[efi-boot-shim.git] / Makefile

VERSION		= 12
ifneq ($(origin RELEASE),undefined)
DASHRELEASE	?= -$(RELEASE)
else
DASHRELEASE	?=
endif

ifeq ($(MAKELEVEL),0)
TOPDIR		?= $(shell pwd)
endif
override TOPDIR	:= $(abspath $(TOPDIR))
VPATH		= $(TOPDIR)

CC		= $(CROSS_COMPILE)gcc
LD		= $(CROSS_COMPILE)ld
OBJCOPY		= $(CROSS_COMPILE)objcopy
OPENSSL		?= openssl
HEXDUMP		?= hexdump
INSTALL		?= install
PK12UTIL	?= pk12util
CERTUTIL	?= certutil
PESIGN		?= pesign
SBSIGN		?= sbsign
prefix		?= /usr
prefix		:= $(abspath $(prefix))
datadir		?= $(prefix)/share/
PKGNAME		?= shim
ESPROOTDIR	?= boot/efi/
EFIBOOTDIR	?= $(ESPROOTDIR)EFI/BOOT/
TARGETDIR	?= $(ESPROOTDIR)EFI/$(EFIDIR)/
DATATARGETDIR	?= $(datadir)/$(PKGNAME)/$(VERSION)$(DASHRELEASE)/$(ARCH_SUFFIX)/
DEBUGINFO	?= $(prefix)/lib/debug/
DEBUGSOURCE	?= $(prefix)/src/debug/
OSLABEL		?= $(EFIDIR)
DEFAULT_LOADER	?= \\\\grub$(ARCH_SUFFIX).efi

ARCH		?= $(shell $(CC) -dumpmachine | cut -f1 -d- | sed s,i[3456789]86,ia32,)
OBJCOPY_GTE224	= $(shell expr `$(OBJCOPY) --version |grep ^"GNU objcopy" | sed 's/^.*\((.*)\|version\) //g' | cut -f1-2 -d.` \>= 2.24)

SUBDIRS		= $(TOPDIR)/Cryptlib $(TOPDIR)/lib

EFI_INCLUDE	:= /usr/include/efi
EFI_INCLUDES	= -nostdinc -I$(TOPDIR)/Cryptlib -I$(TOPDIR)/Cryptlib/Include \
		  -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol \
		  -I$(TOPDIR)/include -iquote $(TOPDIR) -iquote $(shell pwd)

LIB_GCC		= $(shell $(CC) -print-libgcc-file-name)
EFI_LIBS	= -lefi -lgnuefi --start-group Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a --end-group $(LIB_GCC) 

EFI_CRT_OBJS 	= $(EFI_PATH)/crt0-efi-$(ARCH).o
EFI_LDS		= $(TOPDIR)/elf_$(ARCH)_efi.lds

CFLAGS		= -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \
		  -fshort-wchar -Wall -Wsign-compare -Werror -fno-builtin \
		  -Werror=sign-compare -ffreestanding -std=gnu89 \
		  -I$(shell $(CC) -print-file-name=include) \
		  "-DDEFAULT_LOADER=L\"$(DEFAULT_LOADER)\"" \
		  "-DDEFAULT_LOADER_CHAR=\"$(DEFAULT_LOADER)\"" \
		  $(EFI_INCLUDES)

COMMITID ?= $(shell if [ -d .git ] ; then git log -1 --pretty=format:%H ; elif [ -f commit ]; then cat commit ; else echo commit id not available; fi)

ifneq ($(origin OVERRIDE_SECURITY_POLICY), undefined)
	CFLAGS	+= -DOVERRIDE_SECURITY_POLICY
endif

ifneq ($(origin ENABLE_HTTPBOOT), undefined)
	CFLAGS	+= -DENABLE_HTTPBOOT
endif

ifeq ($(ARCH),x86_64)
	CFLAGS	+= -mno-mmx -mno-sse -mno-red-zone -nostdinc \
		   -maccumulate-outgoing-args \
		   -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI \
		   -DNO_BUILTIN_VA_FUNCS -DMDE_CPU_X64 -DPAGE_SIZE=4096
	LIBDIR			?= $(prefix)/lib64
	ARCH_SUFFIX		?= x64
	ARCH_SUFFIX_UPPER	?= X64
endif
ifeq ($(ARCH),ia32)
	CFLAGS	+= -mno-mmx -mno-sse -mno-red-zone -nostdinc \
		   -maccumulate-outgoing-args -m32 \
		   -DMDE_CPU_IA32 -DPAGE_SIZE=4096
	LIBDIR			?= $(prefix)/lib
	ARCH_SUFFIX		?= ia32
	ARCH_SUFFIX_UPPER	?= IA32
endif
ifeq ($(ARCH),aarch64)
	CFLAGS += -DMDE_CPU_AARCH64 -DPAGE_SIZE=4096 -mstrict-align
	LIBDIR			?= $(prefix)/lib64
	ARCH_SUFFIX		?= aa64
	ARCH_SUFFIX_UPPER	?= AA64
	FORMAT			:= -O binary
	SUBSYSTEM		:= 0xa
	LDFLAGS			+= --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM)
endif
ifeq ($(ARCH),arm)
	CFLAGS += -DMDE_CPU_ARM -DPAGE_SIZE=4096 -mstrict-align
	LIBDIR			?= $(prefix)/lib
	ARCH_SUFFIX		?= arm
	ARCH_SUFFIX_UPPER	?= ARM
	FORMAT			:= -O binary
	SUBSYSTEM		:= 0xa
	LDFLAGS			+= --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM)
endif

FORMAT		?= --target efi-app-$(ARCH)
EFI_PATH	?= $(LIBDIR)/gnuefi

MMSTEM		?= mm$(ARCH_SUFFIX)
MMNAME		= $(MMSTEM).efi
MMSONAME	= $(MMSTEM).so
FBSTEM		?= fb$(ARCH_SUFFIX)
FBNAME		= $(FBSTEM).efi
FBSONAME	= $(FBSTEM).so
SHIMSTEM	?= shim$(ARCH_SUFFIX)
SHIMNAME	= $(SHIMSTEM).efi
SHIMSONAME	= $(SHIMSTEM).so
SHIMHASHNAME	= $(SHIMSTEM).hash
BOOTEFINAME	?= BOOT$(ARCH_SUFFIX_UPPER).EFI
BOOTCSVNAME	?= BOOT$(ARCH_SUFFIX_UPPER).CSV

