]>
Commit | Line | Data |
---|---|---|
b2fe1780 MG |
1 | ARCH = $(shell uname -m | sed s,i[3456789]86,ia32,) |
2 | ||
17857eb8 | 3 | SUBDIRS = Cryptlib lib |
b2d0e06f | 4 | |
b2fe1780 MG |
5 | LIB_PATH = /usr/lib64 |
6 | ||
7 | EFI_INCLUDE = /usr/include/efi | |
40375a8b | 8 | EFI_INCLUDES = -nostdinc -ICryptlib -ICryptlib/Include -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol -Iinclude |
5e9fee21 | 9 | EFI_PATH := /usr/lib64/gnuefi |
b2fe1780 MG |
10 | |
11 | LIB_GCC = $(shell $(CC) -print-libgcc-file-name) | |
b2d0e06f | 12 | EFI_LIBS = -lefi -lgnuefi --start-group Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a --end-group $(LIB_GCC) |
b2fe1780 MG |
13 | |
14 | EFI_CRT_OBJS = $(EFI_PATH)/crt0-efi-$(ARCH).o | |
c682b514 | 15 | EFI_LDS = elf_$(ARCH)_efi.lds |
b2fe1780 | 16 | |
e053c227 | 17 | DEFAULT_LOADER := \\\\grub.efi |
632503aa | 18 | CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \ |
cf718e19 | 19 | -fshort-wchar -Wall -Werror -mno-red-zone -maccumulate-outgoing-args \ |
cbef697a | 20 | -mno-mmx -mno-sse -fno-builtin \ |
e053c227 PJ |
21 | "-DDEFAULT_LOADER=L\"$(DEFAULT_LOADER)\"" \ |
22 | "-DDEFAULT_LOADER_CHAR=\"$(DEFAULT_LOADER)\"" \ | |
b2fe1780 | 23 | $(EFI_INCLUDES) |
bb2fe4cf PJ |
24 | |
25 | ifneq ($(origin OVERRIDE_SECURITY_POLICY), undefined) | |
26 | CFLAGS += -DOVERRIDE_SECURITY_POLICY | |
27 | endif | |
b2fe1780 | 28 | ifeq ($(ARCH),x86_64) |
aa55fcf1 | 29 | CFLAGS += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI |
b2fe1780 | 30 | endif |
8518b8cc PJ |
31 | ifneq ($(origin VENDOR_CERT_FILE), undefined) |
32 | CFLAGS += -DVENDOR_CERT_FILE=\"$(VENDOR_CERT_FILE)\" | |
33 | endif | |
ff1409c3 PJ |
34 | ifneq ($(origin VENDOR_DBX_FILE), undefined) |
35 | CFLAGS += -DVENDOR_DBX_FILE=\"$(VENDOR_DBX_FILE)\" | |
36 | endif | |
8518b8cc | 37 | |
b2d0e06f | 38 | LDFLAGS = -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsymbolic -L$(EFI_PATH) -L$(LIB_PATH) -LCryptlib -LCryptlib/OpenSSL $(EFI_CRT_OBJS) |
b2fe1780 | 39 | |
6ae4e4f9 | 40 | VERSION = 0.7 |
43eeb538 | 41 | |
eb9f7f1c | 42 | TARGET = shim.efi MokManager.efi.signed fallback.efi.signed |
0fb089ee | 43 | OBJS = shim.o netboot.o cert.o replacements.o version.o |
2892db7f | 44 | KEYS = shim_cert.h ocsp.* ca.* shim.crt shim.csr shim.p12 shim.pem shim.key shim.cer |
0fb089ee | 45 | SOURCES = shim.c shim.h netboot.c include/PeImage.h include/wincert.h include/console.h replacements.c replacements.h version.c version.h |
114dad49 | 46 | MOK_OBJS = MokManager.o PasswordCrypt.o crypt_blowfish.o |
