[efi-boot-shim.git] / Make.defaults


# load the local configuration if it exists
-include Make.local
-include $(TOPDIR)/Make.local

COMPILER	?= gcc
CC		= $(CROSS_COMPILE)$(COMPILER)
HOSTCC		= $(COMPILER)
LD		= $(CROSS_COMPILE)ld
OBJCOPY		= $(CROSS_COMPILE)objcopy
DOS2UNIX	?= dos2unix
D2UFLAGS	?= -r -l -F -f -n
OPENSSL		?= openssl
HEXDUMP		?= hexdump
INSTALL		?= install
PK12UTIL	?= pk12util
CERTUTIL	?= certutil
PESIGN		?= pesign
SBSIGN		?= sbsign
prefix		?= /usr
prefix		:= $(abspath $(prefix))
datadir		?= $(prefix)/share/
PKGNAME		?= shim
ESPROOTDIR	?= boot/efi/
EFIBOOTDIR	?= $(ESPROOTDIR)EFI/BOOT/
TARGETDIR	?= $(ESPROOTDIR)EFI/$(EFIDIR)/
DATATARGETDIR	?= $(datadir)/$(PKGNAME)/$(VERSION)$(DASHRELEASE)/$(ARCH_SUFFIX)/
DEBUGINFO	?= $(prefix)/lib/debug/
DEBUGSOURCE	?= $(prefix)/src/debug/
OSLABEL		?= $(EFIDIR)
DEFAULT_LOADER	?= \\\\grub$(ARCH_SUFFIX).efi
DASHJ		?= -j$(shell echo $$(($$(grep -c "^model name" /proc/cpuinfo) + 1)))

ARCH		?= $(shell $(CC) -dumpmachine | cut -f1 -d- | sed s,i[3456789]86,ia32,)
OBJCOPY_GTE224	= $(shell expr `$(OBJCOPY) --version |grep ^"GNU objcopy" | sed 's/^.*\((.*)\|version\) //g' | cut -f1-2 -d.` \>= 2.24)
OPTIMIZATIONS	?= -Os
FA_OPTIMIZATIONS ?= -O2
ifneq ($(FANALYZER),)
override OPTIMIZATIONS := $(FA_OPTIMIZATIONS)
override CCACHE_DISABLE := true
endif
export OPTIMIZATIONS
ifneq ($(CCACHE_DISABLE),)
export CCACHE_DISABLE
endif

SUBDIRS		= $(TOPDIR)/Cryptlib $(TOPDIR)/lib

EFI_INCLUDE	?= $(TOPDIR)/gnu-efi/inc
EFI_INCLUDES	= -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol
override EFI_INCLUDES := $(EFI_INCLUDES)
EFI_CRT_OBJS 	= $(LOCAL_EFI_PATH)/crt0-efi-$(ARCH_GNUEFI).o
EFI_LDS		= $(TOPDIR)/elf_$(ARCH)_efi.lds

CLANG_WARNINGS = -Wno-pointer-bool-conversion \
		 -Wno-unknown-attributes

CLANG_BUGS	= $(if $(findstring gcc,$(CC)),-maccumulate-outgoing-args,) \
		  $(if $(findstring clang,$(CC)),$(CLANG_WARNINGS))

COMMIT_ID ?= $(shell if [ -e .git ] ; then git log -1 --pretty=format:%H ; elif [ -f commit ]; then cat commit ; else echo master; fi)

