From eb02afc6f822576b73b7added3966ad7e72fd342 Mon Sep 17 00:00:00 2001
From: Dennis Tseng <dennis.tseng@suse.com>
Date: Wed, 5 Jun 2024 22:33:06 +0800
Subject: Optionally enabling codesign EKU check in compiling time.

This commit also supersedes PR#232 which was closed on Jul 1, 2021.
So that original codesign EKU codes cannot be bothered.

To enable the codesign check, ENABLE_CODESIGN_EKU can be set to 1.
To disable the codesign check, ENABLE_CODESIGN_EKU can be set to 0
or just omit this flag.

For example:
make xxxx ENABLE_CODESIGN_EKU=1 xxxx shim.efi

Signed-off-by: Dennis Tseng <dennis.tseng@suse.com>
---
 Cryptlib/Makefile | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'Cryptlib/Makefile')

diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile
index 023da637..68a9395e 100644
--- a/Cryptlib/Makefile
+++ b/Cryptlib/Makefile
@@ -40,6 +40,9 @@ endif
 ifeq ($(ARCH),arm)
 DEFINES		+= -DMDE_CPU_ARM
 endif
+ifeq ($(ENABLE_CODESIGN_EKU),1)
+DEFINES += -DENABLE_CODESIGN_EKU
+endif
 
 LDFLAGS		= -nostdlib -znocombreloc
 
@@ -60,7 +63,6 @@ OBJS		=   Hash/CryptMd4Null.o \
 		    Pk/CryptRsaExtNull.o \
 		    Pk/CryptPkcs7SignNull.o \
 		    Pk/CryptPkcs7Verify.o \
-		    Pk/CryptPkcs7VerifyEku.o \
 		    Pk/CryptDhNull.o \
 		    Pk/CryptTs.o \
 		    Pk/CryptX509.o \
@@ -71,6 +73,10 @@ OBJS		=   Hash/CryptMd4Null.o \
 		    SysCall/BaseMemAllocation.o \
 		    SysCall/BaseStrings.o
 
+ifeq ($(ENABLE_CODESIGN_EKU),1)
+	OBJS += Pk/CryptPkcs7VerifyEku.o
+endif
+
 all: $(TARGET)
 
 libcryptlib.a: $(OBJS)
-- 
cgit v1.2.3