are used in the types of the input file.

  However, constants and redefined types from imported IDL files will not be explicitly included in the generated files. If you need to use types from imported files in code, you need to separately generate H files for each such IDL file.

• --interface

  The compiler will generate files created with the --types flag, and the structures of request and response messages for all methods of this endpoint.

• --client

  The compiler will generate files created with the --interface flag, and the client proxy objects and functions of their initialization for all methods of this endpoint.

• --server

  The compiler will generate files created with the --interface flag, and the types and methods of the dispatcher of this endpoint.

Selective generation flags for CDL files and EDL files:

• --types

  The compiler will generate files created with the --types flag for all endpoints provided by this component.

  However, only the types that are used in parameters of interface methods will be explicitly included in the generated files.

• --interface

  The compiler will generate files created with the --types flag for this component/process class, and files generated with the --interface flag for all services provided by this component.

• --client

  The compiler will generate files created with the --interface flag, and the client proxy objects and functions of their initialization for all endpoints provided by this component.

• --server

  The compiler will generate files created with the --interface flag, and the types and methods of the dispatcher of this component/process class and the types and methods of dispatchers for all endpoints provided by this component.

nk-psl-gen-c

The nk-psl-gen-c compiler generates the source code of the Kaspersky Security Module based on the solution security policy description and the EDL, CDL and IDL descriptions included in the solution. This code is used by the makekss script.

The nk-psl-gen-c compiler also lets you generate and run code of tests written in the PAL language for the solution security policy.

Syntax for using the nk-psl-gen-c compiler:

Parameters:

• FILE

  Path to the PSL description of the solution security policy (security.psl)

• -I,--include-dir PATH

  Path to the folder containing auxiliary files required for generating transport methods and types. By default, these files are located in the directory /opt/KasperskyOS-Community-Edition-<version>/sysroot-aarch64-kos/include.

  The nk-psl-gen-c compiler will require access to all EDL, CDL and IDL descriptions. To enable the nk-psl-gen-c compiler to find these descriptions, you need to pass the paths to these descriptions using the -I switch.

  To indicate more than one folder. you can use several -I switches.

• -o,--output PATH

  Path to the created file containing the security module code.

• -t, --tests ARG

  Flag for controlling code generation and starting tests for the solution security policy. Possible values:

  • skip means that the code of tests is not generated. This value is used by default if the --tests flag is not indicated.
  • generate means that the code of tests is generated but it is not compiled and is not executed.
  • run means that the code of tests is generated, compiled using the gcc compiler, and executed.
• -a, --audit PATH

  Path to the created file containing the code of the audit decoder.

• -h, --help

  Displays the Help text.

• --version

  Displays the nk-psl-gen-c version.

einit

The einit tool lets you automate the creation of code for the Einit initializing program.

The einit tool receives the solution initialization description (the init.yaml file by default) and EDL, CDL and IDL descriptions, and creates a file containing the source code of the Einit initializing program. Then the Einit program must be built using the C-language cross compiler that is provided in KasperskyOS Community Edition.

Syntax for using the einit tool:

Parameters:

• FILE

  Path to the init.yaml file.

• -I PATH

  Path to the directory containing the auxiliary files (including EDL, CDL and IDL descriptions) required for generating the initializing program. By default, these files are located in the directory /opt/KasperskyOS-Community-Edition-<version>/sysroot-aarch64-kos/include.

• -o, --out-file PATH

  Path to the created .c file containing the code of the initializing program.

• -h, --help

  Displays the Help text.

makekss

The makekss script creates the Kaspersky Security Module.

The script calls the nk-psl-gen-c compiler to generate the source code of the security module, then compiles the resulting code by calling the C compiler that is provided in KasperskyOS Community Edition.

The script creates the security module from the solution security policy description.

Syntax for using the makekss script:

Parameters:

• FILE

  Path to the top-level file of the solution security policy description.

• --target=ARCH

  Processor architecture for which the build is intended.

• --module=-lPATH

  Path to the ksm_kss library. This key is passed to the C compiler for linking to this library.

• --with-nk=PATH

  Path to the nk-psl-gen-c compiler that will be used to generate the source code of the security module. By default, the compiler is located in /opt/KasperskyOS-Community-Edition-<version>/toolchain/bin/nk-psl-gen-c.

• --with-nktype="TYPE"

  Indicates the type of NK compiler that will be used. To use the nk-psl-gen-c compiler, indicate the psl type.

• --with-nkflags="FLAGS"

  Parameters used when calling the nk-psl-gen-c compiler.

  The nk-psl-gen-c compiler will require access to all EDL, CDL and IDL descriptions. To enable the nk-psl-gen-c compiler to find these descriptions, you need to pass the paths to these descriptions in the --with-nkflags parameter by using the -I switch of the nk-psl-gen-c compiler.

• --output=PATH

  Path to the created security module file.

• --with-cc=PATH

  Path to the C compiler that will be used to build the security module. The compiler provided in KasperskyOS Community Edition is used by default.

• --with-cflags=FLAGS

  Parameters used when calling the C compiler.

• -h, --help

  Displays the Help text.

makeimg

The makeimg script creates the final boot image of the KasperskyOS-based solution with all executable files of programs and the Kaspersky Security Module.

The script receives a list of files, including the executable files of all applications that need to be added to ROMFS of the loaded image, and creates the following files:

• Solution image
• Solution image without character tables (.stripped)
• Solution image with debug character tables (.dbg.syms)

Syntax for using the makeimg script:

Parameters:

• FILES

  List of paths to files, including the executable files of all applications that need to be added to ROMFS.

  The security module (ksm.module) must be explicitly specified, or else it will not be included in the solution image. The Einit application does not need to be indicated because it will be automatically included in the solution image.

• --target=ARCH

  Architecture for which the build is intended.

• --sys-root=PATH

  Path to the root directory sysroot. By default, this directory is located in /opt/KasperskyOS-Community-Edition-version/sysroot-aarch64-kos/.

• --with-toolchain=PATH

  Path to the set of auxiliary tools required for the solution build. By default, these tools are located in /opt/KasperskyOS-Community-Edition-<version>/toolchain/.

• --ldscript=PATH

  Path to the linker script required for the solution build. By default, this script is located in /opt/KasperskyOS-Community-Edition-<version>/libexec/aarch64-kos/.

• --img-src=PATH

  Path to the precompiled KasperskyOS kernel. By default, the kernel is located in /opt/KasperskyOS-Community-Edition-<version>/libexec/aarch64-kos/.

• --img-dst=PATH

  Path to the created image file.

• --with-init=PATH

  Path to the executable file of the Einit initializing program.

• --with-extra-asflags=FLAGS

  Additional flags for the AS Assembler.

• --with-extra-ldflags=FLAGS

  Additional flags for the LD Linker.

• -h, --help

  Displays the Help text.