]>
Commit | Line | Data |
---|---|---|
b2fe1780 MG |
1 | ARCH = $(shell uname -m | sed s,i[3456789]86,ia32,) |
2 | ||
17857eb8 | 3 | SUBDIRS = Cryptlib lib |
b2d0e06f | 4 | |
b2fe1780 MG |
5 | LIB_PATH = /usr/lib64 |
6 | ||
7 | EFI_INCLUDE = /usr/include/efi | |
acf2e8ed | 8 | EFI_INCLUDES = -nostdinc -ICryptlib -ICryptlib/Include -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol |
5e9fee21 | 9 | EFI_PATH := /usr/lib64/gnuefi |
b2fe1780 MG |
10 | |
11 | LIB_GCC = $(shell $(CC) -print-libgcc-file-name) | |
b2d0e06f | 12 | EFI_LIBS = -lefi -lgnuefi --start-group Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a --end-group $(LIB_GCC) |
b2fe1780 MG |
13 | |
14 | EFI_CRT_OBJS = $(EFI_PATH)/crt0-efi-$(ARCH).o | |
c682b514 | 15 | EFI_LDS = elf_$(ARCH)_efi.lds |
b2fe1780 | 16 | |
632503aa | 17 | CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \ |
2d8cfca2 | 18 | -fshort-wchar -Wall -Werror -mno-red-zone -maccumulate-outgoing-args \ |
acf2e8ed | 19 | -mno-mmx -mno-sse \ |
b2fe1780 MG |
20 | $(EFI_INCLUDES) |
21 | ifeq ($(ARCH),x86_64) | |
aa55fcf1 | 22 | CFLAGS += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI |
b2fe1780 | 23 | endif |
8518b8cc PJ |
24 | ifneq ($(origin VENDOR_CERT_FILE), undefined) |
25 | CFLAGS += -DVENDOR_CERT_FILE=\"$(VENDOR_CERT_FILE)\" | |
26 | endif | |
ff1409c3 PJ |
27 | ifneq ($(origin VENDOR_DBX_FILE), undefined) |
28 | CFLAGS += -DVENDOR_DBX_FILE=\"$(VENDOR_DBX_FILE)\" | |
29 | endif | |
8518b8cc | 30 | |
b2d0e06f | 31 | LDFLAGS = -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsymbolic -L$(EFI_PATH) -L$(LIB_PATH) -LCryptlib -LCryptlib/OpenSSL $(EFI_CRT_OBJS) |
b2fe1780 | 32 | |
d141608b | 33 | VERSION = 0.4 |
43eeb538 | 34 | |
eb9f7f1c | 35 | TARGET = shim.efi MokManager.efi.signed fallback.efi.signed |
28a3e57c | 36 | OBJS = shim.o netboot.o cert.o dbx.o |
ef8c9962 | 37 | KEYS = shim_cert.h ocsp.* ca.* shim.crt shim.csr shim.p12 shim.pem shim.key |
1c595706 | 38 | SOURCES = shim.c shim.h netboot.c signature.h PeImage.h |
333bd977 | 39 | MOK_OBJS = MokManager.o |
a869915a | 40 | MOK_SOURCES = MokManager.c shim.h console_control.h |
eb9f7f1c PJ |
41 | FALLBACK_OBJS = fallback.o |
42 | FALLBACK_SRCS = fallback.c | |
b2fe1780 | 43 | |
37e456be | 44 | all: $(TARGET) |
b2fe1780 | 45 | |
ef8c9962 MG |
46 | shim.crt: |
47 | ./make-certs shim shim@xn--u4h.net all codesign 1.3.6.1.4.1.311.10.3.1 </dev/null | |
48 | ||
49 | shim.cer: shim.crt | |
50 | openssl x509 -outform der -in $< -out $@ | |
51 | ||
52 | shim_cert.h: shim.cer | |
53 | echo "static UINT8 shim_cert[] = {" > $@ | |
54 | hexdump -v -e '1/1 "0x%02x, "' $< >> $@ | |
55 | echo "};" >> $@ | |
56 | ||
57 | certdb/secmod.db: shim.crt | |
58 | -mkdir certdb | |
59 | certutil -A -n 'my CA' -d certdb/ -t CT,CT,CT -i ca.crt | |
60 | pk12util -d certdb/ -i shim.p12 -W "" -K "" | |
61 | certutil -d certdb/ -A -i shim.crt -n shim -t u | |
62 | ||
63 | shim.o: $(SOURCES) shim_cert.h | |
b2fe1780 | 64 | |
8518b8cc PJ |
65 | cert.o : cert.S |
66 | $(CC) $(CFLAGS) -c -o $@ $< | |
67 | ||
5f0a358b PJ |
68 | dbx.o : dbx.S |
