]>
Commit | Line | Data |
---|---|---|
f7a18215 AB |
1 | CC = $(CROSS_COMPILE)gcc |
2 | LD = $(CROSS_COMPILE)ld | |
3 | OBJCOPY = $(CROSS_COMPILE)objcopy | |
4 | ||
5 | ARCH = $(shell $(CC) -dumpmachine | cut -f1 -d- | sed s,i[3456789]86,ia32,) | |
b2fe1780 | 6 | |
17857eb8 | 7 | SUBDIRS = Cryptlib lib |
b2d0e06f | 8 | |
b2fe1780 MG |
9 | LIB_PATH = /usr/lib64 |
10 | ||
f7a18215 | 11 | EFI_INCLUDE := /usr/include/efi |
40375a8b | 12 | EFI_INCLUDES = -nostdinc -ICryptlib -ICryptlib/Include -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol -Iinclude |
5e9fee21 | 13 | EFI_PATH := /usr/lib64/gnuefi |
b2fe1780 MG |
14 | |
15 | LIB_GCC = $(shell $(CC) -print-libgcc-file-name) | |
b2d0e06f | 16 | EFI_LIBS = -lefi -lgnuefi --start-group Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a --end-group $(LIB_GCC) |
b2fe1780 MG |
17 | |
18 | EFI_CRT_OBJS = $(EFI_PATH)/crt0-efi-$(ARCH).o | |
c682b514 | 19 | EFI_LDS = elf_$(ARCH)_efi.lds |
b2fe1780 | 20 | |
e053c227 | 21 | DEFAULT_LOADER := \\\\grub.efi |
632503aa | 22 | CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \ |
f7a18215 | 23 | -fshort-wchar -Wall -Wsign-compare -Werror -fno-builtin \ |
e053c227 PJ |
24 | "-DDEFAULT_LOADER=L\"$(DEFAULT_LOADER)\"" \ |
25 | "-DDEFAULT_LOADER_CHAR=\"$(DEFAULT_LOADER)\"" \ | |
b2fe1780 | 26 | $(EFI_INCLUDES) |
bb2fe4cf PJ |
27 | |
28 | ifneq ($(origin OVERRIDE_SECURITY_POLICY), undefined) | |
29 | CFLAGS += -DOVERRIDE_SECURITY_POLICY | |
30 | endif | |
f7a18215 | 31 | |
b2fe1780 | 32 | ifeq ($(ARCH),x86_64) |
f7a18215 AB |
33 | CFLAGS += -mno-mmx -mno-sse -mno-red-zone -nostdinc -maccumulate-outgoing-args \ |
34 | -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI | |
b2fe1780 | 35 | endif |
6caa9bad | 36 | ifeq ($(ARCH),ia32) |
f7a18215 | 37 | CFLAGS += -mno-mmx -mno-sse -mno-red-zone -nostdinc -maccumulate-outgoing-args -m32 |
6caa9bad | 38 | endif |
f7a18215 | 39 | |
9196c7cf AB |
40 | ifeq ($(ARCH),aarch64) |
41 | CFLAGS += -ffreestanding -I$(shell $(CC) -print-file-name=include) | |
42 | endif | |
43 | ||
8518b8cc PJ |
44 | ifneq ($(origin VENDOR_CERT_FILE), undefined) |
45 | CFLAGS += -DVENDOR_CERT_FILE=\"$(VENDOR_CERT_FILE)\" | |
46 | endif | |
ff1409c3 PJ |
47 | ifneq ($(origin VENDOR_DBX_FILE), undefined) |
48 | CFLAGS += -DVENDOR_DBX_FILE=\"$(VENDOR_DBX_FILE)\" | |
49 | endif | |
8518b8cc | 50 | |
b2d0e06f | 51 | LDFLAGS = -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsymbolic -L$(EFI_PATH) -L$(LIB_PATH) -LCryptlib -LCryptlib/OpenSSL $(EFI_CRT_OBJS) |
b2fe1780 | 52 | |
6ae4e4f9 | 53 | VERSION = 0.7 |
43eeb538 | 54 | |
eb9f7f1c | 55 | TARGET = shim.efi MokManager.efi.signed fallback.efi.signed |
0fb089ee | 56 | OBJS = shim.o netboot.o cert.o replacements.o version.o |
