efi-boot-shim.git/Makefile, branch 15.7

Update version to 15.7

2022-11-16T21:35:47+00:00

Signed-off-by: Peter Jones

Make SBAT variable payload introspectable

2022-08-03T18:54:57+00:00

Given a set of EFI variables and boot assets, it should be possible to compute what the value of PCR 7 will be on the next boot. As shim manages the contents of the SbatLevel variable and this is measured to PCR 7, export the payloads that shim contains in a new COFF section (.sbatlevel) so that it can be introspected by code outside of shim. The new section works a bit like .vendor_cert - it contains a header and then the payload. In this case, the header contains no size fields because the strings are NULL terminated. Shim uses this new section internally in set_sbat_uefi_variable. The .sbatlevel section starts with a 4 byte version field which is not used by shim but may be useful for external auditors if the format of the section contents change in the future. Signed-off-by: Chris Coulson

bump version to shim-15.6

2022-06-01T18:25:48+00:00

Signed-off-by: Peter Jones

shim-15.6~rc2

2022-05-31T19:17:14+00:00

Signed-off-by: Peter Jones

shim-15.6~rc1

2022-05-24T20:09:39+00:00

make: unbreak scan-build again for gnu-efi

2022-05-18T20:37:23+00:00

When using clang-analyzer, scan-build sets CC to /usr/bin/../libexec/ccc-analyzer, which for whatever reason when we're in the sub-make to build gnu-efi, then gets confused and invokes gcc rather than clang. This causes gnu-efi's attempt to check which compiler it's using to fail, because "/usr/bin/../libexec/ccc-analyzer -v" invokes GCC. At that point ccc-analyzer complains that it can't find the clang invocation in its own output, which it chose not to use clang for, as such: /usr/bin/../libexec/ccc-analyzer -I/home/pjones/devel/github.com/shim/worktree/gnu-efi//lib -I/home/pjones/devel/github.com/shim/worktree/gnu-efi/inc -I/home/pjones/devel/github.com/shim/worktree/gnu-efi/inc/x86_64 -I/home/pjones/devel/github.com/shim/worktree/gnu-efi/inc/protocol -Wno-error=pragmas -mno-red-zone -mno-avx -fpic -Os -Wall -Wextra -Wno-missing-field-initializers -Werror -fshort-wchar -fno-strict-aliasing -ffreestanding -fno-stack-protector -fno-stack-check -nostdinc -isystem /home/pjones/devel/github.com/shim/worktree/gnu-efi/../include/system -isystem /usr/lib/gcc/x86_64-redhat-linux/11/include -DCONFIG_x86_64 -DGNU_EFI_USE_MS_ABI -DGNU_EFI_USE_EXTERNAL_STDARG -maccumulate-outgoing-args --std=c11 -c /home/pjones/devel/github.com/shim/worktree/gnu-efi//lib/smbios.c -o smbios.o could not find clang line make[3]: *** [/home/pjones/devel/github.com/shim/worktree/gnu-efi//lib/../Make.rules:52: smbios.o] Error 1 This patch passes CCC_CC=$(COMPILER) to the gnu-efi sub-make, which forces ccc-analyzer to use $(COMPILER), which is still clang. Signed-off-by: Peter Jones

make: don't treat cert.S specially

2022-05-17T22:01:58+00:00

Signed-off-by: Peter Jones

Update to version 15.5

2022-02-15T18:06:21+00:00

Mark this officially as shim 15.5 Signed-off-by: Robbie Harwood

Remove post-proccess-pe on 'make clean'

2022-02-03T18:52:28+00:00

This resolves issue #442 Signed-off-by: Peter Jones

Fix the version string for -rc2

2022-02-03T18:52:15+00:00

Signed-off-by: Peter Jones