]>
Commit | Line | Data |
---|---|---|
f4173af1 | 1 | VERSION = 12 |
ab881f03 MTL |
2 | ifneq ($(origin RELEASE),undefined) |
3 | DASHRELEASE ?= -$(RELEASE) | |
4 | else | |
5 | DASHRELEASE ?= | |
d3819813 MTL |
6 | endif |
7 | ||
f4173af1 MTL |
8 | ifeq ($(MAKELEVEL),0) |
9 | TOPDIR ?= $(shell pwd) | |
10 | endif | |
11 | override TOPDIR := $(abspath $(TOPDIR)) | |
12 | VPATH = $(TOPDIR) | |
13 | ||
f7a18215 AB |
14 | CC = $(CROSS_COMPILE)gcc |
15 | LD = $(CROSS_COMPILE)ld | |
16 | OBJCOPY = $(CROSS_COMPILE)objcopy | |
f4173af1 MTL |
17 | OPENSSL ?= openssl |
18 | HEXDUMP ?= hexdump | |
ab881f03 | 19 | INSTALL ?= install |
f4173af1 MTL |
20 | PK12UTIL ?= pk12util |
21 | CERTUTIL ?= certutil | |
22 | PESIGN ?= pesign | |
ab881f03 MTL |
23 | SBSIGN ?= sbsign |
24 | prefix ?= /usr | |
25 | prefix := $(abspath $(prefix)) | |
26 | datadir ?= $(prefix)/share/ | |
27 | PKGNAME ?= shim | |
28 | ESPROOTDIR ?= boot/efi/ | |
29 | EFIBOOTDIR ?= $(ESPROOTDIR)EFI/BOOT/ | |
30 | TARGETDIR ?= $(ESPROOTDIR)EFI/$(EFIDIR)/ | |
31 | DATATARGETDIR ?= $(datadir)/$(PKGNAME)/$(VERSION)$(DASHRELEASE)/$(ARCH_SUFFIX)/ | |
32 | DEBUGINFO ?= $(prefix)/lib/debug/ | |
33 | DEBUGSOURCE ?= $(prefix)/src/debug/ | |
34 | OSLABEL ?= $(EFIDIR) | |
35 | DEFAULT_LOADER ?= \\\\grub$(ARCH_SUFFIX).efi | |
f7a18215 | 36 | |
f4173af1 | 37 | ARCH ?= $(shell $(CC) -dumpmachine | cut -f1 -d- | sed s,i[3456789]86,ia32,) |
ab881f03 | 38 | OBJCOPY_GTE224 = $(shell expr `$(OBJCOPY) --version |grep ^"GNU objcopy" | sed 's/^.*\((.*)\|version\) //g' | cut -f1-2 -d.` \>= 2.24) |
b2fe1780 | 39 | |
f4173af1 | 40 | SUBDIRS = $(TOPDIR)/Cryptlib $(TOPDIR)/lib |
b2d0e06f | 41 | |
f7a18215 | 42 | EFI_INCLUDE := /usr/include/efi |
f4173af1 MTL |
43 | EFI_INCLUDES = -nostdinc -I$(TOPDIR)/Cryptlib -I$(TOPDIR)/Cryptlib/Include \ |
44 | -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol \ | |
45 | -I$(TOPDIR)/include -iquote $(TOPDIR) -iquote $(shell pwd) | |
b2fe1780 MG |
46 | |
47 | LIB_GCC = $(shell $(CC) -print-libgcc-file-name) | |
b2d0e06f | 48 | EFI_LIBS = -lefi -lgnuefi --start-group Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a --end-group $(LIB_GCC) |
b2fe1780 | 49 | |
05b61752 | 50 | EFI_CRT_OBJS = $(EFI_PATH)/crt0-efi-$(ARCH).o |
f4173af1 | 51 | EFI_LDS = $(TOPDIR)/elf_$(ARCH)_efi.lds |
b2fe1780 | 52 | |
632503aa | 53 | CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \ |
f7a18215 | 54 | -fshort-wchar -Wall -Wsign-compare -Werror -fno-builtin \ |
d3819813 MTL |
55 | -Werror=sign-compare -ffreestanding -std=gnu89 \ |
56 | -I$(shell $(CC) -print-file-name=include) \ | |