ifeq ($(ARCH),x86_64)
	ARCH_CFLAGS		?= -mno-mmx -mno-sse -mno-red-zone -nostdinc \
				   $(CLANG_BUGS) -m64 \
				   -DMDE_CPU_X64 -DPAGE_SIZE=4096
	ARCH_GNUEFI		?= x86_64
	ARCH_SUFFIX		?= x64
	ARCH_SUFFIX_UPPER	?= X64
	ARCH_LDFLAGS		?=
endif
ifeq ($(ARCH),ia32)
	ARCH_CFLAGS		?= -mno-mmx -mno-sse -mno-red-zone -nostdinc \
				   $(CLANG_BUGS) -m32 -malign-double \
				   -DMDE_CPU_IA32 -DPAGE_SIZE=4096
	ARCH_GNUEFI		?= ia32
	ARCH_SUFFIX		?= ia32
	ARCH_SUFFIX_UPPER	?= IA32
	ARCH_LDFLAGS		?=
	ARCH_CFLAGS		?= -m32
endif
ifeq ($(ARCH),aarch64)
	ARCH_CFLAGS		?= -DMDE_CPU_AARCH64 -DPAGE_SIZE=4096 -mstrict-align
	ARCH_GNUEFI		?= aarch64
	ARCH_SUFFIX		?= aa64
	ARCH_SUFFIX_UPPER	?= AA64
	ARCH_LDFLAGS		?=
	ARCH_CFLAGS		?=
endif
ifeq ($(ARCH),arm)
	ARCH_CFLAGS		?= -DMDE_CPU_ARM -DPAGE_SIZE=4096 -mno-unaligned-access
	ARCH_GNUEFI		?= arm
	ARCH_SUFFIX		?= arm
	ARCH_SUFFIX_UPPER	?= ARM
	FORMAT			:= -O binary
	SUBSYSTEM		:= 0xa
	ARCH_LDFLAGS		+= --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM)
endif

DEFINES		= -DDEFAULT_LOADER='L"$(DEFAULT_LOADER)"' \
		  -DDEFAULT_LOADER_CHAR='"$(DEFAULT_LOADER)"'

INCLUDES	= -nostdinc \
		  -I$(TOPDIR)/Cryptlib -I$(TOPDIR)/Cryptlib/Include \
		  -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH_GNUEFI) -I$(EFI_INCLUDE)/protocol \
		  -I$(TOPDIR)/include -iquote $(TOPDIR) -iquote $(shell pwd) \
		  -isystem $(TOPDIR)/include/system \
		  -isystem $(shell $(CC) $(ARCH_CFLAGS) -print-file-name=include)

override DEFAULT_FEATUREFLAGS = \
		-std=gnu11 \
		-ggdb \
		-ffreestanding \
		$(shell $(CC) -fmacro-prefix-map=./=./ -E -x c /dev/null >/dev/null 2>&1 && echo -fmacro-prefix-map='$(TOPDIR)/=$(DEBUGSRC)') \
		-fno-stack-protector \
		-fno-strict-aliasing \
		-fpic \
		-fshort-wchar
$(call update-variable,FEATUREFLAGS)
$(call conditional-add-flag,$(FANALYZER),analyzer,FEATUREFLAGS,-fanalyzer)
$(call conditional-add-flag,$(COLOR),diagnostics-color,FEATUREFLAGS,-fdiagnostics-color=always)

override DEFAULT_WARNFLAGS = \
		-Wall \
		-Wextra \
		-Wno-missing-field-initializers
$(call update-variable,WARNFLAGS)

override DEFAULT_WERRFLAGS = \
		-Werror
$(call update-variable,WERRFLAGS)

CFLAGS		= $(FEATUREFLAGS) \
		  $(OPTIMIZATIONS) \
		  $(WARNFLAGS) \
		  $(if $(findstring clang,$(CC)),$(CLANG_WARNINGS)) \
		  $(ARCH_CFLAGS) \
		  $(WERRFLAGS) \
		  $(INCLUDES) \
		  $(DEFINES)

POST_PROCESS_PE_FLAGS =

ifneq ($(origin OVERRIDE_SECURITY_POLICY), undefined)
	DEFINES	+= -DOVERRIDE_SECURITY_POLICY
endif

ifneq ($(origin REQUIRE_TPM), undefined)
	DEFINES  += -DREQUIRE_TPM
endif

ifneq ($(origin DISABLE_EBS_PROTECTION), undefined)
	DEFINES  += -DDISABLE_EBS_PROTECTION
endif

ifneq ($(origin DISABLE_REMOVABLE_LOAD_OPTIONS), undefined)
	DEFINES  += -DDISABLE_REMOVABLE_LOAD_OPTIONS
endif

