efi-boot-shim.git/Make.defaults, branch 15.2 (mirror of https://github.com/vyos/efi-boot-shim.git)
https://git.amelek.net/vyos/efi-boot-shim.git/atom?h=15.22020-07-24T02:22:04+00:00Add support for vendor_db built-in shim authorized list.2020-07-24T02:22:04+00:00Peter Jonespjones@redhat.com2020-07-23T16:36:56+00:00urn:sha1:dd3a5d71252a1f94e37f1a4c8841d253630b305a
Potential new signing strategies ( for example signing grub, fwupdate
and vmlinuz with separate certificates ) require shim to support a
vendor provided bundle of trusted certificates and hashes, which allows
shim to trust EFI binaries matching either certificate by signature or
hash in the vendor_db. Functionality is similar to vendor_dbx.
This also improves the mirroring quite a bit.
Upstream: pr#206
Once again, try even harder to get binaries without timestamps in them.2020-07-24T00:52:12+00:00Peter Jonespjones@redhat.com2019-03-15T13:52:02+00:00urn:sha1:10d6e3d90f1ea504a1dedaea50478c444e92951c
$ objdump -x /builddir/build/BUILDROOT/shim-*/usr/share/shim/*/shimx64.efi | grep 'Time/Date'
Time/Date Thu Jan 1 00:00:08 1970
$ _
"What is despair? I have known it—hear my song. Despair is when you’re
debugging a kernel driver and you look at a memory dump and you see that
a pointer has a value of 7."
- http://scholar.harvard.edu/files/mickens/files/thenightwatch.pdf
objcopy only knows about -D for some targets.
ld only believes in --no-insert-timestamp in some versions.
dd takes off and nukes the site from orbit.
It's the only way to be sure.
Signed-off-by: Peter Jones <pjones@redhat.com>
Upstream-commit-id: a4a1fbe728c
Make.default: use correct flags to disable unaligned access for 32 bit ARM2020-07-24T00:52:12+00:00Peter Korsgaardpeter@korsgaard.com2019-01-10T22:34:11+00:00urn:sha1:7f080b30f3c3718d6b2533f62a50f373fd2cda21
The GCC flag to disable unaligned access on 32bit ARM is
-mno-unaligned-access, not -mstrict-align (which is used on aarch64):
https://lkml.org/lkml/2018/8/3/294
Otherwise build dies with:
arm-linux-gnueabihf-gcc: error: unrecognized command line option
‘-mstrict-align’; did you mean ‘-Wstrict-aliasing’?
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Upstream-commit-id: 41b93358e8c
Makefiles: ensure -m32 gets propogated to our gcc parameter queries2020-07-24T00:51:18+00:00Peter Jonespjones@redhat.com2018-04-12T17:24:48+00:00urn:sha1:32f71225382ddb7dd1ad51f584bc3d42a7ee39d1
'gcc -print-file-name=include' and 'gcc -print-libgcc-file-name' both
need -m32 when we're building 32-on-64 on some distros, so ensure that
gets propogated correctly.
Signed-off-by: Peter Jones <pjones@redhat.com>
Upstream-commit-id: 104d6e54ac7
Work around clang bugs for scan-build.2018-03-15T15:23:26+00:00Peter Jonespjones@redhat.com2018-03-15T15:13:25+00:00urn:sha1:138deeff23707b2db46bbb5c90f1c08bd4b2a429
I don't think the x86 binaries clang builds will actually work unless
they just infer -maccumulate-outgoing-args from __attribute__((__ms_abi__),
but it's nice to have the analyzer working.
Signed-off-by: Peter Jones <pjones@redhat.com>
Make EFI_INCLUDE path configurable during make2018-03-12T20:57:24+00:00Tamas K Lengyeltamas@tklengyel.com2017-10-30T21:18:12+00:00urn:sha1:f29240734b7dd939a7d91d6d82596ec458c1abcb
Signed-off-by: Tamas K Lengyel <lengyelt@ainfosec.com>
Add 'make coverity' target.2018-03-12T20:21:43+00:00Peter Jonespjones@redhat.com2017-09-26T18:19:45+00:00urn:sha1:d184bf10752d92eb44ac23139dce5f0f1ece4d0d
Signed-off-by: Peter Jones <pjones@redhat.com>
Split makefiles up a bit2018-03-12T20:21:43+00:00Peter Jonespjones@redhat.com2017-09-26T18:27:40+00:00urn:sha1:b681123a874aa693fc64b0947fd6459feeab6b33
Signed-off-by: Peter Jones <pjones@redhat.com>