e053c227 PJ |
57 | "-DDEFAULT_LOADER=L\"$(DEFAULT_LOADER)\"" \ |
58 | "-DDEFAULT_LOADER_CHAR=\"$(DEFAULT_LOADER)\"" \ | |
b2fe1780 | 59 | $(EFI_INCLUDES) |
bb2fe4cf | 60 | |
f4173af1 MTL |
61 | COMMITID ?= $(shell if [ -d .git ] ; then git log -1 --pretty=format:%H ; elif [ -f commit ]; then cat commit ; else echo commit id not available; fi) |
62 | ||
bb2fe4cf PJ |
63 | ifneq ($(origin OVERRIDE_SECURITY_POLICY), undefined) |
64 | CFLAGS += -DOVERRIDE_SECURITY_POLICY | |
65 | endif | |
f7a18215 | 66 | |
62f0afa2 MTL |
67 | ifneq ($(origin ENABLE_HTTPBOOT), undefined) |
68 | CFLAGS += -DENABLE_HTTPBOOT | |
69 | endif | |
70 | ||
b2fe1780 | 71 | ifeq ($(ARCH),x86_64) |
d3819813 | 72 | CFLAGS += -mno-mmx -mno-sse -mno-red-zone -nostdinc \ |
ab881f03 MTL |
73 | -maccumulate-outgoing-args \ |
74 | -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI \ | |
75 | -DNO_BUILTIN_VA_FUNCS -DMDE_CPU_X64 -DPAGE_SIZE=4096 | |
76 | LIBDIR ?= $(prefix)/lib64 | |
77 | ARCH_SUFFIX ?= x64 | |
78 | ARCH_SUFFIX_UPPER ?= X64 | |
b2fe1780 | 79 | endif |
6caa9bad | 80 | ifeq ($(ARCH),ia32) |
d3819813 | 81 | CFLAGS += -mno-mmx -mno-sse -mno-red-zone -nostdinc \ |
ab881f03 MTL |
82 | -maccumulate-outgoing-args -m32 \ |
83 | -DMDE_CPU_IA32 -DPAGE_SIZE=4096 | |
84 | LIBDIR ?= $(prefix)/lib | |
85 | ARCH_SUFFIX ?= ia32 | |
86 | ARCH_SUFFIX_UPPER ?= IA32 | |
6caa9bad | 87 | endif |
9196c7cf | 88 | ifeq ($(ARCH),aarch64) |
ab881f03 MTL |
89 | CFLAGS += -DMDE_CPU_AARCH64 -DPAGE_SIZE=4096 -mstrict-align |
90 | LIBDIR ?= $(prefix)/lib64 | |
91 | ARCH_SUFFIX ?= aa64 | |
92 | ARCH_SUFFIX_UPPER ?= AA64 | |
93 | FORMAT := -O binary | |
94 | SUBSYSTEM := 0xa | |
95 | LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) | |
96 | endif | |
97 | ifeq ($(ARCH),arm) | |
98 | CFLAGS += -DMDE_CPU_ARM -DPAGE_SIZE=4096 -mstrict-align | |
99 | LIBDIR ?= $(prefix)/lib | |
100 | ARCH_SUFFIX ?= arm | |
101 | ARCH_SUFFIX_UPPER ?= ARM | |
102 | FORMAT := -O binary | |
103 | SUBSYSTEM := 0xa | |
104 | LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) | |
221faac5 AB |
105 | endif |
106 | ||
ab881f03 MTL |
107 | FORMAT ?= --target efi-app-$(ARCH) |
108 | EFI_PATH ?= $(LIBDIR)/gnuefi | |
109 | ||
110 | MMSTEM ?= mm$(ARCH_SUFFIX) | |
111 | MMNAME = $(MMSTEM).efi | |
112 | MMSONAME = $(MMSTEM).so | |
113 | FBSTEM ?= fb$(ARCH_SUFFIX) | |
114 | FBNAME = $(FBSTEM).efi | |
115 | FBSONAME = $(FBSTEM).so | |
116 | SHIMSTEM ?= shim$(ARCH_SUFFIX) | |
117 | SHIMNAME = $(SHIMSTEM).efi | |
118 | SHIMSONAME = $(SHIMSTEM).so | |
119 | SHIMHASHNAME = $(SHIMSTEM).hash | |