2892db7f | 57 | KEYS = shim_cert.h ocsp.* ca.* shim.crt shim.csr shim.p12 shim.pem shim.key shim.cer |
0fb089ee | 58 | SOURCES = shim.c shim.h netboot.c include/PeImage.h include/wincert.h include/console.h replacements.c replacements.h version.c version.h |
114dad49 | 59 | MOK_OBJS = MokManager.o PasswordCrypt.o crypt_blowfish.o |
417077f8 | 60 | MOK_SOURCES = MokManager.c shim.h include/console.h PasswordCrypt.c PasswordCrypt.h crypt_blowfish.c crypt_blowfish.h |
eb9f7f1c PJ |
61 | FALLBACK_OBJS = fallback.o |
62 | FALLBACK_SRCS = fallback.c | |
b2fe1780 | 63 | |
37e456be | 64 | all: $(TARGET) |
b2fe1780 | 65 | |
ef8c9962 MG |
66 | shim.crt: |
67 | ./make-certs shim shim@xn--u4h.net all codesign 1.3.6.1.4.1.311.10.3.1 </dev/null | |
68 | ||
69 | shim.cer: shim.crt | |
70 | openssl x509 -outform der -in $< -out $@ | |
71 | ||
72 | shim_cert.h: shim.cer | |
73 | echo "static UINT8 shim_cert[] = {" > $@ | |
74 | hexdump -v -e '1/1 "0x%02x, "' $< >> $@ | |
75 | echo "};" >> $@ | |
76 | ||
0fb089ee PJ |
77 | version.c : version.c.in |
78 | sed -e "s,@@VERSION@@,$(VERSION)," \ | |
79 | -e "s,@@UNAME@@,$(shell uname -a)," \ | |
80 | -e "s,@@COMMIT@@,$(shell if [ -d .git ] ; then git log -1 --pretty=format:%H ; elif [ -f commit ]; then cat commit ; else echo commit id not available; fi)," \ | |
81 | < version.c.in > version.c | |
82 | ||
ef8c9962 MG |
83 | certdb/secmod.db: shim.crt |
84 | -mkdir certdb | |
ef8c9962 MG |
85 | pk12util -d certdb/ -i shim.p12 -W "" -K "" |
86 | certutil -d certdb/ -A -i shim.crt -n shim -t u | |
87 | ||
88 | shim.o: $(SOURCES) shim_cert.h | |
b2fe1780 | 89 | |
8518b8cc PJ |
90 | cert.o : cert.S |
91 | $(CC) $(CFLAGS) -c -o $@ $< | |
92 | ||
53862dda | 93 | shim.so: $(OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a |
7f055335 MG |
94 | $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) |
95 | ||
eb9f7f1c PJ |
96 | fallback.o: $(FALLBACK_SRCS) |
97 | ||
663b2b93 | 98 | fallback.so: $(FALLBACK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a |
eb9f7f1c PJ |
99 | $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) |
100 | ||
3a838b14 | 101 | MokManager.o: $(MOK_SOURCES) |
333bd977 | 102 | |
17857eb8 MG |
103 | MokManager.so: $(MOK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a |
104 | $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) lib/lib.a | |
333bd977 | 105 | |
b2d0e06f | 106 | Cryptlib/libcryptlib.a: |
f7a18215 | 107 | $(MAKE) -C Cryptlib |
b2d0e06f MG |
108 | |
109 | Cryptlib/OpenSSL/libopenssl.a: | |
f7a18215 | 110 | $(MAKE) -C Cryptlib/OpenSSL |
b2d0e06f | 111 | |
17857eb8 | 112 | lib/lib.a: |
f7a18215 AB |
113 | $(MAKE) -C lib |
114 | ||
9196c7cf AB |
115 | ifeq ($(ARCH),aarch64) |
116 | FORMAT := -O binary | |