CFLAGS += "-DEFI_ARCH=L\"$(ARCH_SUFFIX)\"" "-DDEBUGDIR=L\"/usr/lib/debug/usr/share/shim/$(ARCH_SUFFIX)-$(VERSION)$(DASHRELEASE)/\""

ifneq ($(origin VENDOR_CERT_FILE), undefined)
	CFLAGS += -DVENDOR_CERT_FILE=\"$(VENDOR_CERT_FILE)\"
endif
ifneq ($(origin VENDOR_DBX_FILE), undefined)
	CFLAGS += -DVENDOR_DBX_FILE=\"$(VENDOR_DBX_FILE)\"
endif

LDFLAGS		= --hash-style=sysv -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsymbolic -L$(EFI_PATH) -L$(LIBDIR) -LCryptlib -LCryptlib/OpenSSL $(EFI_CRT_OBJS) --build-id=sha1

TARGETS	= $(SHIMNAME)
TARGETS += $(SHIMNAME).debug $(MMNAME).debug $(FBNAME).debug
ifneq ($(origin ENABLE_SHIM_HASH),undefined)
TARGETS += $(SHIMHASHNAME)
endif
ifneq ($(origin ENABLE_SHIM_CERT),undefined)
TARGETS	+= $(MMNAME).signed $(FBNAME).signed
CFLAGS += -DENABLE_SHIM_CERT
else
TARGETS += $(MMNAME) $(FBNAME)
endif
OBJS	= shim.o netboot.o cert.o replacements.o tpm.o version.o
KEYS	= shim_cert.h ocsp.* ca.* shim.crt shim.csr shim.p12 shim.pem shim.key shim.cer
ORIG_SOURCES	= shim.c shim.h netboot.c include/PeImage.h include/wincert.h include/console.h replacements.c replacements.h tpm.c tpm.h version.h
MOK_OBJS = MokManager.o PasswordCrypt.o crypt_blowfish.o
ORIG_MOK_SOURCES = MokManager.c shim.h include/console.h PasswordCrypt.c PasswordCrypt.h crypt_blowfish.c crypt_blowfish.h
FALLBACK_OBJS = fallback.o tpm.o
ORIG_FALLBACK_SRCS = fallback.c

ifneq ($(origin ENABLE_HTTPBOOT), undefined)
	OBJS += httpboot.o
	SOURCES += httpboot.c httpboot.h
endif

SOURCES = $(foreach source,$(ORIG_SOURCES),$(TOPDIR)/$(source)) version.c
MOK_SOURCES = $(foreach source,$(ORIG_MOK_SOURCES),$(TOPDIR)/$(source))
FALLBACK_SRCS = $(foreach source,$(ORIG_FALLBACK_SRCS),$(TOPDIR)/$(source))

all: $(TARGETS)

shim.crt:
	$(TOPDIR)/make-certs shim shim@xn--u4h.net all codesign 1.3.6.1.4.1.311.10.3.1 </dev/null

shim.cer: shim.crt
	$(OPENSSL) x509 -outform der -in $< -out $@

shim_cert.h: shim.cer
	echo "static UINT8 shim_cert[] = {" > $@
	$(HEXDUMP) -v -e '1/1 "0x%02x, "' $< >> $@
	echo "};" >> $@

version.c : $(TOPDIR)/version.c.in
	sed	-e "s,@@VERSION@@,$(VERSION)," \
		-e "s,@@UNAME@@,$(shell uname -a)," \
		-e "s,@@COMMIT@@,$(COMMITID)," \
		< $< > $@

certdb/secmod.db: shim.crt
	-mkdir certdb
	$(PK12UTIL) -d certdb/ -i shim.p12 -W "" -K ""
	$(CERTUTIL) -d certdb/ -A -i shim.crt -n shim -t u

shim.o: $(SOURCES)
ifneq ($(origin ENABLE_SHIM_CERT),undefined)
shim.o: shim_cert.h
endif
shim.o: $(wildcard $(TOPDIR)/*.h)

cert.o : $(TOPDIR)/cert.S
	$(CC) $(CFLAGS) -c -o $@ $<

$(SHIMNAME) : $(SHIMSONAME)
$(MMNAME) : $(MMSONAME)
$(FBNAME) : $(FBSONAME)

$(SHIMSONAME): $(OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a
	$(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS)

fallback.o: $(FALLBACK_SRCS)

$(FBSONAME): $(FALLBACK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a
	$(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS)

MokManager.o: $(MOK_SOURCES)

$(MMSONAME): $(MOK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a
	$(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) lib/lib.a

Cryptlib/libcryptlib.a:
	mkdir -p Cryptlib/{Hash,Hmac,Cipher,Rand,Pk,Pem,SysCall}
	$(MAKE) VPATH=$(TOPDIR)/Cryptlib TOPDIR=$(TOPDIR)/Cryptlib -C Cryptlib -f $(TOPDIR)/Cryptlib/Makefile

Cryptlib/OpenSSL/libopenssl.a:
	mkdir -p Cryptlib/OpenSSL/crypto/{x509v3,x509,txt_db,stack,sha,rsa,rc4,rand,pkcs7,pkcs12,pem,ocsp,objects,modes,md5,lhash,kdf,hmac,evp,err,dso,dh,conf,comp,cmac,buffer,bn,bio,async{,/arch},asn1,aes}/
	$(MAKE) VPATH=$(TOPDIR)/Cryptlib/OpenSSL TOPDIR=$(TOPDIR)/Cryptlib/OpenSSL -C Cryptlib/OpenSSL -f $(TOPDIR)/Cryptlib/OpenSSL/Makefile

lib/lib.a:
	if [ ! -d lib ]; then mkdir lib ; fi
	$(MAKE) VPATH=$(TOPDIR)/lib TOPDIR=$(TOPDIR) CFLAGS="$(CFLAGS)" -C lib -f $(TOPDIR)/lib/Makefile

buildid : $(TOPDIR)/buildid.c
	$(CC) -Og -g3 -Wall -Werror -Wextra -o $@ $< -lelf

