]> git.proxmox.com Git - efi-boot-shim.git/blob - Make.defaults
projects / efi-boot-shim.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Force usage of newest revocations at build time
[efi-boot-shim.git] / Make.defaults
1
2 # load the local configuration if it exists
3 -include Make.local
4 -include $(TOPDIR)/Make.local
5
6 COMPILER ?= gcc
7 CC = $(CROSS_COMPILE)$(COMPILER)
8 HOSTCC = $(COMPILER)
9 LD = $(CROSS_COMPILE)ld
10 OBJCOPY = $(CROSS_COMPILE)objcopy
11 DOS2UNIX ?= dos2unix
12 D2UFLAGS ?= -r -l -F -f -n
13 OPENSSL ?= openssl
14 HEXDUMP ?= hexdump
15 INSTALL ?= install
16 PK12UTIL ?= pk12util
17 CERTUTIL ?= certutil
18 PESIGN ?= pesign
19 SBSIGN ?= sbsign
20 prefix ?= /usr
21 prefix := $(abspath $(prefix))
22 datadir ?= $(prefix)/share/
23 PKGNAME ?= shim
24 ESPROOTDIR ?= boot/efi/
25 EFIBOOTDIR ?= $(ESPROOTDIR)EFI/BOOT/
26 TARGETDIR ?= $(ESPROOTDIR)EFI/$(EFIDIR)/
27 DATATARGETDIR ?= $(datadir)/$(PKGNAME)/$(VERSION)$(DASHRELEASE)/$(ARCH_SUFFIX)/
28 DEBUGINFO ?= $(prefix)/lib/debug/
29 DEBUGSOURCE ?= $(prefix)/src/debug/
30 OSLABEL ?= $(EFIDIR)
31 DEFAULT_LOADER ?= \\\\grub$(ARCH_SUFFIX).efi
32 DASHJ ?= -j$(shell echo $$(($$(grep -c "^model name" /proc/cpuinfo) + 1)))
33
34 ARCH ?= $(shell $(CC) -dumpmachine | cut -f1 -d- | sed s,i[3456789]86,ia32,)
35 OBJCOPY_GTE224 = $(shell expr `$(OBJCOPY) --version |grep ^"GNU objcopy" | sed 's/^.*\((.*)\|version\) //g' | cut -f1-2 -d.` \>= 2.24)
36 OPTIMIZATIONS ?= -Os
37 FA_OPTIMIZATIONS ?= -O2
38 ifneq ($(FANALYZER),)
39 override OPTIMIZATIONS := $(FA_OPTIMIZATIONS)
40 override CCACHE_DISABLE := true
41 endif
42 export OPTIMIZATIONS
43 ifneq ($(CCACHE_DISABLE),)
44 export CCACHE_DISABLE
45 endif
46
47 SUBDIRS = $(TOPDIR)/Cryptlib $(TOPDIR)/lib
48
49 EFI_INCLUDE ?= $(TOPDIR)/gnu-efi/inc
50 EFI_INCLUDES = -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol
51 override EFI_INCLUDES := $(EFI_INCLUDES)
52 EFI_CRT_OBJS = $(LOCAL_EFI_PATH)/crt0-efi-$(ARCH_GNUEFI).o
53 EFI_LDS = $(TOPDIR)/elf_$(ARCH)_efi.lds
54
55 CLANG_WARNINGS = -Wno-pointer-bool-conversion \
56 -Wno-unknown-attributes
57
58 CLANG_BUGS = $(if $(findstring gcc,$(CC)),-maccumulate-outgoing-args,) \
59 $(if $(findstring clang,$(CC)),$(CLANG_WARNINGS))
60
61 COMMIT_ID ?= $(shell if [ -e .git ] ; then git log -1 --pretty=format:%H ; elif [ -f commit ]; then cat commit ; else echo master; fi)
62
63 ifeq ($(ARCH),x86_64)
64 ARCH_CFLAGS ?= -mno-mmx -mno-sse -mno-red-zone -nostdinc \
65 $(CLANG_BUGS) -m64 \
66 -DMDE_CPU_X64 -DPAGE_SIZE=4096
67 ARCH_GNUEFI ?= x86_64
68 ARCH_SUFFIX ?= x64
69 ARCH_SUFFIX_UPPER ?= X64
70 ARCH_LDFLAGS ?=
71 endif
72 ifeq ($(ARCH),ia32)
73 ARCH_CFLAGS ?= -mno-mmx -mno-sse -mno-red-zone -nostdinc \
74 $(CLANG_BUGS) -m32 -malign-double \
75 -DMDE_CPU_IA32 -DPAGE_SIZE=4096
76 ARCH_GNUEFI ?= ia32
77 ARCH_SUFFIX ?= ia32
78 ARCH_SUFFIX_UPPER ?= IA32
79 ARCH_LDFLAGS ?=
80 ARCH_CFLAGS ?= -m32
81 endif
82 ifeq ($(ARCH),aarch64)
83 ARCH_CFLAGS ?= -DMDE_CPU_AARCH64 -DPAGE_SIZE=4096 -mstrict-align
84 ARCH_GNUEFI ?= aarch64
85 ARCH_SUFFIX ?= aa64
86 ARCH_SUFFIX_UPPER ?= AA64
87 ARCH_LDFLAGS ?=
88 ARCH_CFLAGS ?=
89 endif
90 ifeq ($(ARCH),arm)
91 ARCH_CFLAGS ?= -DMDE_CPU_ARM -DPAGE_SIZE=4096 -mno-unaligned-access
92 ARCH_GNUEFI ?= arm
93 ARCH_SUFFIX ?= arm
94 ARCH_SUFFIX_UPPER ?= ARM