120 | BOOTEFINAME ?= BOOT$(ARCH_SUFFIX_UPPER).EFI | |
121 | BOOTCSVNAME ?= BOOT$(ARCH_SUFFIX_UPPER).CSV | |
122 | ||
123 | CFLAGS += "-DEFI_ARCH=L\"$(ARCH_SUFFIX)\"" "-DDEBUGDIR=L\"/usr/lib/debug/usr/share/shim/$(ARCH_SUFFIX)-$(VERSION)$(DASHRELEASE)/\"" | |
124 | ||
8518b8cc PJ |
125 | ifneq ($(origin VENDOR_CERT_FILE), undefined) |
126 | CFLAGS += -DVENDOR_CERT_FILE=\"$(VENDOR_CERT_FILE)\" | |
127 | endif | |
ff1409c3 PJ |
128 | ifneq ($(origin VENDOR_DBX_FILE), undefined) |
129 | CFLAGS += -DVENDOR_DBX_FILE=\"$(VENDOR_DBX_FILE)\" | |
130 | endif | |
8518b8cc | 131 | |
ab881f03 | 132 | LDFLAGS = --hash-style=sysv -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsymbolic -L$(EFI_PATH) -L$(LIBDIR) -LCryptlib -LCryptlib/OpenSSL $(EFI_CRT_OBJS) --build-id=sha1 |
43eeb538 | 133 | |
ab881f03 MTL |
134 | TARGETS = $(SHIMNAME) |
135 | TARGETS += $(SHIMNAME).debug $(MMNAME).debug $(FBNAME).debug | |
136 | ifneq ($(origin ENABLE_SHIM_HASH),undefined) | |
137 | TARGETS += $(SHIMHASHNAME) | |
138 | endif | |
139 | ifneq ($(origin ENABLE_SHIM_CERT),undefined) | |
140 | TARGETS += $(MMNAME).signed $(FBNAME).signed | |
141 | CFLAGS += -DENABLE_SHIM_CERT | |
142 | else | |
143 | TARGETS += $(MMNAME) $(FBNAME) | |
144 | endif | |
d3819813 | 145 | OBJS = shim.o netboot.o cert.o replacements.o tpm.o version.o |
2892db7f | 146 | KEYS = shim_cert.h ocsp.* ca.* shim.crt shim.csr shim.p12 shim.pem shim.key shim.cer |
f4173af1 | 147 | ORIG_SOURCES = shim.c shim.h netboot.c include/PeImage.h include/wincert.h include/console.h replacements.c replacements.h tpm.c tpm.h version.h |
114dad49 | 148 | MOK_OBJS = MokManager.o PasswordCrypt.o crypt_blowfish.o |
f4173af1 | 149 | ORIG_MOK_SOURCES = MokManager.c shim.h include/console.h PasswordCrypt.c PasswordCrypt.h crypt_blowfish.c crypt_blowfish.h |
ab881f03 | 150 | FALLBACK_OBJS = fallback.o tpm.o |
f4173af1 | 151 | ORIG_FALLBACK_SRCS = fallback.c |
b2fe1780 | 152 | |
62f0afa2 MTL |
153 | ifneq ($(origin ENABLE_HTTPBOOT), undefined) |
154 | OBJS += httpboot.o | |
155 | SOURCES += httpboot.c httpboot.h | |
156 | endif | |
157 | ||
f4173af1 MTL |
158 | SOURCES = $(foreach source,$(ORIG_SOURCES),$(TOPDIR)/$(source)) version.c |
159 | MOK_SOURCES = $(foreach source,$(ORIG_MOK_SOURCES),$(TOPDIR)/$(source)) | |
160 | FALLBACK_SRCS = $(foreach source,$(ORIG_FALLBACK_SRCS),$(TOPDIR)/$(source)) | |
161 | ||
ab881f03 | 162 | all: $(TARGETS) |
b2fe1780 | 163 | |
ef8c9962 | 164 | shim.crt: |
f4173af1 | 165 | $(TOPDIR)/make-certs shim shim@xn--u4h.net all codesign 1.3.6.1.4.1.311.10.3.1 </dev/null |
ef8c9962 MG |