$(BOOTCSVNAME) :
	@echo Making $@
	@( printf "\xff\xfe" ; echo "$(SHIMNAME),$(OSLABEL),,This is the boot entry for $(OSLABEL)" | sed -z 's/./&\x00/g' ) > $@

install-check :
ifeq ($(origin LIBDIR),undefined)
	$(error Architecture $(ARCH) is not a supported build target.)
endif
ifeq ($(origin EFIDIR),undefined)
	$(error EFIDIR must be set to your reserved EFI System Partition subdirectory name)
endif

install-deps : $(TARGETS)
install-deps : $(SHIMNAME).debug $(MMNAME).debug $(FBNAME).debug buildid
install-deps : $(BOOTCSVNAME)

install-debugsource : install-deps
	$(INSTALL) -d -m 0755 $(DESTDIR)/$(DEBUGSOURCE)/$(PKGNAME)-$(VERSION)$(DASHRELEASE)
	find $(TOPDIR) -type f -a '(' -iname '*.c' -o -iname '*.h' -o -iname '*.S' ')' | while read file ; do \
		outfile=$$(echo $${file} | sed -e "s,^$(TOPDIR),,") ; \
		$(INSTALL) -d -m 0755 $(DESTDIR)/$(DEBUGSOURCE)/$(PKGNAME)-$(VERSION)$(DASHRELEASE)/$$(dirname $${outfile}) ; \
		$(INSTALL) -m 0644 $${file} $(DESTDIR)/$(DEBUGSOURCE)/$(PKGNAME)-$(VERSION)$(DASHRELEASE)/$${outfile} ; \
	done

install-debuginfo : install-deps
	$(INSTALL) -d -m 0755 $(DESTDIR)/
	$(INSTALL) -d -m 0755 $(DESTDIR)/$(DEBUGINFO)$(TARGETDIR)/
	@./buildid $(wildcard *.efi.debug) | while read file buildid ; do \
		first=$$(echo $${buildid} | cut -b -2) ; \
		rest=$$(echo $${buildid} | cut -b 3-) ; \
		$(INSTALL) -d -m 0755 $(DESTDIR)/$(DEBUGINFO).build-id/$${first}/ ;\
		$(INSTALL) -m 0644 $${file} $(DESTDIR)/$(DEBUGINFO)$(TARGETDIR) ; \
		ln -s ../../../../..$(DEBUGINFO)$(TARGETDIR)$${file} $(DESTDIR)/$(DEBUGINFO).build-id/$${first}/$${rest}.debug ;\
		ln -s ../../../.build-id/$${first}/$${rest} $(DESTDIR)/$(DEBUGINFO).build-id/$${first}/$${rest} ;\
	done

install : | install-check
install : install-deps install-debuginfo install-debugsource
	$(INSTALL) -d -m 0755 $(DESTDIR)/
	$(INSTALL) -d -m 0700 $(DESTDIR)/$(ESPROOTDIR)
	$(INSTALL) -d -m 0755 $(DESTDIR)/$(EFIBOOTDIR)
	$(INSTALL) -d -m 0755 $(DESTDIR)/$(TARGETDIR)
	$(INSTALL) -m 0644 $(SHIMNAME) $(DESTDIR)/$(EFIBOOTDIR)/$(BOOTEFINAME)
	$(INSTALL) -m 0644 $(SHIMNAME) $(DESTDIR)/$(TARGETDIR)/
	$(INSTALL) -m 0644 $(BOOTCSVNAME) $(DESTDIR)/$(TARGETDIR)/
ifneq ($(origin ENABLE_SHIM_CERT),undefined)
	$(INSTALL) -m 0644 $(FBNAME).signed $(DESTDIR)/$(EFIBOOTDIR)/$(FBNAME)
	$(INSTALL) -m 0644 $(MMNAME).signed $(DESTDIR)/$(EFIBOOTDIR)/$(MMNAME)
	$(INSTALL) -m 0644 $(MMNAME).signed $(DESTDIR)/$(TARGETDIR)/$(MMNAME)
else
	$(INSTALL) -m 0644 $(FBNAME) $(DESTDIR)/$(EFIBOOTDIR)/
	$(INSTALL) -m 0644 $(MMNAME) $(DESTDIR)/$(EFIBOOTDIR)/
	$(INSTALL) -m 0644 $(MMNAME) $(DESTDIR)/$(TARGETDIR)/
endif

install-as-data : install-deps
	$(INSTALL) -d -m 0755 $(DESTDIR)/$(DATATARGETDIR)
	$(INSTALL) -m 0644 $(SHIMNAME) $(DESTDIR)/$(DATATARGETDIR)/
ifneq ($(origin ENABLE_SHIM_HASH),undefined)
	$(INSTALL) -m 0644 $(SHIMHASHNAME) $(DESTDIR)/$(DATATARGETDIR)/
endif
ifneq ($(origin ENABLE_SHIM_CERT),undefined)
	$(INSTALL) -m 0644 $(MMNAME).signed $(DESTDIR)/$(DATATARGETDIR)/$(MMNAME)
	$(INSTALL) -m 0644 $(FBNAME).signed $(DESTDIR)/$(DATATARGETDIR)/$(FBNAME)
else
	$(INSTALL) -m 0644 $(MMNAME) $(DESTDIR)/$(DATATARGETDIR)/$(MMNAME)
	$(INSTALL) -m 0644 $(FBNAME) $(DESTDIR)/$(DATATARGETDIR)/$(FBNAME)
endif

%.efi: %.so
ifneq ($(OBJCOPY_GTE224),1)
	$(error objcopy >= 2.24 is required)
endif
	$(OBJCOPY) -j .text -j .sdata -j .data -j .data.ident \
		-j .dynamic -j .dynsym -j .rel* \
		-j .rela* -j .reloc -j .eh_frame \
		-j .vendor_cert \
		$(FORMAT) $^ $@

ifneq ($(origin ENABLE_SHIM_HASH),undefined)
%.hash : %.efi
	$(PESIGN) -i $< -P -h > $@
endif

