efi-boot-shim.git/Make.defaults, branch 15.1

Add support for vendor_db built-in shim whitelist

2020-08-04T19:43:49+00:00

Potential new signing strategies ( for example signing grub, fwupdate and vmlinuz with separate certificates ) require shim to support a vendor provided bundle of trusted certificates and hashes, which allows shim to "whitelist" EFI binaries matching either certificate by signature, or hash in the vendor_db.. Functionality is similar to vendor_dbx ( vendor blacklist ). Patch is a polished version of code, authored by P. Jones. Signed-off-by: Alex Burmashev

Once again, try even harder to get binaries without timestamps in them.

2020-08-04T19:41:11+00:00

$ objdump -x /builddir/build/BUILDROOT/shim-*/usr/share/shim/*/shimx64.efi | grep 'Time/Date' Time/Date Thu Jan 1 00:00:08 1970 $ _ "What is despair? I have known it—hear my song. Despair is when you’re debugging a kernel driver and you look at a memory dump and you see that a pointer has a value of 7." - http://scholar.harvard.edu/files/mickens/files/thenightwatch.pdf objcopy only knows about -D for some targets. ld only believes in --no-insert-timestamp in some versions. dd takes off and nukes the site from orbit. It's the only way to be sure. Signed-off-by: Peter Jones

Work around clang bugs for scan-build.

2018-03-15T15:23:26+00:00

I don't think the x86 binaries clang builds will actually work unless they just infer -maccumulate-outgoing-args from __attribute__((__ms_abi__), but it's nice to have the analyzer working. Signed-off-by: Peter Jones

Make EFI_INCLUDE path configurable during make

2018-03-12T20:57:24+00:00

Signed-off-by: Tamas K Lengyel

Add 'make coverity' target.

2018-03-12T20:21:43+00:00

Signed-off-by: Peter Jones

Split makefiles up a bit

2018-03-12T20:21:43+00:00

Signed-off-by: Peter Jones