166 | |
167 | shim.cer: shim.crt | |
f4173af1 | 168 | $(OPENSSL) x509 -outform der -in $< -out $@ |
ef8c9962 MG |
169 | |
170 | shim_cert.h: shim.cer | |
171 | echo "static UINT8 shim_cert[] = {" > $@ | |
f4173af1 | 172 | $(HEXDUMP) -v -e '1/1 "0x%02x, "' $< >> $@ |
ef8c9962 MG |
173 | echo "};" >> $@ |
174 | ||
f4173af1 | 175 | version.c : $(TOPDIR)/version.c.in |
0fb089ee PJ |
176 | sed -e "s,@@VERSION@@,$(VERSION)," \ |
177 | -e "s,@@UNAME@@,$(shell uname -a)," \ | |
f4173af1 MTL |
178 | -e "s,@@COMMIT@@,$(COMMITID)," \ |
179 | < $< > $@ | |
0fb089ee | 180 | |
ef8c9962 MG |
181 | certdb/secmod.db: shim.crt |
182 | -mkdir certdb | |
f4173af1 MTL |
183 | $(PK12UTIL) -d certdb/ -i shim.p12 -W "" -K "" |
184 | $(CERTUTIL) -d certdb/ -A -i shim.crt -n shim -t u | |
ef8c9962 | 185 | |
ab881f03 MTL |
186 | shim.o: $(SOURCES) |
187 | ifneq ($(origin ENABLE_SHIM_CERT),undefined) | |
188 | shim.o: shim_cert.h | |
189 | endif | |
190 | shim.o: $(wildcard $(TOPDIR)/*.h) | |
b2fe1780 | 191 | |
f4173af1 | 192 | cert.o : $(TOPDIR)/cert.S |
8518b8cc PJ |
193 | $(CC) $(CFLAGS) -c -o $@ $< |
194 | ||
ab881f03 MTL |
195 | $(SHIMNAME) : $(SHIMSONAME) |
196 | $(MMNAME) : $(MMSONAME) | |
197 | $(FBNAME) : $(FBSONAME) | |
198 | ||
199 | $(SHIMSONAME): $(OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a | |
7f055335 MG |
200 | $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) |
201 | ||
eb9f7f1c PJ |
202 | fallback.o: $(FALLBACK_SRCS) |
203 | ||
ab881f03 | 204 | $(FBSONAME): $(FALLBACK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a |
eb9f7f1c PJ |
205 | $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) |
206 | ||
3a838b14 | 207 | MokManager.o: $(MOK_SOURCES) |
333bd977 | 208 | |
ab881f03 | 209 | $(MMSONAME): $(MOK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a |
17857eb8 | 210 | $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) lib/lib.a |
333bd977 | 211 | |
b2d0e06f | 212 | Cryptlib/libcryptlib.a: |
f4173af1 MTL |
213 | mkdir -p Cryptlib/{Hash,Hmac,Cipher,Rand,Pk,Pem,SysCall} |
214 | $(MAKE) VPATH=$(TOPDIR)/Cryptlib TOPDIR=$(TOPDIR)/Cryptlib -C Cryptlib -f $(TOPDIR)/Cryptlib/Makefile | |
b2d0e06f MG |
215 | |
216 | Cryptlib/OpenSSL/libopenssl.a: | |
f4173af1 MTL |
217 | mkdir -p Cryptlib/OpenSSL/crypto/{x509v3,x509,txt_db,stack,sha,rsa,rc4,rand,pkcs7,pkcs12,pem,ocsp,objects,modes,md5,lhash,kdf,hmac,evp,err,dso,dh,conf,comp,cmac,buffer,bn,bio,async{,/arch},asn1,aes}/ |
218 | $(MAKE) VPATH=$(TOPDIR)/Cryptlib/OpenSSL TOPDIR=$(TOPDIR)/Cryptlib/OpenSSL -C Cryptlib/OpenSSL -f $(TOPDIR)/Cryptlib/OpenSSL/Makefile | |