%.efi.debug : %.so
ifneq ($(OBJCOPY_GTE224),1)
	$(error objcopy >= 2.24 is required)
endif
	$(OBJCOPY) -j .text -j .sdata -j .data \
		-j .dynamic -j .dynsym -j .rel* \
		-j .rela* -j .reloc -j .eh_frame \
		-j .debug_info -j .debug_abbrev -j .debug_aranges \
		-j .debug_line -j .debug_str -j .debug_ranges \
		-j .note.gnu.build-id \
		$^ $@

ifneq ($(origin ENABLE_SBSIGN),undefined)
%.efi.signed: %.efi shim.key shim.crt
	$(SBSIGN) --key shim.key --cert shim.crt --output $@ $<
else
%.efi.signed: %.efi certdb/secmod.db
	$(PESIGN) -n certdb -i $< -c "shim" -s -o $@ -f
endif

clean:
	$(MAKE) -C Cryptlib -f $(TOPDIR)/Cryptlib/Makefile clean
	$(MAKE) -C Cryptlib/OpenSSL -f $(TOPDIR)/Cryptlib/OpenSSL/Makefile clean
	$(MAKE) -C lib -f $(TOPDIR)/lib/Makefile clean
	rm -rf $(TARGET) $(OBJS) $(MOK_OBJS) $(FALLBACK_OBJS) $(KEYS) certdb
	rm -f *.debug *.so *.efi *.tar.* version.c

GITTAG = $(VERSION)

test-archive:
	@rm -rf /tmp/shim-$(VERSION) /tmp/shim-$(VERSION)-tmp
	@mkdir -p /tmp/shim-$(VERSION)-tmp
	@git archive --format=tar $(shell git branch | awk '/^*/ { print $$2 }') | ( cd /tmp/shim-$(VERSION)-tmp/ ; tar x )
	@git diff | ( cd /tmp/shim-$(VERSION)-tmp/ ; patch -s -p1 -b -z .gitdiff )
	@mv /tmp/shim-$(VERSION)-tmp/ /tmp/shim-$(VERSION)/
	@git log -1 --pretty=format:%H > /tmp/shim-$(VERSION)/commit
	@dir=$$PWD; cd /tmp; tar -c --bzip2 -f $$dir/shim-$(VERSION).tar.bz2 shim-$(VERSION)
	@rm -rf /tmp/shim-$(VERSION)
	@echo "The archive is in shim-$(VERSION).tar.bz2"

tag:
	git tag --sign $(GITTAG) refs/heads/master
	git tag -f latest-release $(GITTAG)

archive: tag
	@rm -rf /tmp/shim-$(VERSION) /tmp/shim-$(VERSION)-tmp
	@mkdir -p /tmp/shim-$(VERSION)-tmp
	@git archive --format=tar $(GITTAG) | ( cd /tmp/shim-$(VERSION)-tmp/ ; tar x )
	@mv /tmp/shim-$(VERSION)-tmp/ /tmp/shim-$(VERSION)/
	@git log -1 --pretty=format:%H > /tmp/shim-$(VERSION)/commit
	@dir=$$PWD; cd /tmp; tar -c --bzip2 -f $$dir/shim-$(VERSION).tar.bz2 shim-$(VERSION)
	@rm -rf /tmp/shim-$(VERSION)
	@echo "The archive is in shim-$(VERSION).tar.bz2"

