diff options
Diffstat (limited to 'Makefile')
| -rw-r--r-- | Makefile | 115 |
1 files changed, 78 insertions, 37 deletions
@@ -1,7 +1,7 @@ default : all NAME = shim -VERSION = 15 +VERSION = 15.3 ifneq ($(origin RELEASE),undefined) DASHRELEASE ?= -$(RELEASE) else @@ -16,24 +16,29 @@ override TOPDIR := $(shell pwd) endif override TOPDIR := $(abspath $(TOPDIR)) VPATH = $(TOPDIR) +export TOPDIR -include $(TOPDIR)/Make.defaults include $(TOPDIR)/Make.rules -include $(TOPDIR)/Make.coverity -include $(TOPDIR)/Make.scan-build +include $(TOPDIR)/Make.defaults +include $(TOPDIR)/include/coverity.mk +include $(TOPDIR)/include/scan-build.mk +include $(TOPDIR)/include/fanalyzer.mk TARGETS = $(SHIMNAME) TARGETS += $(SHIMNAME).debug $(MMNAME).debug $(FBNAME).debug ifneq ($(origin ENABLE_SHIM_HASH),undefined) TARGETS += $(SHIMHASHNAME) endif +ifneq ($(origin ENABLE_SHIM_DEVEL),undefined) +CFLAGS += -DENABLE_SHIM_DEVEL +endif ifneq ($(origin ENABLE_SHIM_CERT),undefined) TARGETS += $(MMNAME).signed $(FBNAME).signed CFLAGS += -DENABLE_SHIM_CERT else TARGETS += $(MMNAME) $(FBNAME) endif -OBJS = shim.o mok.o netboot.o cert.o replacements.o tpm.o version.o errlog.o sbat.o sbat_data.o pe.o httpboot.o +OBJS = shim.o mok.o netboot.o cert.o replacements.o tpm.o version.o errlog.o sbat.o sbat_data.o pe.o httpboot.o csv.o KEYS = shim_cert.h ocsp.* ca.* shim.crt shim.csr shim.p12 shim.pem shim.key shim.cer ORIG_SOURCES = shim.c mok.c netboot.c replacements.c tpm.c errlog.c sbat.c pe.c httpboot.c shim.h version.h $(wildcard include/*.h) MOK_OBJS = MokManager.o PasswordCrypt.o crypt_blowfish.o errlog.o sbat_data.o @@ -52,7 +57,23 @@ SOURCES = $(foreach source,$(ORIG_SOURCES),$(TOPDIR)/$(source)) version.c MOK_SOURCES = $(foreach source,$(ORIG_MOK_SOURCES),$(TOPDIR)/$(source)) FALLBACK_SRCS = $(foreach source,$(ORIG_FALLBACK_SRCS),$(TOPDIR)/$(source)) -all: $(TARGETS) +ifneq ($(origin FALLBACK_VERBOSE), undefined) + CFLAGS += -DFALLBACK_VERBOSE +endif + +ifneq ($(origin FALLBACK_VERBOSE_WAIT), undefined) + CFLAGS += -DFALLBACK_VERBOSE_WAIT=$(FALLBACK_VERBOSE_WAIT) +endif + +all: confcheck $(TARGETS) + +confcheck: +ifneq ($(origin EFI_PATH),undefined) + $(error EFI_PATH is no longer supported, you must build using the supplied copy of gnu-efi) +endif + +update : + git submodule update --init --recursive shim.crt: $(TOPDIR)/make-certs shim shim@xn--u4h.net all codesign 1.3.6.1.4.1.311.10.3.1 </dev/null @@ -95,40 +116,54 @@ VENDOR_SBATS := $(foreach x,$(wildcard data/sbat.