b2d0e06f | 219 | |
17857eb8 | 220 | lib/lib.a: |
f4173af1 MTL |
221 | if [ ! -d lib ]; then mkdir lib ; fi |
222 | $(MAKE) VPATH=$(TOPDIR)/lib TOPDIR=$(TOPDIR) CFLAGS="$(CFLAGS)" -C lib -f $(TOPDIR)/lib/Makefile | |
f7a18215 | 223 | |
ab881f03 MTL |
224 | buildid : $(TOPDIR)/buildid.c |
225 | $(CC) -Og -g3 -Wall -Werror -Wextra -o $@ $< -lelf | |
226 | ||
227 | $(BOOTCSVNAME) : | |
228 | @echo Making $@ | |
229 | @( printf "\xff\xfe" ; echo "$(SHIMNAME),$(OSLABEL),,This is the boot entry for $(OSLABEL)" | sed -z 's/./&\x00/g' ) > $@ | |
230 | ||
231 | install-check : | |
232 | ifeq ($(origin LIBDIR),undefined) | |
233 | $(error Architecture $(ARCH) is not a supported build target.) | |
234 | endif | |
235 | ifeq ($(origin EFIDIR),undefined) | |
236 | $(error EFIDIR must be set to your reserved EFI System Partition subdirectory name) | |
9196c7cf AB |
237 | endif |
238 | ||
ab881f03 MTL |
239 | install-deps : $(TARGETS) |
240 | install-deps : $(SHIMNAME).debug $(MMNAME).debug $(FBNAME).debug buildid | |
241 | install-deps : $(BOOTCSVNAME) | |
242 | ||
243 | install-debugsource : install-deps | |
244 | $(INSTALL) -d -m 0755 $(DESTDIR)/$(DEBUGSOURCE)/$(PKGNAME)-$(VERSION)$(DASHRELEASE) | |
245 | find $(TOPDIR) -type f -a '(' -iname '*.c' -o -iname '*.h' -o -iname '*.S' ')' | while read file ; do \ | |
246 | outfile=$$(echo $${file} | sed -e "s,^$(TOPDIR),,") ; \ | |
247 | $(INSTALL) -d -m 0755 $(DESTDIR)/$(DEBUGSOURCE)/$(PKGNAME)-$(VERSION)$(DASHRELEASE)/$$(dirname $${outfile}) ; \ | |
248 | $(INSTALL) -m 0644 $${file} $(DESTDIR)/$(DEBUGSOURCE)/$(PKGNAME)-$(VERSION)$(DASHRELEASE)/$${outfile} ; \ | |
249 | done | |
250 | ||
251 | install-debuginfo : install-deps | |
252 | $(INSTALL) -d -m 0755 $(DESTDIR)/ | |
253 | $(INSTALL) -d -m 0755 $(DESTDIR)/$(DEBUGINFO)$(TARGETDIR)/ | |
254 | @./buildid $(wildcard *.efi.debug) | while read file buildid ; do \ | |
255 | first=$$(echo $${buildid} | cut -b -2) ; \ | |
256 | rest=$$(echo $${buildid} | cut -b 3-) ; \ | |
257 | $(INSTALL) -d -m 0755 $(DESTDIR)/$(DEBUGINFO).build-id/$${first}/ ;\ | |
258 | $(INSTALL) -m 0644 $${file} $(DESTDIR)/$(DEBUGINFO)$(TARGETDIR) ; \ | |
259 | ln -s ../../../../..$(DEBUGINFO)$(TARGETDIR)$${file} $(DESTDIR)/$(DEBUGINFO).build-id/$${first}/$${rest}.debug ;\ | |
260 | ln -s ../../../.build-id/$${first}/$${rest} $(DESTDIR)/$(DEBUGINFO).build-id/$${first}/$${rest} ;\ | |
261 | done | |
262 | ||
263 | install : | install-check | |
264 | install : install-deps install-debuginfo install-debugsource | |
265 | $(INSTALL) -d -m 0755 $(DESTDIR)/ | |