.PHONY : install-deps

export ARCH CC LD OBJCOPY EFI_INCLUDE
Commit	Line	Data
f4173af1	1	VERSION = 12
ab881f03 MTL	2	ifneq ($(origin RELEASE),undefined)
	3	DASHRELEASE ?= -$(RELEASE)
	4	else
	5	DASHRELEASE ?=
d3819813 MTL	6	endif
d3819813 MTL	7
f4173af1 MTL	8	ifeq ($(MAKELEVEL),0)
	9	TOPDIR ?= $(shell pwd)
	10	endif
	11	override TOPDIR := $(abspath $(TOPDIR))
	12	VPATH = $(TOPDIR)
	13
f7a18215 AB	14	CC = $(CROSS_COMPILE)gcc
	15	LD = $(CROSS_COMPILE)ld
	16	OBJCOPY = $(CROSS_COMPILE)objcopy
f4173af1 MTL	17	OPENSSL ?= openssl
f4173af1 MTL	18	HEXDUMP ?= hexdump
ab881f03	19	INSTALL ?= install
f4173af1 MTL	20	PK12UTIL ?= pk12util
	21	CERTUTIL ?= certutil
	22	PESIGN ?= pesign
ab881f03 MTL	23	SBSIGN ?= sbsign
	24	prefix ?= /usr
	25	prefix := $(abspath $(prefix))
	26	datadir ?= $(prefix)/share/
	27	PKGNAME ?= shim
	28	ESPROOTDIR ?= boot/efi/
	29	EFIBOOTDIR ?= $(ESPROOTDIR)EFI/BOOT/
	30	TARGETDIR ?= $(ESPROOTDIR)EFI/$(EFIDIR)/
	31	DATATARGETDIR ?= $(datadir)/$(PKGNAME)/$(VERSION)$(DASHRELEASE)/$(ARCH_SUFFIX)/
	32	DEBUGINFO ?= $(prefix)/lib/debug/
	33	DEBUGSOURCE ?= $(prefix)/src/debug/
	34	OSLABEL ?= $(EFIDIR)
	35	DEFAULT_LOADER ?= \\\\grub$(ARCH_SUFFIX).efi
f7a18215	36
f4173af1	37	ARCH ?= $(shell $(CC) -dumpmachine \| cut -f1 -d- \| sed s,i[3456789]86,ia32,)
ab881f03	38	OBJCOPY_GTE224 = $(shell expr `$(OBJCOPY) --version \|grep ^"GNU objcopy" \| sed 's/^.\((.)\\|version\) //g' \| cut -f1-2 -d.` \>= 2.24)
b2fe1780	39
f4173af1	40	SUBDIRS = $(TOPDIR)/Cryptlib $(TOPDIR)/lib
b2d0e06f	41
f7a18215	42	EFI_INCLUDE := /usr/include/efi
f4173af1 MTL	43	EFI_INCLUDES = -nostdinc -I$(TOPDIR)/Cryptlib -I$(TOPDIR)/Cryptlib/Include \
	44	-I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol \
	45	-I$(TOPDIR)/include -iquote $(TOPDIR) -iquote $(shell pwd)
b2fe1780 MG	46
b2fe1780 MG	47	LIB_GCC = $(shell $(CC) -print-libgcc-file-name)
b2d0e06f	48	EFI_LIBS = -lefi -lgnuefi --start-group Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a --end-group $(LIB_GCC)
b2fe1780	49
05b61752	50	EFI_CRT_OBJS = $(EFI_PATH)/crt0-efi-$(ARCH).o
f4173af1	51	EFI_LDS = $(TOPDIR)/elf_$(ARCH)_efi.lds
b2fe1780	52
632503aa	53	CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \
f7a18215	54	-fshort-wchar -Wall -Wsign-compare -Werror -fno-builtin \
d3819813 MTL	55	-Werror=sign-compare -ffreestanding -std=gnu89 \
d3819813 MTL	56	-I$(shell $(CC) -print-file-name=include) \
e053c227 PJ	57	"-DDEFAULT_LOADER=L\"$(DEFAULT_LOADER)\"" \
e053c227 PJ	58	"-DDEFAULT_LOADER_CHAR=\"$(DEFAULT_LOADER)\"" \
b2fe1780	59	$(EFI_INCLUDES)
bb2fe4cf	60
f4173af1 MTL	61	COMMITID ?= $(shell if [ -d .git ] ; then git log -1 --pretty=format:%H ; elif [ -f commit ]; then cat commit ; else echo commit id not available; fi)
f4173af1 MTL	62
bb2fe4cf PJ	63	ifneq ($(origin OVERRIDE_SECURITY_POLICY), undefined)
	64	CFLAGS += -DOVERRIDE_SECURITY_POLICY
	65	endif
f7a18215	66
62f0afa2 MTL	67	ifneq ($(origin ENABLE_HTTPBOOT), undefined)
	68	CFLAGS += -DENABLE_HTTPBOOT
	69	endif
	70
b2fe1780	71	ifeq ($(ARCH),x86_64)
d3819813	72	CFLAGS += -mno-mmx -mno-sse -mno-red-zone -nostdinc \
ab881f03 MTL	73	-maccumulate-outgoing-args \
	74	-DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI \
	75	-DNO_BUILTIN_VA_FUNCS -DMDE_CPU_X64 -DPAGE_SIZE=4096
	76	LIBDIR ?= $(prefix)/lib64
	77	ARCH_SUFFIX ?= x64
	78	ARCH_SUFFIX_UPPER ?= X64
b2fe1780	79	endif
6caa9bad	80	ifeq ($(ARCH),ia32)
d3819813	81	CFLAGS += -mno-mmx -mno-sse -mno-red-zone -nostdinc \
ab881f03 MTL	82	-maccumulate-outgoing-args -m32 \
	83	-DMDE_CPU_IA32 -DPAGE_SIZE=4096
	84	LIBDIR ?= $(prefix)/lib
	85	ARCH_SUFFIX ?= ia32
	86	ARCH_SUFFIX_UPPER ?= IA32
6caa9bad	87	endif
9196c7cf	88	ifeq ($(ARCH),aarch64)
ab881f03 MTL	89	CFLAGS += -DMDE_CPU_AARCH64 -DPAGE_SIZE=4096 -mstrict-align
	90	LIBDIR ?= $(prefix)/lib64
	91	ARCH_SUFFIX ?= aa64
	92	ARCH_SUFFIX_UPPER ?= AA64
	93	FORMAT := -O binary
	94	SUBSYSTEM := 0xa
	95	LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM)
	96	endif
	97	ifeq ($(ARCH),arm)
	98	CFLAGS += -DMDE_CPU_ARM -DPAGE_SIZE=4096 -mstrict-align
	99	LIBDIR ?= $(prefix)/lib
	100	ARCH_SUFFIX ?= arm
	101	ARCH_SUFFIX_UPPER ?= ARM
	102	FORMAT := -O binary