*.csv),$(notdir $(x))) sbat_data.o : | $(SBATPATH) $(VENDOR_SBATS) sbat_data.o : /dev/null $(CC) $(CFLAGS) -x c -c -o $@ $< - $(OBJCOPY) --set-section-alignment '.sbat=512' --add-section .sbat=$(SBATPATH) $@ + $(OBJCOPY) --add-section .sbat=$(SBATPATH) \ + --set-section-flags .sbat=contents,alloc,load,readonly,data \ + $@ $(foreach vs,$(VENDOR_SBATS),$(call add-vendor-sbat,$(vs),$@)) $(SHIMNAME) : $(SHIMSONAME) $(MMNAME) : $(MMSONAME) $(FBNAME) : $(FBSONAME) -$(SHIMSONAME): $(OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a - $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) +LIBS = Cryptlib/libcryptlib.a \ + Cryptlib/OpenSSL/libopenssl.a \ + lib/lib.a \ + gnu-efi/$(ARCH_GNUEFI)/lib/libefi.a \ + gnu-efi/$(ARCH_GNUEFI)/gnuefi/libgnuefi.a + +$(SHIMSONAME): $(OBJS) $(LIBS) + $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) lib/lib.a fallback.o: $(FALLBACK_SRCS) -$(FBSONAME): $(FALLBACK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a - $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) +$(FBSONAME): $(FALLBACK_OBJS) $(LIBS) + $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) lib/lib.a MokManager.o: $(MOK_SOURCES) -$(MMSONAME): $(MOK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a +$(MMSONAME): $(MOK_OBJS) $(LIBS) $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) lib/lib.a +gnu-efi/$(ARCH_GNUEFI)/gnuefi/libgnuefi.a gnu-efi/$(ARCH_GNUEFI)/lib/libefi.a: CFLAGS+=-DGNU_EFI_USE_EXTERNAL_STDARG +gnu-efi/$(ARCH_GNUEFI)/gnuefi/libgnuefi.a gnu-efi/$(ARCH_GNUEFI)/lib/libefi.a: + $(MAKE) -C gnu-efi \ + ARCH=$(ARCH_GNUEFI) TOPDIR=$(TOPDIR)/gnu-efi \ + lib gnuefi inc + Cryptlib/libcryptlib.a: for i in Hash Hmac Cipher Rand Pk Pem SysCall; do mkdir -p Cryptlib/$$i; done - $(MAKE) VPATH=$(TOPDIR)/Cryptlib TOPDIR=$(TOPDIR)/Cryptlib -C Cryptlib -f $(TOPDIR)/Cryptlib/Makefile + $(MAKE) VPATH=$(TOPDIR)/Cryptlib -C Cryptlib -f $(TOPDIR)/Cryptlib/Makefile Cryptlib/OpenSSL/libopenssl.a: for i in x509v3 x509 txt_db stack sha rsa rc4 rand pkcs7 pkcs12 pem ocsp objects modes md5 lhash kdf hmac evp err dso dh conf comp cmac buffer bn bio async/arch asn1 aes; do mkdir -p Cryptlib/OpenSSL/crypto/$$i; done - $(MAKE) VPATH=$(TOPDIR)/Cryptlib/OpenSSL TOPDIR=$(TOPDIR)/Cryptlib/OpenSSL -C Cryptlib/OpenSSL -f $(TOPDIR)/Cryptlib/OpenSSL/Makefile + $(MAKE) VPATH=$(TOPDIR)/Cryptlib/OpenSSL -C Cryptlib/OpenSSL -f $(TOPDIR)/Cryptlib/OpenSSL/Makefile lib/lib.a: | $(TOPDIR)/lib/Makefile $(wildcard $(TOPDIR)/include/*.[ch]) if [ ! -d lib ]; then mkdir lib ; fi - $(MAKE) VPATH=$(TOPDIR)/lib TOPDIR=$(TOPDIR) CFLAGS="$(CFLAGS)" -C lib -f $(TOPDIR)/lib/Makefile lib.a + $(MAKE) VPATH=$(TOPDIR)/lib -C lib -f $(TOPDIR)/lib/Makefile lib.a buildid : $(TOPDIR)/buildid.c - $(CC) -Og -g3 -Wall -Werror -Wextra -o $@ $< -lelf + $(HOSTCC) -I/usr/include -Og -g3 -Wall -Werror -Wextra -o $@ $< -lelf $(BOOTCSVNAME) : @echo Making $@ @@ -239,6 +274,22 @@ else $(PESIGN) -n certdb -i $< -c "shim" -s -o $@ -f endif +test : + @make -f include/test.mk EFI_INCLUDES="$(EFI_INCLUDES)" ARCH_DEFINES="$(ARCH_DEFINES)" all + +$(patsubst %.c,%,$(wildcard test-*.c)) : + @make -f include/test.mk EFI_INCLUDES="$(EFI_INCLUDES)" ARCH_DEFINES="$(ARCH_DEFINES)" $@ + +.PHONY : $(patsubst %.c,%,$(wildcard test-*.c)) test + +clean-test-objs: + @make -f include/test.mk EFI_INCLUDES="$(EFI_INCLUDES)" ARCH_DEFINES="$(ARCH_DEFINES)" clean + +clean-gnu-efi: + $(MAKE) -C gnu-efi \ + ARCH=$(ARCH_GNUEFI) TOPDIR=$(TOPDIR)/gnu-efi \ + clean + clean-shim-objs: $(MAKE) -C lib -f $(TOPDIR)/lib/Makefile clean @rm -rvf $(TARGET) *.o $(SHIM_OBJS) $(MOK_OBJS) $(FALLBACK_OBJS) $(KEYS) certdb $(BOOTCSVNAME) @@ -246,37 +297,27 @@ clean-shim-objs: @rm -vf Cryptlib/*.[oa] Cryptlib/*/*.[oa] @if [ -d .git ] ; then git clean -f -d -e 'Cryptlib/OpenSSL/*'; fi -clean: clean-shim-objs - $(MAKE) -C Cryptlib -f $(TOPDIR)/Cryptlib/Makefile clean +clean-openssl-objs: $(MAKE) -C Cryptlib/OpenSSL -f $(TOPDIR)/Cryptlib/OpenSSL/Makefile clean +clean-cryptlib-objs: + $(MAKE) -C Cryptlib -f $(TOPDIR)/Cryptlib/Makefile clean + +clean: clean-shim-objs clean-test-objs clean-gnu-efi clean-openssl-objs clean-cryptlib-objs + GITTAG = $(VERSION) test-archive: - @rm -rf /tmp/shim-$(VERSION) /tmp/shim-$(VERSION)-tmp - @mkdir -p /tmp/shim-$(VERSION)-tmp - @git archive --format=tar $(shell git branch | awk '/^*/ { print $$2 }') | ( cd /tmp/shim-$(VERSION)-tmp/ ; tar x ) - @git diff | ( cd /tmp/shim-$(VERSION)-tmp/ ; patch -s -p1 -b -z .gitdiff ) - @mv /tmp/shim-$(VERSION)-tmp/ /tmp/shim-$(VERSION)/ - @git log -1 --pretty=format:%H > /tmp/shim-$(VERSION)/commit - @dir=$$PWD; cd /tmp; tar -c --bzip2 -f $$dir/shim-$(VERSION).tar.bz2 shim-$(VERSION) - @rm -rf /tmp/shim-$(VERSION) - @echo "The archive is in shim-$(VERSION).tar.bz2" + @./make-archive $(if $(call get-config,shim.origin),--origin "$(call get-config,shim.origin)") --test "$(VERSION)" tag: - git tag --sign $(GITTAG) refs/heads/master + git tag --sign $(GITTAG) refs/heads/main git tag -f latest-release $(GITTAG) archive: tag - @rm -rf /tmp/shim-$(VERSION) /tmp/shim-$(VERSION)-tmp - @mkdir -p /tmp/shim-$(VERSION)-tmp - @git archive --format=tar $(GITTAG) | ( cd /tmp/shim-$(VERSION)-tmp/ ; tar x ) - @mv /tmp/shim-$(VERSION)-tmp/ /tmp/shim-$(VERSION)/ - @git log -1 --pretty=format:%H > /tmp/shim-$(VERSION)/commit - @dir=$$PWD; cd /tmp; tar -c --bzip2 -f $$dir/shim-$(VERSION).tar.bz2 shim-$(VERSION) - @rm -rf /tmp/shim-$(VERSION) - @echo "The archive is in shim-$(VERSION).tar.bz2" + @./make-archive $(if $(call get-config,shim.origin),--origin "$(call get-config,shim.origin)") --release "$(VERSION)" "$(GITTAG)" "shim-$(GITTAG)" .PHONY : install-deps shim.key -export ARCH CC LD OBJCOPY EFI_INCLUDE OPTIMIZATIONS +export ARCH CC CROSS_COMPILE LD OBJCOPY EFI_INCLUDE EFI_INCLUDES OPTIMIZATIONS +export FEATUREFLAGS WARNFLAGS WERRFLAGS |