LIB_GCC		= $(shell $(CC) $(ARCH_CFLAGS) -print-libgcc-file-name)
EFI_LIBS	= -lefi -lgnuefi --start-group Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a --end-group $(LIB_GCC)
FORMAT		?= --target efi-app-$(ARCH)
LOCAL_EFI_PATH	= gnu-efi/$(ARCH_GNUEFI)/gnuefi
LIBDIR		= gnu-efi/$(ARCH_GNUEFI)/lib

MMSTEM		?= mm$(ARCH_SUFFIX)
MMNAME		= $(MMSTEM).efi
MMSONAME	= $(MMSTEM).so
FBSTEM		?= fb$(ARCH_SUFFIX)
FBNAME		= $(FBSTEM).efi
FBSONAME	= $(FBSTEM).so
SHIMSTEM	?= shim$(ARCH_SUFFIX)
SHIMNAME	= $(SHIMSTEM).efi
SHIMSONAME	= $(SHIMSTEM).so
SHIMHASHNAME	= $(SHIMSTEM).hash
BOOTEFINAME	?= BOOT$(ARCH_SUFFIX_UPPER).EFI
BOOTCSVNAME	?= BOOT$(ARCH_SUFFIX_UPPER).CSV

DEFINES		+= -DEFI_ARCH='L"$(ARCH_SUFFIX)"' \
		   -DDEBUGDIR='L"/usr/lib/debug/usr/share/shim/$(ARCH_SUFFIX)-$(VERSION)$(DASHRELEASE)/"'

ifneq ($(origin VENDOR_DB_FILE), undefined)
DEFINES		+= -DVENDOR_DB_FILE=\"$(VENDOR_DB_FILE)\"
endif
ifneq ($(origin VENDOR_CERT_FILE), undefined)
DEFINES		+= -DVENDOR_CERT_FILE=\"$(VENDOR_CERT_FILE)\"
endif
ifneq ($(origin VENDOR_DBX_FILE), undefined)
DEFINES		+= -DVENDOR_DBX_FILE=\"$(VENDOR_DBX_FILE)\"
endif
ifneq ($(origin SBAT_AUTOMATIC_DATE), undefined)
DEFINES		+= -DSBAT_AUTOMATIC_DATE=$(SBAT_AUTOMATIC_DATE)
endif

LDFLAGS		= --hash-style=sysv -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsymbolic -L$(LOCAL_EFI_PATH) -L$(LIBDIR) -LCryptlib -LCryptlib/OpenSSL $(EFI_CRT_OBJS) --build-id=sha1 $(ARCH_LDFLAGS) --no-undefined