266 | $(INSTALL) -d -m 0700 $(DESTDIR)/$(ESPROOTDIR) | |
267 | $(INSTALL) -d -m 0755 $(DESTDIR)/$(EFIBOOTDIR) | |
268 | $(INSTALL) -d -m 0755 $(DESTDIR)/$(TARGETDIR) | |
269 | $(INSTALL) -m 0644 $(SHIMNAME) $(DESTDIR)/$(EFIBOOTDIR)/$(BOOTEFINAME) | |
270 | $(INSTALL) -m 0644 $(SHIMNAME) $(DESTDIR)/$(TARGETDIR)/ | |
271 | $(INSTALL) -m 0644 $(BOOTCSVNAME) $(DESTDIR)/$(TARGETDIR)/ | |
272 | ifneq ($(origin ENABLE_SHIM_CERT),undefined) | |
273 | $(INSTALL) -m 0644 $(FBNAME).signed $(DESTDIR)/$(EFIBOOTDIR)/$(FBNAME) | |
274 | $(INSTALL) -m 0644 $(MMNAME).signed $(DESTDIR)/$(EFIBOOTDIR)/$(MMNAME) | |
275 | $(INSTALL) -m 0644 $(MMNAME).signed $(DESTDIR)/$(TARGETDIR)/$(MMNAME) | |
276 | else | |
277 | $(INSTALL) -m 0644 $(FBNAME) $(DESTDIR)/$(EFIBOOTDIR)/ | |
278 | $(INSTALL) -m 0644 $(MMNAME) $(DESTDIR)/$(EFIBOOTDIR)/ | |
279 | $(INSTALL) -m 0644 $(MMNAME) $(DESTDIR)/$(TARGETDIR)/ | |
221faac5 AB |
280 | endif |
281 | ||
ab881f03 MTL |
282 | install-as-data : install-deps |
283 | $(INSTALL) -d -m 0755 $(DESTDIR)/$(DATATARGETDIR) | |
284 | $(INSTALL) -m 0644 $(SHIMNAME) $(DESTDIR)/$(DATATARGETDIR)/ | |
285 | ifneq ($(origin ENABLE_SHIM_HASH),undefined) | |
286 | $(INSTALL) -m 0644 $(SHIMHASHNAME) $(DESTDIR)/$(DATATARGETDIR)/ | |
287 | endif | |
288 | ifneq ($(origin ENABLE_SHIM_CERT),undefined) | |
289 | $(INSTALL) -m 0644 $(MMNAME).signed $(DESTDIR)/$(DATATARGETDIR)/$(MMNAME) | |
290 | $(INSTALL) -m 0644 $(FBNAME).signed $(DESTDIR)/$(DATATARGETDIR)/$(FBNAME) | |
291 | else | |
292 | $(INSTALL) -m 0644 $(MMNAME) $(DESTDIR)/$(DATATARGETDIR)/$(MMNAME) | |
293 | $(INSTALL) -m 0644 $(FBNAME) $(DESTDIR)/$(DATATARGETDIR)/$(FBNAME) | |
294 | endif | |
17857eb8 | 295 | |
b2d0e06f | 296 | %.efi: %.so |
d3819813 MTL |
297 | ifneq ($(OBJCOPY_GTE224),1) |
298 | $(error objcopy >= 2.24 is required) | |
299 | endif | |
f4173af1 | 300 | $(OBJCOPY) -j .text -j .sdata -j .data -j .data.ident \ |
ab881f03 | 301 | -j .dynamic -j .dynsym -j .rel* \ |
f7a18215 | 302 | -j .rela* -j .reloc -j .eh_frame \ |
c682b514 | 303 | -j .vendor_cert \ |
ab881f03 MTL |
304 | $(FORMAT) $^ $@ |
305 | ||
306 | ifneq ($(origin ENABLE_SHIM_HASH),undefined) | |
307 | %.hash : %.efi | |
308 | $(PESIGN) -i $< -P -h > $@ | |
309 | endif | |
310 | ||
311 | %.efi.debug : %.so | |
312 | ifneq ($(OBJCOPY_GTE224),1) | |
313 | $(error objcopy >= 2.24 is required) | |
314 | endif | |
f7a18215 | 315 | $(OBJCOPY) -j .text -j .sdata -j .data \ |
ab881f03 | 316 | -j .dynamic -j .dynsym -j .rel* \ |
f7a18215 | 317 | -j .rela* -j .reloc -j .eh_frame \ |
5b1bf558 MG |