	103	SUBSYSTEM := 0xa
	104	LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM)
221faac5 AB	105	endif
221faac5 AB	106
ab881f03 MTL	107	FORMAT ?= --target efi-app-$(ARCH)
	108	EFI_PATH ?= $(LIBDIR)/gnuefi
	109
	110	MMSTEM ?= mm$(ARCH_SUFFIX)
	111	MMNAME = $(MMSTEM).efi
	112	MMSONAME = $(MMSTEM).so
	113	FBSTEM ?= fb$(ARCH_SUFFIX)
	114	FBNAME = $(FBSTEM).efi
	115	FBSONAME = $(FBSTEM).so
	116	SHIMSTEM ?= shim$(ARCH_SUFFIX)
	117	SHIMNAME = $(SHIMSTEM).efi
	118	SHIMSONAME = $(SHIMSTEM).so
	119	SHIMHASHNAME = $(SHIMSTEM).hash
	120	BOOTEFINAME ?= BOOT$(ARCH_SUFFIX_UPPER).EFI
	121	BOOTCSVNAME ?= BOOT$(ARCH_SUFFIX_UPPER).CSV
	122
	123	CFLAGS += "-DEFI_ARCH=L\"$(ARCH_SUFFIX)\"" "-DDEBUGDIR=L\"/usr/lib/debug/usr/share/shim/$(ARCH_SUFFIX)-$(VERSION)$(DASHRELEASE)/\""
	124
8518b8cc PJ	125	ifneq ($(origin VENDOR_CERT_FILE), undefined)
	126	CFLAGS += -DVENDOR_CERT_FILE=\"$(VENDOR_CERT_FILE)\"
	127	endif
ff1409c3 PJ	128	ifneq ($(origin VENDOR_DBX_FILE), undefined)
	129	CFLAGS += -DVENDOR_DBX_FILE=\"$(VENDOR_DBX_FILE)\"
	130	endif
8518b8cc	131
ab881f03	132	LDFLAGS = --hash-style=sysv -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsymbolic -L$(EFI_PATH) -L$(LIBDIR) -LCryptlib -LCryptlib/OpenSSL $(EFI_CRT_OBJS) --build-id=sha1
43eeb538	133
ab881f03 MTL	134	TARGETS = $(SHIMNAME)
	135	TARGETS += $(SHIMNAME).debug $(MMNAME).debug $(FBNAME).debug
	136	ifneq ($(origin ENABLE_SHIM_HASH),undefined)
	137	TARGETS += $(SHIMHASHNAME)
	138	endif
	139	ifneq ($(origin ENABLE_SHIM_CERT),undefined)
	140	TARGETS += $(MMNAME).signed $(FBNAME).signed
	141	CFLAGS += -DENABLE_SHIM_CERT
	142	else
	143	TARGETS += $(MMNAME) $(FBNAME)
	144	endif
d3819813	145	OBJS = shim.o netboot.o cert.o replacements.o tpm.o version.o
2892db7f	146	KEYS = shim_cert.h ocsp.* ca.* shim.crt shim.csr shim.p12 shim.pem shim.key shim.cer
f4173af1	147	ORIG_SOURCES = shim.c shim.h netboot.c include/PeImage.h include/wincert.h include/console.h replacements.c replacements.h tpm.c tpm.h version.h
114dad49	148	MOK_OBJS = MokManager.o PasswordCrypt.o crypt_blowfish.o
f4173af1	149	ORIG_MOK_SOURCES = MokManager.c shim.h include/console.h PasswordCrypt.c PasswordCrypt.h crypt_blowfish.c crypt_blowfish.h
ab881f03	150	FALLBACK_OBJS = fallback.o tpm.o
f4173af1	151	ORIG_FALLBACK_SRCS = fallback.c
b2fe1780	152
62f0afa2 MTL	153	ifneq ($(origin ENABLE_HTTPBOOT), undefined)
	154	OBJS += httpboot.o
	155	SOURCES += httpboot.c httpboot.h
	156	endif
	157
f4173af1 MTL	158	SOURCES = $(foreach source,$(ORIG_SOURCES),$(TOPDIR)/$(source)) version.c
	159	MOK_SOURCES = $(foreach source,$(ORIG_MOK_SOURCES),$(TOPDIR)/$(source))
	160	FALLBACK_SRCS = $(foreach source,$(ORIG_FALLBACK_SRCS),$(TOPDIR)/$(source))
	161
ab881f03	162	all: $(TARGETS)
b2fe1780	163
ef8c9962	164	shim.crt:
f4173af1	165	$(TOPDIR)/make-certs shim shim@xn--u4h.net all codesign 1.3.6.1.4.1.311.10.3.1 </dev/null
ef8c9962 MG	166
ef8c9962 MG	167	shim.cer: shim.crt
f4173af1	168	$(OPENSSL) x509 -outform der -in $< -out $@
ef8c9962 MG	169
	170	shim_cert.h: shim.cer
	171	echo "static UINT8 shim_cert[] = {" > $@
f4173af1	172	$(HEXDUMP) -v -e '1/1 "0x%02x, "' $< >> $@
ef8c9962 MG	173	echo "};" >> $@
ef8c9962 MG	174
f4173af1	175	version.c : $(TOPDIR)/version.c.in
0fb089ee PJ	176	sed -e "s,@@VERSION@@,$(VERSION)," \
0fb089ee PJ	177	-e "s,@@UNAME@@,$(shell uname -a)," \
f4173af1 MTL	178	-e "s,@@COMMIT@@,$(COMMITID)," \
f4173af1 MTL	179	< $< > $@
0fb089ee	180
ef8c9962 MG	181	certdb/secmod.db: shim.crt
ef8c9962 MG	182	-mkdir certdb
f4173af1 MTL	183	$(PK12UTIL) -d certdb/ -i shim.p12 -W "" -K ""
f4173af1 MTL	184	$(CERTUTIL) -d certdb/ -A -i shim.crt -n shim -t u
ef8c9962	185
ab881f03 MTL	186	shim.o: $(SOURCES)
	187	ifneq ($(origin ENABLE_SHIM_CERT),undefined)
	188	shim.o: shim_cert.h
	189	endif
	190	shim.o: $(wildcard $(TOPDIR)/*.h)
b2fe1780	191
f4173af1	192	cert.o : $(TOPDIR)/cert.S
8518b8cc PJ	193	$(CC) $(CFLAGS) -c -o $@ $<
8518b8cc PJ	194
ab881f03 MTL	195	$(SHIMNAME) : $(SHIMSONAME)
	196	$(MMNAME) : $(MMSONAME)
	197	$(FBNAME) : $(FBSONAME)
	198
	199	$(SHIMSONAME): $(OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a
