diff options
| author | Matthew Garrett <mjg59@google.com> | 2021-02-19 13:47:10 -0800 |
|---|---|---|
| committer | Jan Setje-Eilers <73182357+jsetje@users.noreply.github.com> | 2021-03-09 13:52:53 -0800 |
| commit | c61bfdc8a34fea1c6ea97ac0fb9c99f34f980381 (patch) | |
| tree | 070202d27c49875740281fe5f02982e9b857fb55 | |
| parent | 6d3f247c323c68f78e810f6f76863ddee76f8532 (diff) | |
| download | efi-boot-shim-c61bfdc8a34fea1c6ea97ac0fb9c99f34f980381.tar.gz efi-boot-shim-c61bfdc8a34fea1c6ea97ac0fb9c99f34f980381.zip | |
build: Import gnu-efi as a submodule and build against it
Shim is rather more friendly with EFI internals than most code, and as a
result can end up making assumptions that are out of step with those made
by gnu-efi. Since both projects are developed independently, and since
distributions are often trying to build versions of shim against whatever
version of gnu-efi they are shipping, this can result in awkward build
failures. The easiest way to handle this is to use a git submodule and
import a known-good version of shim directly into the build tree. Given
static linking, this will also make reproducible builds easier.
Plus some changes from pjones:
- Fix up some more include paths
- more fine grained clean rules
- use our make ARCH
- use an rhboot/ repo for the gnu-efi remote
Signed-off-by: Matthew Garrett <mjg59@google.com>
| -rw-r--r-- | .gitmodules | 4 | ||||
| -rw-r--r-- | Make.defaults | 17 | ||||
| -rw-r--r-- | Makefile | 27 | ||||
| m--------- | gnu-efi | 0 |
4 files changed, 36 insertions, 12 deletions
diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 00000000..2ad8bb84 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,4 @@ +[submodule "gnu-efi"] + path = gnu-efi + url = https://github.com/rhboot/gnu-efi.git + branch = shim-15.3 diff --git a/Make.defaults b/Make.defaults index f079b227..bef3cb51 100644 --- a/Make.defaults +++ b/Make.defaults @@ -40,10 +40,10 @@ endif SUBDIRS = $(TOPDIR)/Cryptlib $(TOPDIR)/lib -EFI_INCLUDE ?= /usr/include/efi +EFI_INCLUDE ?= $(TOPDIR)/gnu-efi/inc EFI_INCLUDES = -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol override EFI_INCLUDES := $(EFI_INCLUDES) -EFI_CRT_OBJS = $(EFI_PATH)/crt0-efi-$(ARCH).o +EFI_CRT_OBJS = $(EFI_PATH)/crt0-efi-$(ARCH_GNUEFI).o EFI_LDS = $(TOPDIR)/elf_$(ARCH)_efi.lds CLANG_BUGS = $(if $(findstring gcc,$(CC)),-maccumulate-outgoing-args,) @@ -56,7 +56,7 @@ ifeq ($(ARCH),x86_64) -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI \ -DNO_BUILTIN_VA_FUNCS -DMDE_CPU_X64 \ -DPAGE_SIZE=4096 - LIBDIR ?= $(prefix)/lib64 + ARCH_GNUEFI ?= x86_64 ARCH_SUFFIX ?= x64 ARCH_SUFFIX_UPPER ?= X64 ARCH_LDFLAGS ?= @@ -66,7 +66,7 @@ ifeq ($(ARCH),ia32) ARCH_CFLAGS ?= -mno-mmx -mno-sse -mno-red-zone -nostdinc \ $(CLANG_BUGS) -m32 \ -DMDE_CPU_IA32 -DPAGE_SIZE=4096 - LIBDIR ?= $(prefix)/lib + ARCH_GNUEFI ?= ia32 ARCH_SUFFIX ?= ia32 ARCH_SUFFIX_UPPER ?= IA32 ARCH_LDFLAGS ?= @@ -75,7 +75,7 @@ ifeq ($(ARCH),ia32) endif ifeq ($(ARCH),aarch64) ARCH_CFLAGS ?= -DMDE_CPU_AARCH64 -DPAGE_SIZE=4096 -mstrict-align - LIBDIR ?= $(prefix)/lib64 + ARCH_GNUEFI ?= aarch64 ARCH_SUFFIX ?= aa64 ARCH_SUFFIX_UPPER ?= AA64 FORMAT := -O binary @@ -86,7 +86,7 @@ ifeq ($(ARCH),aarch64) endif ifeq ($(ARCH),arm) ARCH_CFLAGS ?= -DMDE_CPU_ARM -DPAGE_SIZE=4096 -mno-unaligned-access - LIBDIR ?= $(prefix)/lib + ARCH_GNUEFI ?