diff options
Diffstat (limited to 'Makefile')
| -rw-r--r-- | Makefile | 164 |
1 files changed, 28 insertions, 136 deletions
@@ -1,4 +1,7 @@ -VERSION = 13 +default : all + +NAME = shim +VERSION = 15 ifneq ($(origin RELEASE),undefined) DASHRELEASE ?= -$(RELEASE) else @@ -8,130 +11,16 @@ endif ifeq ($(MAKELEVEL),0) TOPDIR ?= $(shell pwd) endif +ifeq ($(TOPDIR),) +override TOPDIR := $(shell pwd) +endif override TOPDIR := $(abspath $(TOPDIR)) VPATH = $(TOPDIR) -CC = $(CROSS_COMPILE)gcc -LD = $(CROSS_COMPILE)ld -OBJCOPY = $(CROSS_COMPILE)objcopy -OPENSSL ?= openssl -HEXDUMP ?= hexdump -INSTALL ?= install -PK12UTIL ?= pk12util -CERTUTIL ?= certutil -PESIGN ?= pesign -SBSIGN ?= sbsign -prefix ?= /usr -prefix := $(abspath $(prefix)) -datadir ?= $(prefix)/share/ -PKGNAME ?= shim -ESPROOTDIR ?= boot/efi/ -EFIBOOTDIR ?= $(ESPROOTDIR)EFI/BOOT/ -TARGETDIR ?= $(ESPROOTDIR)EFI/$(EFIDIR)/ -DATATARGETDIR ?= $(datadir)/$(PKGNAME)/$(VERSION)$(DASHRELEASE)/$(ARCH_SUFFIX)/ -DEBUGINFO ?= $(prefix)/lib/debug/ -DEBUGSOURCE ?= $(prefix)/src/debug/ -OSLABEL ?= $(EFIDIR) -DEFAULT_LOADER ?= \\\\grub$(ARCH_SUFFIX).efi - -ARCH ?= $(shell $(CC) -dumpmachine | cut -f1 -d- | sed s,i[3456789]86,ia32,) -OBJCOPY_GTE224 = $(shell expr `$(OBJCOPY) --version |grep ^"GNU objcopy" | sed 's/^.*\((.*)\|version\) //g' | cut -f1-2 -d.` \>= 2.24) - -SUBDIRS = $(TOPDIR)/Cryptlib $(TOPDIR)/lib - -EFI_INCLUDE := /usr/include/efi -EFI_INCLUDES = -nostdinc -I$(TOPDIR)/Cryptlib -I$(TOPDIR)/Cryptlib/Include \ - -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol \ - -I$(TOPDIR)/include -iquote $(TOPDIR) -iquote $(shell pwd) - -LIB_GCC = $(shell $(CC) -print-libgcc-file-name) -EFI_LIBS = -lefi -lgnuefi --start-group Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a --end-group $(LIB_GCC) - -EFI_CRT_OBJS = $(EFI_PATH)/crt0-efi-$(ARCH).o -EFI_LDS = $(TOPDIR)/elf_$(ARCH)_efi.lds - -CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \ - -fshort-wchar -Wall -Wsign-compare -Werror -fno-builtin \ - -Werror=sign-compare -ffreestanding -std=gnu89 \ - -I$(shell $(CC) -print-file-name=include) \ - "-DDEFAULT_LOADER=L\"$(DEFAULT_LOADER)\"" \ - "-DDEFAULT_LOADER_CHAR=\"$(DEFAULT_LOADER)\"" \ - $(EFI_INCLUDES) - -COMMITID ?= $(shell if [ -d .git ] ; then git log -1 --pretty=format:%H ; elif [ -f commit ]; then cat commit ; else echo commit id not available; fi) - -ifneq ($(origin OVERRIDE_SECURITY_POLICY), undefined) - CFLAGS += -DOVERRIDE_SECURITY_POLICY -endif - -ifneq ($(origin ENABLE_HTTPBOOT), undefined) - CFLAGS += -DENABLE_HTTPBOOT -endif - -ifeq ($(ARCH),x86_64) - CFLAGS += -mno-mmx -mno-sse -mno-red-zone -nostdinc \ - -maccumulate-outgoing-args \ - -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI \ - -DNO_BUILTIN_VA_FUNCS -DMDE_CPU_X64 -DPAGE_SIZE=4096 - LIBDIR ?