7f055335 MG	200	$(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS)
7f055335 MG	201
eb9f7f1c PJ	202	fallback.o: $(FALLBACK_SRCS)
eb9f7f1c PJ	203
ab881f03	204	$(FBSONAME): $(FALLBACK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a
eb9f7f1c PJ	205	$(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS)
eb9f7f1c PJ	206
3a838b14	207	MokManager.o: $(MOK_SOURCES)
333bd977	208
ab881f03	209	$(MMSONAME): $(MOK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a
17857eb8	210	$(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) lib/lib.a
333bd977	211
b2d0e06f	212	Cryptlib/libcryptlib.a:
f4173af1 MTL	213	mkdir -p Cryptlib/{Hash,Hmac,Cipher,Rand,Pk,Pem,SysCall}
f4173af1 MTL	214	$(MAKE) VPATH=$(TOPDIR)/Cryptlib TOPDIR=$(TOPDIR)/Cryptlib -C Cryptlib -f $(TOPDIR)/Cryptlib/Makefile
b2d0e06f MG	215
b2d0e06f MG	216	Cryptlib/OpenSSL/libopenssl.a:
f4173af1 MTL	217	mkdir -p Cryptlib/OpenSSL/crypto/{x509v3,x509,txt_db,stack,sha,rsa,rc4,rand,pkcs7,pkcs12,pem,ocsp,objects,modes,md5,lhash,kdf,hmac,evp,err,dso,dh,conf,comp,cmac,buffer,bn,bio,async{,/arch},asn1,aes}/
f4173af1 MTL	218	$(MAKE) VPATH=$(TOPDIR)/Cryptlib/OpenSSL TOPDIR=$(TOPDIR)/Cryptlib/OpenSSL -C Cryptlib/OpenSSL -f $(TOPDIR)/Cryptlib/OpenSSL/Makefile
b2d0e06f	219
17857eb8	220	lib/lib.a:
f4173af1 MTL	221	if [ ! -d lib ]; then mkdir lib ; fi
f4173af1 MTL	222	$(MAKE) VPATH=$(TOPDIR)/lib TOPDIR=$(TOPDIR) CFLAGS="$(CFLAGS)" -C lib -f $(TOPDIR)/lib/Makefile
f7a18215	223
ab881f03 MTL	224	buildid : $(TOPDIR)/buildid.c
	225	$(CC) -Og -g3 -Wall -Werror -Wextra -o $@ $< -lelf
	226
	227	$(BOOTCSVNAME) :
	228	@echo Making $@
	229	@( printf "\xff\xfe" ; echo "$(SHIMNAME),$(OSLABEL),,This is the boot entry for $(OSLABEL)" \| sed -z 's/./&\x00/g' ) > $@
	230
	231	install-check :
	232	ifeq ($(origin LIBDIR),undefined)
	233	$(error Architecture $(ARCH) is not a supported build target.)
	234	endif
	235	ifeq ($(origin EFIDIR),undefined)
	236	$(error EFIDIR must be set to your reserved EFI System Partition subdirectory name)
9196c7cf AB	237	endif
9196c7cf AB	238
ab881f03 MTL	239	install-deps : $(TARGETS)
	240	install-deps : $(SHIMNAME).debug $(MMNAME).debug $(FBNAME).debug buildid
	241	install-deps : $(BOOTCSVNAME)
	242
	243	install-debugsource : install-deps
	244	$(INSTALL) -d -m 0755 $(DESTDIR)/$(DEBUGSOURCE)/$(PKGNAME)-$(VERSION)$(DASHRELEASE)
	245	find $(TOPDIR) -type f -a '(' -iname '.c' -o -iname '.h' -o -iname '*.S' ')' \| while read file ; do \
	246	outfile=$$(echo $${file} \| sed -e "s,^$(TOPDIR),,") ; \
	247	$(INSTALL) -d -m 0755 $(DESTDIR)/$(DEBUGSOURCE)/$(PKGNAME)-$(VERSION)$(DASHRELEASE)/$$(dirname $${outfile}) ; \
	248	$(INSTALL) -m 0644 $${file} $(DESTDIR)/$(DEBUGSOURCE)/$(PKGNAME)-$(VERSION)$(DASHRELEASE)/$${outfile} ; \
	249	done
	250
	251	install-debuginfo : install-deps
	252	$(INSTALL) -d -m 0755 $(DESTDIR)/
	253	$(INSTALL) -d -m 0755 $(DESTDIR)/$(DEBUGINFO)$(TARGETDIR)/
	254	@./buildid $(wildcard *.efi.debug) \| while read file buildid ; do \
	255	first=$$(echo $${buildid} \| cut -b -2) ; \
	256	rest=$$(echo $${buildid} \| cut -b 3-) ; \
	257	$(INSTALL) -d -m 0755 $(DESTDIR)/$(DEBUGINFO).build-id/$${first}/ ;\
	258	$(INSTALL) -m 0644 $${file} $(DESTDIR)/$(DEBUGINFO)$(TARGETDIR) ; \
	259	ln -s ../../../../..$(DEBUGINFO)$(TARGETDIR)$${file} $(DESTDIR)/$(DEBUGINFO).build-id/$${first}/$${rest}.debug ;\
	260	ln -s ../../../.build-id/$${first}/$${rest} $(DESTDIR)/$(DEBUGINFO).build-id/$${first}/$${rest} ;\
	261	done
	262
	263	install : \| install-check
	264	install : install-deps install-debuginfo install-debugsource
	265	$(INSTALL) -d -m 0755 $(DESTDIR)/
	266	$(INSTALL) -d -m 0700 $(DESTDIR)/$(ESPROOTDIR)
	267	$(INSTALL) -d -m 0755 $(DESTDIR)/$(EFIBOOTDIR)
	268	$(INSTALL) -d -m 0755 $(DESTDIR)/$(TARGETDIR)
	269	$(INSTALL) -m 0644 $(SHIMNAME) $(DESTDIR)/$(EFIBOOTDIR)/$(BOOTEFINAME)
	270	$(INSTALL) -m 0644 $(SHIMNAME) $(DESTDIR)/$(TARGETDIR)/
	271	$(INSTALL) -m 0644 $(BOOTCSVNAME) $(DESTDIR)/$(TARGETDIR)/
	272	ifneq ($(origin ENABLE_SHIM_CERT),undefined)
	273	$(INSTALL) -m 0644 $(FBNAME).signed $(DESTDIR)/$(EFIBOOTDIR)/$(FBNAME)
	274	$(INSTALL) -m 0644 $(MMNAME).signed $(DESTDIR)/$(EFIBOOTDIR)/$(MMNAME)