ifneq ($(DEBUG),)
export DEBUG
endif
ifneq ($(VERBOSE),)
export VERBOSE
endif

# vim:filetype=make
Commit	Line	Data
031e5cce SM	1
	2	# load the local configuration if it exists
	3	-include Make.local
8119f718	4	-include $(TOPDIR)/Make.local
031e5cce	5
f892ac66 MTL	6	COMPILER ?= gcc
f892ac66 MTL	7	CC = $(CROSS_COMPILE)$(COMPILER)
031e5cce	8	HOSTCC = $(COMPILER)
f892ac66 MTL	9	LD = $(CROSS_COMPILE)ld
f892ac66 MTL	10	OBJCOPY = $(CROSS_COMPILE)objcopy
031e5cce SM	11	DOS2UNIX ?= dos2unix
031e5cce SM	12	D2UFLAGS ?= -r -l -F -f -n
f892ac66 MTL	13	OPENSSL ?= openssl
	14	HEXDUMP ?= hexdump
	15	INSTALL ?= install
	16	PK12UTIL ?= pk12util
	17	CERTUTIL ?= certutil
	18	PESIGN ?= pesign
	19	SBSIGN ?= sbsign
	20	prefix ?= /usr
	21	prefix := $(abspath $(prefix))
	22	datadir ?= $(prefix)/share/
	23	PKGNAME ?= shim
	24	ESPROOTDIR ?= boot/efi/
	25	EFIBOOTDIR ?= $(ESPROOTDIR)EFI/BOOT/
	26	TARGETDIR ?= $(ESPROOTDIR)EFI/$(EFIDIR)/
	27	DATATARGETDIR ?= $(datadir)/$(PKGNAME)/$(VERSION)$(DASHRELEASE)/$(ARCH_SUFFIX)/
	28	DEBUGINFO ?= $(prefix)/lib/debug/
	29	DEBUGSOURCE ?= $(prefix)/src/debug/
	30	OSLABEL ?= $(EFIDIR)
	31	DEFAULT_LOADER ?= \\\\grub$(ARCH_SUFFIX).efi
	32	DASHJ ?= -j$(shell echo $$(($$(grep -c "^model name" /proc/cpuinfo) + 1)))
	33
	34	ARCH ?= $(shell $(CC) -dumpmachine \| cut -f1 -d- \| sed s,i[3456789]86,ia32,)
	35	OBJCOPY_GTE224 = $(shell expr `$(OBJCOPY) --version \|grep ^"GNU objcopy" \| sed 's/^.\((.)\\|version\) //g' \| cut -f1-2 -d.` \>= 2.24)
031e5cce SM	36	OPTIMIZATIONS ?= -Os
	37	FA_OPTIMIZATIONS ?= -O2
	38	ifneq ($(FANALYZER),)
	39	override OPTIMIZATIONS := $(FA_OPTIMIZATIONS)
	40	override CCACHE_DISABLE := true
	41	endif
	42	export OPTIMIZATIONS
	43	ifneq ($(CCACHE_DISABLE),)
	44	export CCACHE_DISABLE
	45	endif
f892ac66 MTL	46
	47	SUBDIRS = $(TOPDIR)/Cryptlib $(TOPDIR)/lib
	48
031e5cce SM	49	EFI_INCLUDE ?= $(TOPDIR)/gnu-efi/inc
	50	EFI_INCLUDES = -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol
	51	override EFI_INCLUDES := $(EFI_INCLUDES)
	52	EFI_CRT_OBJS = $(LOCAL_EFI_PATH)/crt0-efi-$(ARCH_GNUEFI).o
f892ac66 MTL	53	EFI_LDS = $(TOPDIR)/elf_$(ARCH)_efi.lds
f892ac66 MTL	54
8529e0f7 SM	55	CLANG_WARNINGS = -Wno-pointer-bool-conversion \
	56	-Wno-unknown-attributes
	57
	58	CLANG_BUGS = $(if $(findstring gcc,$(CC)),-maccumulate-outgoing-args,) \
	59	$(if $(findstring clang,$(CC)),$(CLANG_WARNINGS))
f892ac66 MTL	60
	61	COMMIT_ID ?= $(shell if [ -e .git ] ; then git log -1 --pretty=format:%H ; elif [ -f commit ]; then cat commit ; else echo master; fi)
	62
	63	ifeq ($(ARCH),x86_64)
	64	ARCH_CFLAGS ?= -mno-mmx -mno-sse -mno-red-zone -nostdinc \
	65	$(CLANG_BUGS) -m64 \