417077f8 | 47 | MOK_SOURCES = MokManager.c shim.h include/console.h PasswordCrypt.c PasswordCrypt.h crypt_blowfish.c crypt_blowfish.h |
eb9f7f1c PJ |
48 | FALLBACK_OBJS = fallback.o |
49 | FALLBACK_SRCS = fallback.c | |
b2fe1780 | 50 | |
37e456be | 51 | all: $(TARGET) |
b2fe1780 | 52 | |
ef8c9962 MG |
53 | shim.crt: |
54 | ./make-certs shim shim@xn--u4h.net all codesign 1.3.6.1.4.1.311.10.3.1 </dev/null | |
55 | ||
56 | shim.cer: shim.crt | |
57 | openssl x509 -outform der -in $< -out $@ | |
58 | ||
59 | shim_cert.h: shim.cer | |
60 | echo "static UINT8 shim_cert[] = {" > $@ | |
61 | hexdump -v -e '1/1 "0x%02x, "' $< >> $@ | |
62 | echo "};" >> $@ | |
63 | ||
0fb089ee PJ |
64 | version.c : version.c.in |
65 | sed -e "s,@@VERSION@@,$(VERSION)," \ | |
66 | -e "s,@@UNAME@@,$(shell uname -a)," \ | |
67 | -e "s,@@COMMIT@@,$(shell if [ -d .git ] ; then git log -1 --pretty=format:%H ; elif [ -f commit ]; then cat commit ; else echo commit id not available; fi)," \ | |
68 | < version.c.in > version.c | |
69 | ||
ef8c9962 MG |
70 | certdb/secmod.db: shim.crt |
71 | -mkdir certdb | |
72 | certutil -A -n 'my CA' -d certdb/ -t CT,CT,CT -i ca.crt | |
73 | pk12util -d certdb/ -i shim.p12 -W "" -K "" | |
74 | certutil -d certdb/ -A -i shim.crt -n shim -t u | |
75 | ||
76 | shim.o: $(SOURCES) shim_cert.h | |
b2fe1780 | 77 | |
8518b8cc PJ |
78 | cert.o : cert.S |
79 | $(CC) $(CFLAGS) -c -o $@ $< | |
80 | ||
53862dda | 81 | shim.so: $(OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a |
7f055335 MG |
82 | $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) |
83 | ||
eb9f7f1c PJ |
84 | fallback.o: $(FALLBACK_SRCS) |
85 | ||
663b2b93 | 86 | fallback.so: $(FALLBACK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a |
eb9f7f1c PJ |
87 | $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) |
88 | ||
3a838b14 | 89 | MokManager.o: $(MOK_SOURCES) |
333bd977 | 90 | |
17857eb8 MG |
91 | MokManager.so: $(MOK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a |
92 | $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) lib/lib.a | |
333bd977 | 93 | |
b2d0e06f | 94 | Cryptlib/libcryptlib.a: |
cfac0bb9 | 95 | $(MAKE) -C Cryptlib EFI_PATH=$(EFI_PATH) EFI_INCLUDE=$(EFI_INCLUDE) ARCH=$(ARCH) |
b2d0e06f MG |
96 | |
97 | Cryptlib/OpenSSL/libopenssl.a: | |
cfac0bb9 | 98 | $(MAKE) -C Cryptlib/OpenSSL EFI_PATH=$(EFI_PATH) EFI_INCLUDE=$(EFI_INCLUDE) ARCH=$(ARCH) |
b2d0e06f | 99 | |
17857eb8 | 100 | lib/lib.a: |
cfac0bb9 | 101 | $(MAKE) -C lib EFI_PATH=$(EFI_PATH) EFI_INCLUDE=$(EFI_INCLUDE) ARCH=$(ARCH) |