	275	$(INSTALL) -m 0644 $(MMNAME).signed $(DESTDIR)/$(TARGETDIR)/$(MMNAME)
	276	else
	277	$(INSTALL) -m 0644 $(FBNAME) $(DESTDIR)/$(EFIBOOTDIR)/
	278	$(INSTALL) -m 0644 $(MMNAME) $(DESTDIR)/$(EFIBOOTDIR)/
	279	$(INSTALL) -m 0644 $(MMNAME) $(DESTDIR)/$(TARGETDIR)/
221faac5 AB	280	endif
221faac5 AB	281
ab881f03 MTL	282	install-as-data : install-deps
	283	$(INSTALL) -d -m 0755 $(DESTDIR)/$(DATATARGETDIR)
	284	$(INSTALL) -m 0644 $(SHIMNAME) $(DESTDIR)/$(DATATARGETDIR)/
	285	ifneq ($(origin ENABLE_SHIM_HASH),undefined)
	286	$(INSTALL) -m 0644 $(SHIMHASHNAME) $(DESTDIR)/$(DATATARGETDIR)/
	287	endif
	288	ifneq ($(origin ENABLE_SHIM_CERT),undefined)
	289	$(INSTALL) -m 0644 $(MMNAME).signed $(DESTDIR)/$(DATATARGETDIR)/$(MMNAME)
	290	$(INSTALL) -m 0644 $(FBNAME).signed $(DESTDIR)/$(DATATARGETDIR)/$(FBNAME)
	291	else
	292	$(INSTALL) -m 0644 $(MMNAME) $(DESTDIR)/$(DATATARGETDIR)/$(MMNAME)
	293	$(INSTALL) -m 0644 $(FBNAME) $(DESTDIR)/$(DATATARGETDIR)/$(FBNAME)
	294	endif
17857eb8	295
b2d0e06f	296	%.efi: %.so
d3819813 MTL	297	ifneq ($(OBJCOPY_GTE224),1)
	298	$(error objcopy >= 2.24 is required)
	299	endif
f4173af1	300	$(OBJCOPY) -j .text -j .sdata -j .data -j .data.ident \
ab881f03	301	-j .dynamic -j .dynsym -j .rel* \
f7a18215	302	-j .rela* -j .reloc -j .eh_frame \
c682b514	303	-j .vendor_cert \
ab881f03 MTL	304	$(FORMAT) $^ $@
	305
	306	ifneq ($(origin ENABLE_SHIM_HASH),undefined)
	307	%.hash : %.efi
	308	$(PESIGN) -i $< -P -h > $@
	309	endif
	310
	311	%.efi.debug : %.so
	312	ifneq ($(OBJCOPY_GTE224),1)
	313	$(error objcopy >= 2.24 is required)
	314	endif
f7a18215	315	$(OBJCOPY) -j .text -j .sdata -j .data \
ab881f03	316	-j .dynamic -j .dynsym -j .rel* \
f7a18215	317	-j .rela* -j .reloc -j .eh_frame \
5b1bf558 MG	318	-j .debug_info -j .debug_abbrev -j .debug_aranges \
5b1bf558 MG	319	-j .debug_line -j .debug_str -j .debug_ranges \
d3819813	320	-j .note.gnu.build-id \
ab881f03	321	$^ $@
b2fe1780	322
ab881f03 MTL	323	ifneq ($(origin ENABLE_SBSIGN),undefined)
	324	%.efi.signed: %.efi shim.key shim.crt
	325	$(SBSIGN) --key shim.key --cert shim.crt --output $@ $<
	326	else
ef8c9962	327	%.efi.signed: %.efi certdb/secmod.db
f4173af1	328	$(PESIGN) -n certdb -i $< -c "shim" -s -o $@ -f
ab881f03	329	endif
ef8c9962	330
b2fe1780	331	clean:
f4173af1 MTL	332	$(MAKE) -C Cryptlib -f $(TOPDIR)/Cryptlib/Makefile clean
	333	$(MAKE) -C Cryptlib/OpenSSL -f $(TOPDIR)/Cryptlib/OpenSSL/Makefile clean
	334	$(MAKE) -C lib -f $(TOPDIR)/lib/Makefile clean
1de10962	335	rm -rf $(TARGET) $(OBJS) $(MOK_OBJS) $(FALLBACK_OBJS) $(KEYS) certdb
0fb089ee	336	rm -f .debug .so .efi .tar.* version.c
43eeb538 PJ	337
	338	GITTAG = $(VERSION)
	339
	340	test-archive:
	341	@rm -rf /tmp/shim-$(VERSION) /tmp/shim-$(VERSION)-tmp
	342	@mkdir -p /tmp/shim-$(VERSION)-tmp
	343	@git archive --format=tar $(shell git branch \| awk '/^*/ { print $$2 }') \| ( cd /tmp/shim-$(VERSION)-tmp/ ; tar x )
	344	@git diff \| ( cd /tmp/shim-$(VERSION)-tmp/ ; patch -s -p1 -b -z .gitdiff )
	345	@mv /tmp/shim-$(VERSION)-tmp/ /tmp/shim-$(VERSION)/
0fb089ee	346	@git log -1 --pretty=format:%H > /tmp/shim-$(VERSION)/commit
43eeb538 PJ	347	@dir=$$PWD; cd /tmp; tar -c --bzip2 -f $$dir/shim-$(VERSION).tar.bz2 shim-$(VERSION)
	348	@rm -rf /tmp/shim-$(VERSION)
	349	@echo "The archive is in shim-$(VERSION).tar.bz2"
	350
acac3380 PJ	351	tag:
acac3380 PJ	352	git tag --sign $(GITTAG) refs/heads/master
f4173af1	353	git tag -f latest-release $(GITTAG)
acac3380 PJ	354
acac3380 PJ	355	archive: tag
43eeb538 PJ	356	@rm -rf /tmp/shim-$(VERSION) /tmp/shim-$(VERSION)-tmp
	357	@mkdir -p /tmp/shim-$(VERSION)-tmp
	358	@git archive --format=tar $(GITTAG) \| ( cd /tmp/shim-$(VERSION)-tmp/ ; tar x )
	359	@mv /tmp/shim-$(VERSION)-tmp/ /tmp/shim-$(VERSION)/
0fb089ee	360	@git log -1 --pretty=format:%H > /tmp/shim-$(VERSION)/commit
43eeb538 PJ	361	@dir=$$PWD; cd /tmp; tar -c --bzip2 -f $$dir/shim-$(VERSION).tar.bz2 shim-$(VERSION)
	362	@rm -rf /tmp/shim-$(VERSION)
	363	@echo "The archive is in shim-$(VERSION).tar.bz2"
f7a18215	364
ab881f03 MTL	365	.PHONY : install-deps
ab881f03 MTL	366
f7a18215	367	export ARCH CC LD OBJCOPY EFI_INCLUDE