117 | SUBSYSTEM := 0xa | |
118 | LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM) | |
119 | endif | |
120 | ||
f7a18215 | 121 | FORMAT ?= --target efi-app-$(ARCH) |
17857eb8 | 122 | |
b2d0e06f | 123 | %.efi: %.so |
f7a18215 AB |
124 | $(OBJCOPY) -j .text -j .sdata -j .data \ |
125 | -j .dynamic -j .dynsym -j .rel* \ | |
126 | -j .rela* -j .reloc -j .eh_frame \ | |
c682b514 | 127 | -j .vendor_cert \ |
f7a18215 AB |
128 | $(FORMAT) $^ $@ |
129 | $(OBJCOPY) -j .text -j .sdata -j .data \ | |
130 | -j .dynamic -j .dynsym -j .rel* \ | |
131 | -j .rela* -j .reloc -j .eh_frame \ | |
5b1bf558 MG |
132 | -j .debug_info -j .debug_abbrev -j .debug_aranges \ |
133 | -j .debug_line -j .debug_str -j .debug_ranges \ | |
f7a18215 | 134 | $(FORMAT) $^ $@.debug |
b2fe1780 | 135 | |
ef8c9962 MG |
136 | %.efi.signed: %.efi certdb/secmod.db |
137 | pesign -n certdb -i $< -c "shim" -s -o $@ -f | |
138 | ||
b2fe1780 | 139 | clean: |
b2d0e06f MG |
140 | $(MAKE) -C Cryptlib clean |
141 | $(MAKE) -C Cryptlib/OpenSSL clean | |
cdd2dc91 | 142 | $(MAKE) -C lib clean |
1de10962 | 143 | rm -rf $(TARGET) $(OBJS) $(MOK_OBJS) $(FALLBACK_OBJS) $(KEYS) certdb |
0fb089ee | 144 | rm -f *.debug *.so *.efi *.tar.* version.c |
43eeb538 PJ |
145 | |
146 | GITTAG = $(VERSION) | |
147 | ||
148 | test-archive: | |
149 | @rm -rf /tmp/shim-$(VERSION) /tmp/shim-$(VERSION)-tmp | |
150 | @mkdir -p /tmp/shim-$(VERSION)-tmp | |
151 | @git archive --format=tar $(shell git branch | awk '/^*/ { print $$2 }') | ( cd /tmp/shim-$(VERSION)-tmp/ ; tar x ) | |
152 | @git diff | ( cd /tmp/shim-$(VERSION)-tmp/ ; patch -s -p1 -b -z .gitdiff ) | |
153 | @mv /tmp/shim-$(VERSION)-tmp/ /tmp/shim-$(VERSION)/ | |
0fb089ee | 154 | @git log -1 --pretty=format:%H > /tmp/shim-$(VERSION)/commit |
43eeb538 PJ |
155 | @dir=$$PWD; cd /tmp; tar -c --bzip2 -f $$dir/shim-$(VERSION).tar.bz2 shim-$(VERSION) |
156 | @rm -rf /tmp/shim-$(VERSION) | |
157 | @echo "The archive is in shim-$(VERSION).tar.bz2" | |
158 | ||
acac3380 PJ |
159 | tag: |
160 | git tag --sign $(GITTAG) refs/heads/master | |
161 | ||
162 | archive: tag | |
43eeb538 PJ |
163 | @rm -rf /tmp/shim-$(VERSION) /tmp/shim-$(VERSION)-tmp |
164 | @mkdir -p /tmp/shim-$(VERSION)-tmp | |
165 | @git archive --format=tar $(GITTAG) | ( cd /tmp/shim-$(VERSION)-tmp/ ; tar x ) | |
166 | @mv /tmp/shim-$(VERSION)-tmp/ /tmp/shim-$(VERSION)/ | |
0fb089ee | 167 | @git log -1 --pretty=format:%H > /tmp/shim-$(VERSION)/commit |
43eeb538 PJ |
168 | @dir=$$PWD; cd /tmp; tar -c --bzip2 -f $$dir/shim-$(VERSION).tar.bz2 shim-$(VERSION) |
169 | @rm -rf /tmp/shim-$(VERSION) | |
170 | @echo "The archive is in shim-$(VERSION).tar.bz2" | |
f7a18215 AB |
171 | |
172 | export ARCH CC LD OBJCOPY EFI_INCLUDE |