031e5cce SM	66	-DMDE_CPU_X64 -DPAGE_SIZE=4096
031e5cce SM	67	ARCH_GNUEFI ?= x86_64
f892ac66 MTL	68	ARCH_SUFFIX ?= x64
	69	ARCH_SUFFIX_UPPER ?= X64
	70	ARCH_LDFLAGS ?=
	71	endif
	72	ifeq ($(ARCH),ia32)
	73	ARCH_CFLAGS ?= -mno-mmx -mno-sse -mno-red-zone -nostdinc \
2dd2f760	74	$(CLANG_BUGS) -m32 -malign-double \
f892ac66	75	-DMDE_CPU_IA32 -DPAGE_SIZE=4096
031e5cce	76	ARCH_GNUEFI ?= ia32
f892ac66 MTL	77	ARCH_SUFFIX ?= ia32
	78	ARCH_SUFFIX_UPPER ?= IA32
	79	ARCH_LDFLAGS ?=
	80	ARCH_CFLAGS ?= -m32
	81	endif
	82	ifeq ($(ARCH),aarch64)
	83	ARCH_CFLAGS ?= -DMDE_CPU_AARCH64 -DPAGE_SIZE=4096 -mstrict-align
031e5cce	84	ARCH_GNUEFI ?= aarch64
f892ac66 MTL	85	ARCH_SUFFIX ?= aa64
f892ac66 MTL	86	ARCH_SUFFIX_UPPER ?= AA64
e6ace38a	87	ARCH_LDFLAGS ?=
f892ac66 MTL	88	ARCH_CFLAGS ?=
	89	endif
	90	ifeq ($(ARCH),arm)
031e5cce SM	91	ARCH_CFLAGS ?= -DMDE_CPU_ARM -DPAGE_SIZE=4096 -mno-unaligned-access
031e5cce SM	92	ARCH_GNUEFI ?= arm
f892ac66 MTL	93	ARCH_SUFFIX ?= arm
	94	ARCH_SUFFIX_UPPER ?= ARM
	95	FORMAT := -O binary
	96	SUBSYSTEM := 0xa
	97	ARCH_LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM)
	98	endif
	99
031e5cce SM	100	DEFINES = -DDEFAULT_LOADER='L"$(DEFAULT_LOADER)"' \
	101	-DDEFAULT_LOADER_CHAR='"$(DEFAULT_LOADER)"'
	102
	103	INCLUDES = -nostdinc \
	104	-I$(TOPDIR)/Cryptlib -I$(TOPDIR)/Cryptlib/Include \
	105	-I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH_GNUEFI) -I$(EFI_INCLUDE)/protocol \
	106	-I$(TOPDIR)/include -iquote $(TOPDIR) -iquote $(shell pwd) \
	107	-isystem $(TOPDIR)/include/system \
	108	-isystem $(shell $(CC) $(ARCH_CFLAGS) -print-file-name=include)
	109
	110	override DEFAULT_FEATUREFLAGS = \
	111	-std=gnu11 \
	112	-ggdb \
	113	-ffreestanding \
	114	$(shell $(CC) -fmacro-prefix-map=./=./ -E -x c /dev/null >/dev/null 2>&1 && echo -fmacro-prefix-map='$(TOPDIR)/=$(DEBUGSRC)') \
	115	-fno-stack-protector \
	116	-fno-strict-aliasing \
	117	-fpic \
	118	-fshort-wchar
	119	$(call update-variable,FEATUREFLAGS)
	120	$(call conditional-add-flag,$(FANALYZER),analyzer,FEATUREFLAGS,-fanalyzer)
	121	$(call conditional-add-flag,$(COLOR),diagnostics-color,FEATUREFLAGS,-fdiagnostics-color=always)
	122
	123	override DEFAULT_WARNFLAGS = \
	124	-Wall \
	125	-Wextra \
	126	-Wno-missing-field-initializers
	127	$(call update-variable,WARNFLAGS)
	128
	129	override DEFAULT_WERRFLAGS = \
	130	-Werror
	131	$(call update-variable,WERRFLAGS)
	132
	133	CFLAGS = $(FEATUREFLAGS) \
	134	$(OPTIMIZATIONS) \
	135	$(WARNFLAGS) \
8529e0f7	136	$(if $(findstring clang,$(CC)),$(CLANG_WARNINGS)) \
031e5cce SM	137	$(ARCH_CFLAGS) \
	138	$(WERRFLAGS) \
	139	$(INCLUDES) \
	140	$(DEFINES)
