]>
Commit | Line | Data |
---|---|---|
b2fe1780 MG |
1 | ARCH = $(shell uname -m | sed s,i[3456789]86,ia32,) |
2 | ||
b2d0e06f MG |
3 | SUBDIRS = Cryptlib |
4 | ||
b2fe1780 MG |
5 | LIB_PATH = /usr/lib64 |
6 | ||
7 | EFI_INCLUDE = /usr/include/efi | |
acf2e8ed | 8 | EFI_INCLUDES = -nostdinc -ICryptlib -ICryptlib/Include -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol |
b2fe1780 MG |
9 | EFI_PATH = /usr/lib64/gnuefi |
10 | ||
11 | LIB_GCC = $(shell $(CC) -print-libgcc-file-name) | |
b2d0e06f | 12 | EFI_LIBS = -lefi -lgnuefi --start-group Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a --end-group $(LIB_GCC) |
b2fe1780 MG |
13 | |
14 | EFI_CRT_OBJS = $(EFI_PATH)/crt0-efi-$(ARCH).o | |
c682b514 | 15 | EFI_LDS = elf_$(ARCH)_efi.lds |
b2fe1780 | 16 | |
632503aa | 17 | CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \ |
2d8cfca2 | 18 | -fshort-wchar -Wall -Werror -mno-red-zone -maccumulate-outgoing-args \ |
acf2e8ed | 19 | -mno-mmx -mno-sse \ |
b2fe1780 MG |
20 | $(EFI_INCLUDES) |
21 | ifeq ($(ARCH),x86_64) | |
aa55fcf1 | 22 | CFLAGS += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI |
b2fe1780 | 23 | endif |
8518b8cc PJ |
24 | ifneq ($(origin VENDOR_CERT_FILE), undefined) |
25 | CFLAGS += -DVENDOR_CERT_FILE=\"$(VENDOR_CERT_FILE)\" | |
26 | endif | |
ff1409c3 PJ |
27 | ifneq ($(origin VENDOR_DBX_FILE), undefined) |
28 | CFLAGS += -DVENDOR_DBX_FILE=\"$(VENDOR_DBX_FILE)\" | |
29 | endif | |
8518b8cc | 30 | |
b2d0e06f | 31 | LDFLAGS = -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsymbolic -L$(EFI_PATH) -L$(LIB_PATH) -LCryptlib -LCryptlib/OpenSSL $(EFI_CRT_OBJS) |
b2fe1780 | 32 | |
d141608b | 33 | VERSION = 0.4 |
43eeb538 | 34 | |
eb9f7f1c | 35 | TARGET = shim.efi MokManager.efi.signed fallback.efi.signed |
28a3e57c | 36 | OBJS = shim.o netboot.o cert.o dbx.o |
ef8c9962 | 37 | KEYS = shim_cert.h ocsp.* ca.* shim.crt shim.csr shim.p12 shim.pem shim.key |
1c595706 | 38 | SOURCES = shim.c shim.h netboot.c signature.h PeImage.h |
333bd977 | 39 | MOK_OBJS = MokManager.o |
a869915a | 40 | MOK_SOURCES = MokManager.c shim.h console_control.h |
eb9f7f1c PJ |
41 | FALLBACK_OBJS = fallback.o |
42 | FALLBACK_SRCS = fallback.c | |
b2fe1780 | 43 | |
37e456be | 44 | all: $(TARGET) |
b2fe1780 | 45 | |
ef8c9962 MG |
46 | shim.crt: |
47 | ./make-certs shim shim@xn--u4h.net all codesign 1.3.6.1.4.1.311.10.3.1 </dev/null | |
48 | ||
49 | shim.cer: shim.crt | |
50 | openssl x509 -outform der -in $< -out $@ | |
51 | ||
52 | shim_cert.h: shim.cer | |
53 | echo "static UINT8 shim_cert[] = {" > $@ | |
54 | hexdump -v -e '1/1 "0x%02x, "' $< >> $@ | |
55 | echo "};" >> $@ | |
56 | ||
57 | certdb/secmod.db: shim.crt | |
58 | -mkdir certdb | |
59 | certutil -A -n 'my CA' -d certdb/ -t CT,CT,CT -i ca.crt | |
60 | pk12util -d certdb/ -i shim.p12 -W "" -K "" | |
61 | certutil -d certdb/ -A -i shim.crt -n shim -t u | |
62 | ||
63 | shim.o: $(SOURCES) shim_cert.h | |
b2fe1780 | 64 | |
8518b8cc PJ |
65 | cert.o : cert.S |
