diff options
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | BUILDING | 6 | ||||
| -rw-r--r-- | Make.defaults | 3 | ||||
| -rw-r--r-- | Make.rules | 5 | ||||
| -rw-r--r-- | Makefile | 9 | ||||
| -rw-r--r-- | elf_aarch64_efi.lds | 1 | ||||
| -rw-r--r-- | elf_arm_efi.lds | 1 | ||||
| -rw-r--r-- | elf_ia32_efi.lds | 1 | ||||
| -rw-r--r-- | elf_ia64_efi.lds | 1 | ||||
| -rw-r--r-- | elf_x86_64_efi.lds | 1 |
10 files changed, 28 insertions, 1 deletions
@@ -27,3 +27,4 @@ shim_cert.h version.c cov-int/ scan-results/ +/sbat.*.csv @@ -60,4 +60,10 @@ Variables you could set to customize the build: This is the label that will be put in BOOT$(EFI_ARCH).CSV for your OS. By default this is the same value as EFIDIR . +Vendor SBAT data: +It will sometimes be requested by reviewers that a build includes extra +.sbat data. The mechanism to do so is to add a CSV file in data/ with the +name sbat.FOO.csv, where foo is your EFI subdirectory name. The build +system will automatically include any such files. + # vim:filetype=mail:tw=74 diff --git a/Make.defaults b/Make.defaults index 10e1ad52..8bfcf7e0 100644 --- a/Make.defaults +++ b/Make.defaults @@ -2,6 +2,8 @@ COMPILER ?= gcc CC = $(CROSS_COMPILE)$(COMPILER) LD = $(CROSS_COMPILE)ld OBJCOPY = $(CROSS_COMPILE)objcopy +DOS2UNIX ?= dos2unix +D2UFLAGS ?= -r -l -F -f -n OPENSSL ?= openssl HEXDUMP ?= hexdump INSTALL ?= install @@ -22,7 +24,6 @@ DEBUGSOURCE ?= $(prefix)/src/debug/ OSLABEL ?= $(EFIDIR) DEFAULT_LOADER ?= \\\\grub$(ARCH_SUFFIX).efi DASHJ ?= -j$(shell echo $$(($$(grep -c "^model name" /proc/cpuinfo) + 1))) -SBATPATH ?= data/sbat.csv ARCH ?= $(shell $(CC) -dumpmachine | cut -f1 -d- | sed s,i[3456789]86,ia32,) OBJCOPY_GTE224 = $(shell expr `$(OBJCOPY) --version |grep ^"GNU objcopy" | sed 's/^.*\((.*)\|version\) //g' | cut -f1-2 -d.` \>= 2.24) @@ -1,3 +1,8 @@ define get-config $(shell git config --local --get "shim.$(1)") endef + +define add-vendor-sbat +$(OBJCOPY) --add-section ".$(patsubst %.csv,%,$(1))=$(1)" $(2) + +endef @@ -40,6 +40,7 @@ MOK_OBJS = MokManager.o PasswordCrypt.o crypt_blowfish.o errlog.o sbat.o ORIG_MOK_SOURCES = MokManager.c PasswordCrypt.c crypt_blowfish.c shim.h $(wildcard include/*.h) FALLBACK_OBJS = fallback.o tpm.o errlog.o sbat.o ORIG_FALLBACK_SRCS = fallback.c +SBATPATH = data/sbat.csv ifneq ($(origin ENABLE_HTTPBOOT), undefined) OBJS += httpboot.o @@ -84,9 +85,17 @@ shim.o: $(wildcard $(TOPDIR)/*.h) cert.o : $(TOPDIR)/cert.S $(CC) $(CFLAGS) -c -o $@ $< +sbat.%.csv : data/sbat.%.csv + $(DOS2UNIX) $(D2UFLAGS) $< $@ + tail -c1 $@ | read -r _ || echo >> $@ # ensure a trailing newline + +VENDOR_SBATS := $(foreach x,$(wildcard data/sbat.*.csv),$(notdir $(x))) + +sbat.o : | $(SBATPATH) $(VENDOR_SBATS) sbat.o : $(TOPDIR)/sbat.c $(CC) $(CFLAGS) -c -o $@ $< $(OBJCOPY) --add-section .sbat=$(SBATPATH) $@ + $(foreach vs,$(VENDOR_SBATS),$(call add-vendor-sbat,$(vs),$@)) $(SHIMNAME) : $(SHIMSONAME) $(MMNAME) : $(MMSONAME) diff --git a/elf_aarch64_efi.lds b/elf_aarch64_efi.lds index 48ba8ba2..dfa16e8f 100644 --- a/elf_aarch64_efi.lds +++ b/elf_aarch64_efi.lds @@ -62,6 +62,7 @@ SECTIONS { _sbat = .; *(.sbat) + *(.sbat.*) _esbat = .; } . = ALIGN(4096); diff --git a/elf_arm_efi.lds b/elf_arm_efi.lds index 7d699483..55abd31a 100644 --- a/elf_arm_efi.lds +++ b/elf_arm_efi.lds @@ -60,6 +60,7 @@ SECTIONS { _sbat = .; *(.sbat) + *(.sbat.*) _esbat = .; } . = ALIGN(4096); diff --git a/elf_ia32_efi.lds b/elf_ia32_efi.lds index 043a3583..54cd3fb9 100644 --- a/elf_ia32_efi.lds +++ b/elf_ia32_efi.lds @@ -58,6 +58,7 @@ SECTIONS { _sbat = .; *(.sbat) + *(.sbat.*) _esbat = .; } . = ALIGN(4096); diff --git a/elf_ia64_efi.lds b/elf_ia64_efi.lds index ce2e34cb..ae10149d 100644 --- a/elf_ia64_efi.lds +++ b/elf_ia64_efi.lds @@ -60,6 +60,7 @@ SECTIONS { _sbat = .; *(.sbat) + *(.sbat.*) _esbat = .; } . = ALIGN(4096); diff --git a/elf_x86_64_efi.lds b/elf_x86_64_efi.lds index 3e1f1385..af3a0714 100644 --- a/elf_x86_64_efi.lds +++ b/elf_x86_64_efi.lds @@ -63,6 +63,7 @@ SECTIONS { _sbat = .; *(.sbat) + *(.sbat.*) _esbat = .; } . = ALIGN(4096); |