f892ac66	141
fd2d9f03 SM	142	POST_PROCESS_PE_FLAGS =
fd2d9f03 SM	143
f892ac66	144	ifneq ($(origin OVERRIDE_SECURITY_POLICY), undefined)
031e5cce	145	DEFINES += -DOVERRIDE_SECURITY_POLICY
f892ac66 MTL	146	endif
f892ac66 MTL	147
031e5cce SM	148	ifneq ($(origin REQUIRE_TPM), undefined)
031e5cce SM	149	DEFINES += -DREQUIRE_TPM
f892ac66 MTL	150	endif
f892ac66 MTL	151
031e5cce SM	152	ifneq ($(origin DISABLE_EBS_PROTECTION), undefined)
031e5cce SM	153	DEFINES += -DDISABLE_EBS_PROTECTION
f892ac66 MTL	154	endif
f892ac66 MTL	155
8529e0f7 SM	156	ifneq ($(origin DISABLE_REMOVABLE_LOAD_OPTIONS), undefined)
	157	DEFINES += -DDISABLE_REMOVABLE_LOAD_OPTIONS
	158	endif
	159
f892ac66 MTL	160	LIB_GCC = $(shell $(CC) $(ARCH_CFLAGS) -print-libgcc-file-name)
	161	EFI_LIBS = -lefi -lgnuefi --start-group Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a --end-group $(LIB_GCC)
	162	FORMAT ?= --target efi-app-$(ARCH)
031e5cce SM	163	LOCAL_EFI_PATH = gnu-efi/$(ARCH_GNUEFI)/gnuefi
031e5cce SM	164	LIBDIR = gnu-efi/$(ARCH_GNUEFI)/lib
f892ac66 MTL	165
	166	MMSTEM ?= mm$(ARCH_SUFFIX)
	167	MMNAME = $(MMSTEM).efi
	168	MMSONAME = $(MMSTEM).so
	169	FBSTEM ?= fb$(ARCH_SUFFIX)
	170	FBNAME = $(FBSTEM).efi
	171	FBSONAME = $(FBSTEM).so
	172	SHIMSTEM ?= shim$(ARCH_SUFFIX)
	173	SHIMNAME = $(SHIMSTEM).efi
	174	SHIMSONAME = $(SHIMSTEM).so
	175	SHIMHASHNAME = $(SHIMSTEM).hash
	176	BOOTEFINAME ?= BOOT$(ARCH_SUFFIX_UPPER).EFI
	177	BOOTCSVNAME ?= BOOT$(ARCH_SUFFIX_UPPER).CSV
	178
031e5cce SM	179	DEFINES += -DEFI_ARCH='L"$(ARCH_SUFFIX)"' \
031e5cce SM	180	-DDEBUGDIR='L"/usr/lib/debug/usr/share/shim/$(ARCH_SUFFIX)-$(VERSION)$(DASHRELEASE)/"'
f892ac66	181
031e5cce SM	182	ifneq ($(origin VENDOR_DB_FILE), undefined)
	183	DEFINES += -DVENDOR_DB_FILE=\"$(VENDOR_DB_FILE)\"
	184	endif
f892ac66	185	ifneq ($(origin VENDOR_CERT_FILE), undefined)
031e5cce	186	DEFINES += -DVENDOR_CERT_FILE=\"$(VENDOR_CERT_FILE)\"
f892ac66 MTL	187	endif
f892ac66 MTL	188	ifneq ($(origin VENDOR_DBX_FILE), undefined)
031e5cce SM	189	DEFINES += -DVENDOR_DBX_FILE=\"$(VENDOR_DBX_FILE)\"
031e5cce SM	190	endif
fd2d9f03 SM	191	ifneq ($(origin SBAT_AUTOMATIC_DATE), undefined)
	192	DEFINES += -DSBAT_AUTOMATIC_DATE=$(SBAT_AUTOMATIC_DATE)
	193	endif
031e5cce SM	194
	195	LDFLAGS = --hash-style=sysv -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsymbolic -L$(LOCAL_EFI_PATH) -L$(LIBDIR) -LCryptlib -LCryptlib/OpenSSL $(EFI_CRT_OBJS) --build-id=sha1 $(ARCH_LDFLAGS) --no-undefined
	196
	197	ifneq ($(DEBUG),)
	198	export DEBUG
	199	endif
	200	ifneq ($(VERBOSE),)
	201	export VERBOSE
f892ac66 MTL	202	endif
f892ac66 MTL	203
031e5cce	204	# vim:filetype=make