66 | $(CC) $(CFLAGS) -c -o $@ $< | |
67 | ||
5f0a358b PJ |
68 | dbx.o : dbx.S |
69 | $(CC) $(CFLAGS) -c -o $@ $< | |
70 | ||
71 | shim.so: $(OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a | |
7f055335 MG |
72 | $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) |
73 | ||
eb9f7f1c PJ |
74 | fallback.o: $(FALLBACK_SRCS) |
75 | ||
76 | fallback.so: $(FALLBACK_OBJS) | |
77 | $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) | |
78 | ||
333bd977 GCPL |
79 | MokManager.o: $(SOURCES) |
80 | ||
81 | MokManager.so: $(MOK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a | |
82 | $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) | |
83 | ||
b2d0e06f MG |
84 | Cryptlib/libcryptlib.a: |
85 | $(MAKE) -C Cryptlib | |
86 | ||
87 | Cryptlib/OpenSSL/libopenssl.a: | |
88 | $(MAKE) -C Cryptlib/OpenSSL | |
89 | ||
90 | %.efi: %.so | |
b2fe1780 MG |
91 | objcopy -j .text -j .sdata -j .data \ |
92 | -j .dynamic -j .dynsym -j .rel \ | |
5b1bf558 | 93 | -j .rela -j .reloc -j .eh_frame \ |
c682b514 | 94 | -j .vendor_cert \ |
7f055335 | 95 | --target=efi-app-$(ARCH) $^ $@ |
5b1bf558 MG |
96 | objcopy -j .text -j .sdata -j .data \ |
97 | -j .dynamic -j .dynsym -j .rel \ | |
98 | -j .rela -j .reloc -j .eh_frame \ | |
99 | -j .debug_info -j .debug_abbrev -j .debug_aranges \ | |
100 | -j .debug_line -j .debug_str -j .debug_ranges \ | |
e676d64a | 101 | --target=efi-app-$(ARCH) $^ $@.debug |
b2fe1780 | 102 | |
ef8c9962 MG |
103 | %.efi.signed: %.efi certdb/secmod.db |
104 | pesign -n certdb -i $< -c "shim" -s -o $@ -f | |
105 | ||
b2fe1780 | 106 | clean: |
b2d0e06f MG |
107 | $(MAKE) -C Cryptlib clean |
108 | $(MAKE) -C Cryptlib/OpenSSL clean | |
1de10962 PJ |
109 | rm -rf $(TARGET) $(OBJS) $(MOK_OBJS) $(FALLBACK_OBJS) $(KEYS) certdb |
110 | rm -f *.debug *.so *.efi | |
43eeb538 PJ |
111 | |
112 | GITTAG = $(VERSION) | |
113 | ||
114 | test-archive: | |
115 | @rm -rf /tmp/shim-$(VERSION) /tmp/shim-$(VERSION)-tmp | |
116 | @mkdir -p /tmp/shim-$(VERSION)-tmp | |
117 | @git archive --format=tar $(shell git branch | awk '/^*/ { print $$2 }') | ( cd /tmp/shim-$(VERSION)-tmp/ ; tar x ) | |
118 | @git diff | ( cd /tmp/shim-$(VERSION)-tmp/ ; patch -s -p1 -b -z .gitdiff ) | |
119 | @mv /tmp/shim-$(VERSION)-tmp/ /tmp/shim-$(VERSION)/ | |
120 | @dir=$$PWD; cd /tmp; tar -c --bzip2 -f $$dir/shim-$(VERSION).tar.bz2 shim-$(VERSION) | |
121 | @rm -rf /tmp/shim-$(VERSION) | |
122 | @echo "The archive is in shim-$(VERSION).tar.bz2" | |
123 | ||
124 | archive: | |
125 | git tag $(GITTAG) refs/heads/master | |
126 | @rm -rf /tmp/shim-$(VERSION) /tmp/shim-$(VERSION)-tmp | |
127 | @mkdir -p /tmp/shim-$(VERSION)-tmp | |
128 | @git archive --format=tar $(GITTAG) | ( cd /tmp/shim-$(VERSION)-tmp/ ; tar x ) | |
129 | @mv /tmp/shim-$(VERSION)-tmp/ /tmp/shim-$(VERSION)/ | |
130 | @dir=$$PWD; cd /tmp; tar -c --bzip2 -f $$dir/shim-$(VERSION).tar.bz2 shim-$(VERSION) | |
131 | @rm -rf /tmp/shim-$(VERSION) | |
132 | @echo "The archive is in shim-$(VERSION).tar.bz2" |