= arm ARCH_SUFFIX ?= arm ARCH_SUFFIX_UPPER ?= ARM FORMAT := -O binary @@ -101,7 +101,7 @@ DEFINES = -DDEFAULT_LOADER='L"$(DEFAULT_LOADER)"' \ INCLUDES = -nostdinc \ -I$(shell $(CC) $(ARCH_CFLAGS) -print-file-name=include) \ -I$(TOPDIR)/Cryptlib -I$(TOPDIR)/Cryptlib/Include \ - -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol \ + -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH_GNUEFI) -I$(EFI_INCLUDE)/protocol \ -I$(TOPDIR)/include -iquote $(TOPDIR) -iquote $(shell pwd) override DEFAULT_FEATUREFLAGS = \ @@ -150,7 +150,8 @@ endif LIB_GCC = $(shell $(CC) $(ARCH_CFLAGS) -print-libgcc-file-name) EFI_LIBS = -lefi -lgnuefi --start-group Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a --end-group $(LIB_GCC) FORMAT ?= --target efi-app-$(ARCH) -EFI_PATH ?= $(shell [ -d $(LIBDIR)/gnuefi ] && echo "$(LIBDIR)/gnuefi" || echo "$(LIBDIR)") +EFI_PATH ?= gnu-efi/$(ARCH_GNUEFI)/gnuefi +LIBDIR ?= gnu-efi/$(ARCH_GNUEFI)/lib MMSTEM ?= mm$(ARCH_SUFFIX) MMNAME = $(MMSTEM).efi @@ -55,6 +55,9 @@ FALLBACK_SRCS = $(foreach source,$(ORIG_FALLBACK_SRCS),$(TOPDIR)/$(source)) all: $(TARGETS) +update : + git submodule update --init --recursive + shim.crt: $(TOPDIR)/make-certs shim shim@xn--u4h.net all codesign 1.3.6.1.4.1.311.10.3.1 </dev/null @@ -105,19 +108,30 @@ $(SHIMNAME) : $(SHIMSONAME) $(MMNAME) : $(MMSONAME) $(FBNAME) : $(FBSONAME) -$(SHIMSONAME): $(OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a +LIBS = Cryptlib/libcryptlib.a \ + Cryptlib/OpenSSL/libopenssl.a \ + lib/lib.a \ + gnu-efi/$(ARCH_GNUEFI)/lib/libefi.a \ + gnu-efi/$(ARCH_GNUEFI)/gnuefi/libgnuefi.a + +$(SHIMSONAME): $(OBJS) $(LIBS) $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) fallback.o: $(FALLBACK_SRCS) -$(FBSONAME): $(FALLBACK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a +$(FBSONAME): $(FALLBACK_OBJS) $(LIBS) $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) MokManager.o: $(MOK_SOURCES) -$(MMSONAME): $(MOK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a +$(MMSONAME): $(MOK_OBJS) $(LIBS) $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) lib/lib.a +gnu-efi/$(ARCH_GNUEFI)/gnuefi/libgnuefi.a gnu-efi/$(ARCH_GNUEFI)/lib/libefi.a: + $(MAKE) -C gnu-efi \ + ARCH=$(ARCH_GNUEFI) TOPDIR=$(TOPDIR)/gnu-efi \ + lib gnuefi inc + Cryptlib/libcryptlib.a: for i in Hash Hmac Cipher Rand Pk Pem SysCall; do mkdir -p Cryptlib/$$i; done $(MAKE) VPATH=$(TOPDIR)/Cryptlib TOPDIR=$(TOPDIR)/Cryptlib -C Cryptlib -f $(TOPDIR)/Cryptlib/Makefile @@ -253,6 +267,11 @@ $(patsubst %.c,%,$(wildcard test-*.c)) : clean-test-objs: @make -f include/test.mk EFI_INCLUDES="$(EFI_INCLUDES)" ARCH_DEFINES="$(ARCH_DEFINES)" clean +clean-gnu-efi: + $(MAKE) -C gnu-efi \ + ARCH=$(ARCH_GNUEFI) TOPDIR=$(TOPDIR)/gnu-efi \ + clean + clean-shim-objs: $(MAKE) -C lib -f $(TOPDIR)/lib/Makefile clean @rm -rvf $(TARGET) *.o $(SHIM_OBJS) $(MOK_OBJS) $(FALLBACK_OBJS) $(KEYS) certdb $(BOOTCSVNAME) @@ -266,7 +285,7 @@ clean-openssl-objs: clean-cryptlib-objs: $(MAKE) -C Cryptlib -f $(TOPDIR)/Cryptlib/Makefile clean -clean: clean-shim-objs clean-test-objs clean-openssl-objs clean-cryptlib-objs +clean: clean-shim-objs clean-test-objs clean-gnu-efi clean-openssl-objs clean-cryptlib-objs GITTAG = $(VERSION) diff --git a/gnu-efi b/gnu-efi new file mode 160000 +Subproject 9aa86c7526a4adc363afe6847bc3a4c8efe6df8 |