318 | -j .debug_info -j .debug_abbrev -j .debug_aranges \ |
319 | -j .debug_line -j .debug_str -j .debug_ranges \ | |
d3819813 | 320 | -j .note.gnu.build-id \ |
ab881f03 | 321 | $^ $@ |
b2fe1780 | 322 | |
ab881f03 MTL |
323 | ifneq ($(origin ENABLE_SBSIGN),undefined) |
324 | %.efi.signed: %.efi shim.key shim.crt | |
325 | $(SBSIGN) --key shim.key --cert shim.crt --output $@ $< | |
326 | else | |
ef8c9962 | 327 | %.efi.signed: %.efi certdb/secmod.db |
f4173af1 | 328 | $(PESIGN) -n certdb -i $< -c "shim" -s -o $@ -f |
ab881f03 | 329 | endif |
ef8c9962 | 330 | |
b2fe1780 | 331 | clean: |
f4173af1 MTL |
332 | $(MAKE) -C Cryptlib -f $(TOPDIR)/Cryptlib/Makefile clean |
333 | $(MAKE) -C Cryptlib/OpenSSL -f $(TOPDIR)/Cryptlib/OpenSSL/Makefile clean | |
334 | $(MAKE) -C lib -f $(TOPDIR)/lib/Makefile clean | |
1de10962 | 335 | rm -rf $(TARGET) $(OBJS) $(MOK_OBJS) $(FALLBACK_OBJS) $(KEYS) certdb |
0fb089ee | 336 | rm -f *.debug *.so *.efi *.tar.* version.c |
43eeb538 PJ |
337 | |
338 | GITTAG = $(VERSION) | |
339 | ||
340 | test-archive: | |
341 | @rm -rf /tmp/shim-$(VERSION) /tmp/shim-$(VERSION)-tmp | |
342 | @mkdir -p /tmp/shim-$(VERSION)-tmp | |
343 | @git archive --format=tar $(shell git branch | awk '/^*/ { print $$2 }') | ( cd /tmp/shim-$(VERSION)-tmp/ ; tar x ) | |
344 | @git diff | ( cd /tmp/shim-$(VERSION)-tmp/ ; patch -s -p1 -b -z .gitdiff ) | |
345 | @mv /tmp/shim-$(VERSION)-tmp/ /tmp/shim-$(VERSION)/ | |
0fb089ee | 346 | @git log -1 --pretty=format:%H > /tmp/shim-$(VERSION)/commit |
43eeb538 PJ |
347 | @dir=$$PWD; cd /tmp; tar -c --bzip2 -f $$dir/shim-$(VERSION).tar.bz2 shim-$(VERSION) |
348 | @rm -rf /tmp/shim-$(VERSION) | |
349 | @echo "The archive is in shim-$(VERSION).tar.bz2" | |
350 | ||
acac3380 PJ |
351 | tag: |
352 | git tag --sign $(GITTAG) refs/heads/master | |
f4173af1 | 353 | git tag -f latest-release $(GITTAG) |
acac3380 PJ |
354 | |
355 | archive: tag | |
43eeb538 PJ |
356 | @rm -rf /tmp/shim-$(VERSION) /tmp/shim-$(VERSION)-tmp |
357 | @mkdir -p /tmp/shim-$(VERSION)-tmp | |
358 | @git archive --format=tar $(GITTAG) | ( cd /tmp/shim-$(VERSION)-tmp/ ; tar x ) | |
359 | @mv /tmp/shim-$(VERSION)-tmp/ /tmp/shim-$(VERSION)/ | |
0fb089ee | 360 | @git log -1 --pretty=format:%H > /tmp/shim-$(VERSION)/commit |
43eeb538 PJ |
361 | @dir=$$PWD; cd /tmp; tar -c --bzip2 -f $$dir/shim-$(VERSION).tar.bz2 shim-$(VERSION) |
362 | @rm -rf /tmp/shim-$(VERSION) | |
363 | @echo "The archive is in shim-$(VERSION).tar.bz2" | |
f7a18215 | 364 | |
ab881f03 MTL |
365 | .PHONY : install-deps |
366 | ||
f7a18215 | 367 | export ARCH CC LD OBJCOPY EFI_INCLUDE |