= $(prefix)/lib64 - ARCH_SUFFIX ?= x64 - ARCH_SUFFIX_UPPER ?= X64 - ARCH_LDFLAGS ?= -endif -ifeq ($(ARCH),ia32) - CFLAGS += -mno-mmx -mno-sse -mno-red-zone -nostdinc \ - -maccumulate-outgoing-args -m32 \ - -DMDE_CPU_IA32 -DPAGE_SIZE=4096 - LIBDIR ?= $(prefix)/lib - ARCH_SUFFIX ?= ia32 - ARCH_SUFFIX_UPPER ?= IA32 - ARCH_LDFLAGS ?= -endif -ifeq ($(ARCH),aarch64) - CFLAGS += -DMDE_CPU_AARCH64 -DPAGE_SIZE=4096 -mstrict-align - LIBDIR ?= $(prefix)/lib64 - ARCH_SUFFIX ?= aa64 - ARCH_SUFFIX_UPPER ?= AA64 - FORMAT := -O binary - SUBSYSTEM := 0xa - ARCH_LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) -endif -ifeq ($(ARCH),arm) - CFLAGS += -DMDE_CPU_ARM -DPAGE_SIZE=4096 -mstrict-align - LIBDIR ?= $(prefix)/lib - ARCH_SUFFIX ?= arm - ARCH_SUFFIX_UPPER ?= ARM - FORMAT := -O binary - SUBSYSTEM := 0xa - ARCH_LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) -endif - -FORMAT ?= --target efi-app-$(ARCH) -EFI_PATH ?= $(LIBDIR)/gnuefi - -MMSTEM ?= mm$(ARCH_SUFFIX) -MMNAME = $(MMSTEM).efi -MMSONAME = $(MMSTEM).so -FBSTEM ?= fb$(ARCH_SUFFIX) -FBNAME = $(FBSTEM).efi -FBSONAME = $(FBSTEM).so -SHIMSTEM ?= shim$(ARCH_SUFFIX) -SHIMNAME = $(SHIMSTEM).efi -SHIMSONAME = $(SHIMSTEM).so -SHIMHASHNAME = $(SHIMSTEM).hash -BOOTEFINAME ?= BOOT$(ARCH_SUFFIX_UPPER).EFI -BOOTCSVNAME ?= BOOT$(ARCH_SUFFIX_UPPER).CSV - -CFLAGS += "-DEFI_ARCH=L\"$(ARCH_SUFFIX)\"" "-DDEBUGDIR=L\"/usr/lib/debug/usr/share/shim/$(ARCH_SUFFIX)-$(VERSION)$(DASHRELEASE)/\"" - -ifneq ($(origin VENDOR_CERT_FILE), undefined) - CFLAGS += -DVENDOR_CERT_FILE=\"$(VENDOR_CERT_FILE)\" -endif -ifneq ($(origin VENDOR_DBX_FILE), undefined) - CFLAGS += -DVENDOR_DBX_FILE=\"$(VENDOR_DBX_FILE)\" -endif - -LDFLAGS = --hash-style=sysv -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsymbolic -L$(EFI_PATH) -L$(LIBDIR) -LCryptlib -LCryptlib/OpenSSL $(EFI_CRT_OBJS) --build-id=sha1 $(ARCH_LDFLAGS) +include $(TOPDIR)/Make.defaults +include $(TOPDIR)/Make.rules +include $(TOPDIR)/Make.coverity +include $(TOPDIR)/Make.scan-build TARGETS = $(SHIMNAME) TARGETS += $(SHIMNAME).debug $(MMNAME).debug $(FBNAME).debug @@ -144,17 +33,17 @@ CFLAGS += -DENABLE_SHIM_CERT else TARGETS += $(MMNAME) $(FBNAME) endif -OBJS = shim.o netboot.o cert.o replacements.o tpm.o version.o errlog.o +OBJS = shim.o mok.o netboot.o cert.o replacements.o tpm.o version.o errlog.o KEYS = shim_cert.h ocsp.* ca.