17857eb8 | 102 | |
b2d0e06f | 103 | %.efi: %.so |
b2fe1780 MG |
104 | objcopy -j .text -j .sdata -j .data \ |
105 | -j .dynamic -j .dynsym -j .rel \ | |
5b1bf558 | 106 | -j .rela -j .reloc -j .eh_frame \ |
c682b514 | 107 | -j .vendor_cert \ |
7f055335 | 108 | --target=efi-app-$(ARCH) $^ $@ |
5b1bf558 MG |
109 | objcopy -j .text -j .sdata -j .data \ |
110 | -j .dynamic -j .dynsym -j .rel \ | |
111 | -j .rela -j .reloc -j .eh_frame \ | |
112 | -j .debug_info -j .debug_abbrev -j .debug_aranges \ | |
113 | -j .debug_line -j .debug_str -j .debug_ranges \ | |
e676d64a | 114 | --target=efi-app-$(ARCH) $^ $@.debug |
b2fe1780 | 115 | |
ef8c9962 MG |
116 | %.efi.signed: %.efi certdb/secmod.db |
117 | pesign -n certdb -i $< -c "shim" -s -o $@ -f | |
118 | ||
b2fe1780 | 119 | clean: |
b2d0e06f MG |
120 | $(MAKE) -C Cryptlib clean |
121 | $(MAKE) -C Cryptlib/OpenSSL clean | |
cdd2dc91 | 122 | $(MAKE) -C lib clean |
1de10962 | 123 | rm -rf $(TARGET) $(OBJS) $(MOK_OBJS) $(FALLBACK_OBJS) $(KEYS) certdb |
0fb089ee | 124 | rm -f *.debug *.so *.efi *.tar.* version.c |
43eeb538 PJ |
125 | |
126 | GITTAG = $(VERSION) | |
127 | ||
128 | test-archive: | |
129 | @rm -rf /tmp/shim-$(VERSION) /tmp/shim-$(VERSION)-tmp | |
130 | @mkdir -p /tmp/shim-$(VERSION)-tmp | |
131 | @git archive --format=tar $(shell git branch | awk '/^*/ { print $$2 }') | ( cd /tmp/shim-$(VERSION)-tmp/ ; tar x ) | |
132 | @git diff | ( cd /tmp/shim-$(VERSION)-tmp/ ; patch -s -p1 -b -z .gitdiff ) | |
133 | @mv /tmp/shim-$(VERSION)-tmp/ /tmp/shim-$(VERSION)/ | |
0fb089ee | 134 | @git log -1 --pretty=format:%H > /tmp/shim-$(VERSION)/commit |
43eeb538 PJ |
135 | @dir=$$PWD; cd /tmp; tar -c --bzip2 -f $$dir/shim-$(VERSION).tar.bz2 shim-$(VERSION) |
136 | @rm -rf /tmp/shim-$(VERSION) | |
137 | @echo "The archive is in shim-$(VERSION).tar.bz2" | |
138 | ||
acac3380 PJ |
139 | tag: |
140 | git tag --sign $(GITTAG) refs/heads/master | |
141 | ||
142 | archive: tag | |
43eeb538 PJ |
143 | @rm -rf /tmp/shim-$(VERSION) /tmp/shim-$(VERSION)-tmp |
144 | @mkdir -p /tmp/shim-$(VERSION)-tmp | |
145 | @git archive --format=tar $(GITTAG) | ( cd /tmp/shim-$(VERSION)-tmp/ ; tar x ) | |
146 | @mv /tmp/shim-$(VERSION)-tmp/ /tmp/shim-$(VERSION)/ | |
0fb089ee | 147 | @git log -1 --pretty=format:%H > /tmp/shim-$(VERSION)/commit |
43eeb538 PJ |
148 | @dir=$$PWD; cd /tmp; tar -c --bzip2 -f $$dir/shim-$(VERSION).tar.bz2 shim-$(VERSION) |
149 | @rm -rf /tmp/shim-$(VERSION) | |
150 | @echo "The archive is in shim-$(VERSION).tar.bz2" |