summaryrefslogtreecommitdiff
path: root/Make.defaults
AgeCommit message (Collapse)Author
2020-07-23Add support for vendor_db built-in shim authorized list.Peter Jones
Potential new signing strategies ( for example signing grub, fwupdate and vmlinuz with separate certificates ) require shim to support a vendor provided bundle of trusted certificates and hashes, which allows shim to trust EFI binaries matching either certificate by signature or hash in the vendor_db. Functionality is similar to vendor_dbx. This also improves the mirroring quite a bit. Upstream: pr#206
2020-07-23Once again, try even harder to get binaries without timestamps in them.Peter Jones
$ objdump -x /builddir/build/BUILDROOT/shim-*/usr/share/shim/*/shimx64.efi | grep 'Time/Date' Time/Date Thu Jan 1 00:00:08 1970 $ _ "What is despair? I have known it—hear my song. Despair is when you’re debugging a kernel driver and you look at a memory dump and you see that a pointer has a value of 7." - http://scholar.harvard.edu/files/mickens/files/thenightwatch.pdf objcopy only knows about -D for some targets. ld only believes in --no-insert-timestamp in some versions. dd takes off and nukes the site from orbit. It's the only way to be sure. Signed-off-by: Peter Jones <pjones@redhat.com> Upstream-commit-id: a4a1fbe728c
2020-07-23Make.default: use correct flags to disable unaligned access for 32 bit ARMPeter Korsgaard
The GCC flag to disable unaligned access on 32bit ARM is -mno-unaligned-access, not -mstrict-align (which is used on aarch64): https://lkml.org/lkml/2018/8/3/294 Otherwise build dies with: arm-linux-gnueabihf-gcc: error: unrecognized command line option ‘-mstrict-align’; did you mean ‘-Wstrict-aliasing’? Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Upstream-commit-id: 41b93358e8c
2020-07-23Makefiles: ensure -m32 gets propogated to our gcc parameter queriesPeter Jones
'gcc -print-file-name=include' and 'gcc -print-libgcc-file-name' both need -m32 when we're building 32-on-64 on some distros, so ensure that gets propogated correctly. Signed-off-by: Peter Jones <pjones@redhat.com> Upstream-commit-id: 104d6e54ac7
2018-03-15Work around clang bugs for scan-build.Peter Jones
I don't think the x86 binaries clang builds will actually work unless they just infer -maccumulate-outgoing-args from __attribute__((__ms_abi__), but it's nice to have the analyzer working. Signed-off-by: Peter Jones <pjones@redhat.com>
2018-03-12Make EFI_INCLUDE path configurable during makeTamas K Lengyel
Signed-off-by: Tamas K Lengyel <lengyelt@ainfosec.com>
2018-03-12Add 'make coverity' target.Peter Jones
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-03-12Split makefiles up a bitPeter Jones
Signed-off-by: Peter Jones <pjones@redhat.com>
generated by cgit v1.2.3 (git 2.39.1) at 2025-09-02 05:08:57 +0000