* shim.crt shim.csr shim.p12 shim.pem shim.key shim.cer -ORIG_SOURCES = shim.c shim.h netboot.c include/PeImage.h include/wincert.h include/console.h replacements.c replacements.h tpm.c tpm.h version.h errlog.c +ORIG_SOURCES = shim.c mok.c netboot.c replacements.c tpm.c errlog.c shim.h version.h $(wildcard include/*.h) MOK_OBJS = MokManager.o PasswordCrypt.o crypt_blowfish.o -ORIG_MOK_SOURCES = MokManager.c shim.h include/console.h PasswordCrypt.c PasswordCrypt.h crypt_blowfish.c crypt_blowfish.h -FALLBACK_OBJS = fallback.o tpm.o +ORIG_MOK_SOURCES = MokManager.c PasswordCrypt.c crypt_blowfish.c shim.h $(wildcard include/*.h) +FALLBACK_OBJS = fallback.o tpm.o errlog.o ORIG_FALLBACK_SRCS = fallback.c ifneq ($(origin ENABLE_HTTPBOOT), undefined) OBJS += httpboot.o - SOURCES += httpboot.c httpboot.h + SOURCES += httpboot.c include/httpboot.h endif SOURCES = $(foreach source,$(ORIG_SOURCES),$(TOPDIR)/$(source)) version.c @@ -177,8 +66,8 @@ shim_cert.h: shim.cer version.c : $(TOPDIR)/version.c.in sed -e "s,@@VERSION@@,$(VERSION)," \ - -e "s,@@UNAME@@,$(shell uname -a)," \ - -e "s,@@COMMIT@@,$(COMMITID)," \ + -e "s,@@UNAME@@,$(shell uname -s -m -p -i -o)," \ + -e "s,@@COMMIT@@,$(COMMIT_ID)," \ < $< > $@ certdb/secmod.db: shim.crt @@ -220,9 +109,9 @@ Cryptlib/OpenSSL/libopenssl.a: mkdir -p Cryptlib/OpenSSL/crypto/{x509v3,x509,txt_db,stack,sha,rsa,rc4,rand,pkcs7,pkcs12,pem,ocsp,objects,modes,md5,lhash,kdf,hmac,evp,err,dso,dh,conf,comp,cmac,buffer,bn,bio,async{,/arch},asn1,aes}/ $(MAKE) VPATH=$(TOPDIR)/Cryptlib/OpenSSL TOPDIR=$(TOPDIR)/Cryptlib/OpenSSL -C Cryptlib/OpenSSL -f $(TOPDIR)/Cryptlib/OpenSSL/Makefile -lib/lib.a: +lib/lib.a: | $(TOPDIR)/lib/Makefile $(wildcard $(TOPDIR)/include/*.[ch]) if [ ! -d lib ]; then mkdir lib ; fi - $(MAKE) VPATH=$(TOPDIR)/lib TOPDIR=$(TOPDIR) CFLAGS="$(CFLAGS)" -C lib -f $(TOPDIR)/lib/Makefile + $(MAKE) VPATH=$(TOPDIR)/lib TOPDIR=$(TOPDIR) CFLAGS="$(CFLAGS)" -C lib -f $(TOPDIR)/lib/Makefile lib.a buildid : $(TOPDIR)/buildid.c $(CC) -Og -g3 -Wall -Werror -Wextra -o $@ $< -lelf @@ -331,13 +220,16 @@ else $(PESIGN) -n certdb -i $< -c "shim" -s -o $@ -f endif -clean: OBJS=$(wildcard *.o) -clean: +clean-shim-objs: + $(MAKE) -C lib -f $(TOPDIR)/lib/Makefile clean + @rm -rvf $(TARGET) *.o $(SHIM_OBJS) $(MOK_OBJS) $(FALLBACK_OBJS) $(KEYS) certdb $(BOOTCSVNAME) + @rm -vf *.debug *.so *.efi *.efi.* *.tar.* version.c buildid + @rm -vf Cryptlib/*.[oa] Cryptlib/*/*.[oa] + @git clean -f -d -e 'Cryptlib/OpenSSL/*' + +clean: clean-shim-objs $(MAKE) -C Cryptlib -f $(TOPDIR)/Cryptlib/Makefile clean $(MAKE) -C Cryptlib/OpenSSL -f $(TOPDIR)/Cryptlib/OpenSSL/Makefile clean - $(MAKE) -C lib -f $(TOPDIR)/lib/Makefile clean - rm -rf $(TARGET) $(OBJS) $(MOK_OBJS) $(FALLBACK_OBJS) $(KEYS) certdb $(BOOTCSVNAME) - rm -f *.debug *.so *.efi *.efi.* *.tar.* version.c buildid GITTAG = $(VERSION) |