69 | $(CC) $(CFLAGS) -c -o $@ $< | |
70 | ||
71 | shim.so: $(OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a | |
7f055335 MG |
72 | $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) |
73 | ||
eb9f7f1c PJ |
74 | fallback.o: $(FALLBACK_SRCS) |
75 | ||
76 | fallback.so: $(FALLBACK_OBJS) | |
77 | $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) | |
78 | ||
333bd977 GCPL |
79 | MokManager.o: $(SOURCES) |
80 | ||
17857eb8 MG |
81 | MokManager.so: $(MOK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a |
82 | $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) lib/lib.a | |
333bd977 | 83 | |
b2d0e06f MG |
84 | Cryptlib/libcryptlib.a: |
85 | $(MAKE) -C Cryptlib | |
86 | ||
87 | Cryptlib/OpenSSL/libopenssl.a: | |
88 | $(MAKE) -C Cryptlib/OpenSSL | |
89 | ||
17857eb8 | 90 | lib/lib.a: |
5e9fee21 | 91 | $(MAKE) -C lib EFI_PATH=$(EFI_PATH) |
17857eb8 | 92 | |
b2d0e06f | 93 | %.efi: %.so |
b2fe1780 MG |
94 | objcopy -j .text -j .sdata -j .data \ |
95 | -j .dynamic -j .dynsym -j .rel \ | |
5b1bf558 | 96 | -j .rela -j .reloc -j .eh_frame \ |
c682b514 | 97 | -j .vendor_cert \ |
7f055335 | 98 | --target=efi-app-$(ARCH) $^ $@ |
5b1bf558 MG |
99 | objcopy -j .text -j .sdata -j .data \ |
100 | -j .dynamic -j .dynsym -j .rel \ | |
101 | -j .rela -j .reloc -j .eh_frame \ | |
102 | -j .debug_info -j .debug_abbrev -j .debug_aranges \ | |
103 | -j .debug_line -j .debug_str -j .debug_ranges \ | |
e676d64a | 104 | --target=efi-app-$(ARCH) $^ $@.debug |
b2fe1780 | 105 | |
ef8c9962 MG |
106 | %.efi.signed: %.efi certdb/secmod.db |
107 | pesign -n certdb -i $< -c "shim" -s -o $@ -f | |
108 | ||
b2fe1780 | 109 | clean: |
b2d0e06f MG |
110 | $(MAKE) -C Cryptlib clean |
111 | $(MAKE) -C Cryptlib/OpenSSL clean | |
cdd2dc91 | 112 | $(MAKE) -C lib clean |
1de10962 PJ |
113 | rm -rf $(TARGET) $(OBJS) $(MOK_OBJS) $(FALLBACK_OBJS) $(KEYS) certdb |
114 | rm -f *.debug *.so *.efi | |
43eeb538 PJ |
115 | |
116 | GITTAG = $(VERSION) | |
117 | ||
118 | test-archive: | |
119 | @rm -rf /tmp/shim-$(VERSION) /tmp/shim-$(VERSION)-tmp | |
120 | @mkdir -p /tmp/shim-$(VERSION)-tmp | |
121 | @git archive --format=tar $(shell git branch | awk '/^*/ { print $$2 }') | ( cd /tmp/shim-$(VERSION)-tmp/ ; tar x ) | |
122 | @git diff | ( cd /tmp/shim-$(VERSION)-tmp/ ; patch -s -p1 -b -z .gitdiff ) | |
123 | @mv /tmp/shim-$(VERSION)-tmp/ /tmp/shim-$(VERSION)/ | |
124 | @dir=$$PWD; cd /tmp; tar -c --bzip2 -f $$dir/shim-$(VERSION).tar.bz2 shim-$(VERSION) | |
125 | @rm -rf /tmp/shim-$(VERSION) | |
126 | @echo "The archive is in shim-$(VERSION).tar.bz2" | |
127 | ||
128 | archive: | |
129 | git tag $(GITTAG) refs/heads/master | |
130 | @rm -rf /tmp/shim-$(VERSION) /tmp/shim-$(VERSION)-tmp | |
131 | @mkdir -p /tmp/shim-$(VERSION)-tmp | |
132 | @git archive --format=tar $(GITTAG) | ( cd /tmp/shim-$(VERSION)-tmp/ ; tar x ) | |
133 | @mv /tmp/shim-$(VERSION)-tmp/ /tmp/shim-$(VERSION)/ | |
134 | @dir=$$PWD; cd /tmp; tar -c --bzip2 -f $$dir/shim-$(VERSION).tar.bz2 shim-$(VERSION) | |
135 | @rm -rf /tmp/shim-$(VERSION) | |
136 | @echo "The archive is in shim-$(VERSION).tar.bz2" |