95 FORMAT := -O binary
96 SUBSYSTEM := 0xa
97 ARCH_LDFLAGS += --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM)
98 endif
99
100 DEFINES = -DDEFAULT_LOADER='L"$(DEFAULT_LOADER)"' \
101 -DDEFAULT_LOADER_CHAR='"$(DEFAULT_LOADER)"'
102
103 INCLUDES = -nostdinc \
104 -I$(TOPDIR)/Cryptlib -I$(TOPDIR)/Cryptlib/Include \
105 -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH_GNUEFI) -I$(EFI_INCLUDE)/protocol \
106 -I$(TOPDIR)/include -iquote $(TOPDIR) -iquote $(shell pwd) \
107 -isystem $(TOPDIR)/include/system \
108 -isystem $(shell $(CC) $(ARCH_CFLAGS) -print-file-name=include)
109
110 override DEFAULT_FEATUREFLAGS = \
111 -std=gnu11 \
112 -ggdb \
113 -ffreestanding \
114 $(shell $(CC) -fmacro-prefix-map=./=./ -E -x c /dev/null >/dev/null 2>&1 && echo -fmacro-prefix-map='$(TOPDIR)/=$(DEBUGSRC)') \
115 -fno-stack-protector \
116 -fno-strict-aliasing \
117 -fpic \
118 -fshort-wchar
119 $(call update-variable,FEATUREFLAGS)
120 $(call conditional-add-flag,$(FANALYZER),analyzer,FEATUREFLAGS,-fanalyzer)
121 $(call conditional-add-flag,$(COLOR),diagnostics-color,FEATUREFLAGS,-fdiagnostics-color=always)
122
123 override DEFAULT_WARNFLAGS = \
124 -Wall \
125 -Wextra \
126 -Wno-missing-field-initializers
127 $(call update-variable,WARNFLAGS)
128
129 override DEFAULT_WERRFLAGS = \
130 -Werror
131 $(call update-variable,WERRFLAGS)
132
133 CFLAGS = $(FEATUREFLAGS) \
134 $(OPTIMIZATIONS) \
135 $(WARNFLAGS) \
136 $(if $(findstring clang,$(CC)),$(CLANG_WARNINGS)) \
137 $(ARCH_CFLAGS) \
138 $(WERRFLAGS) \
139 $(INCLUDES) \
140 $(DEFINES)
141
142 POST_PROCESS_PE_FLAGS =
143
144 ifneq ($(origin OVERRIDE_SECURITY_POLICY), undefined)
145 DEFINES += -DOVERRIDE_SECURITY_POLICY
146 endif
147
148 ifneq ($(origin REQUIRE_TPM), undefined)
149 DEFINES += -DREQUIRE_TPM
150 endif
151
152 ifneq ($(origin DISABLE_EBS_PROTECTION), undefined)
153 DEFINES += -DDISABLE_EBS_PROTECTION
154 endif
155
156 ifneq ($(origin DISABLE_REMOVABLE_LOAD_OPTIONS), undefined)
157 DEFINES += -DDISABLE_REMOVABLE_LOAD_OPTIONS
158 endif
159
160 LIB_GCC = $(shell $(CC) $(ARCH_CFLAGS) -print-libgcc-file-name)
161 EFI_LIBS = -lefi -lgnuefi --start-group Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a --end-group $(LIB_GCC)
162 FORMAT ?= --target efi-app-$(ARCH)
163 LOCAL_EFI_PATH = gnu-efi/$(ARCH_GNUEFI)/gnuefi
164 LIBDIR = gnu-efi/$(ARCH_GNUEFI)/lib
165
166 MMSTEM ?= mm$(ARCH_SUFFIX)
167 MMNAME = $(MMSTEM).efi
168 MMSONAME = $(MMSTEM).so
169 FBSTEM ?= fb$(ARCH_SUFFIX)
170 FBNAME = $(FBSTEM).efi
171 FBSONAME = $(FBSTEM).so
172 SHIMSTEM ?= shim$(ARCH_SUFFIX)
173 SHIMNAME = $(SHIMSTEM).efi
174 SHIMSONAME = $(SHIMSTEM).so
175 SHIMHASHNAME = $(SHIMSTEM).hash
176 BOOTEFINAME ?= BOOT$(ARCH_SUFFIX_UPPER).EFI
177 BOOTCSVNAME ?= BOOT$(ARCH_SUFFIX_UPPER).CSV
178
179 DEFINES += -DEFI_ARCH='L"$(ARCH_SUFFIX)"' \
180 -DDEBUGDIR='L"/usr/lib/debug/usr/share/shim/$(ARCH_SUFFIX)-$(VERSION)$(DASHRELEASE)/"'
181
182 ifneq ($(origin VENDOR_DB_FILE), undefined)
183 DEFINES += -DVENDOR_DB_FILE=\"$(VENDOR_DB_FILE)\"
184 endif
185 ifneq ($(origin VENDOR_CERT_FILE), undefined)
186 DEFINES += -DVENDOR_CERT_FILE=\"$(VENDOR_CERT_FILE)\"
187 endif
188 ifneq ($(origin VENDOR_DBX_FILE), undefined)
189 DEFINES += -DVENDOR_DBX_FILE=\"$(VENDOR_DBX_FILE)\"
190 endif
191 ifneq ($(origin SBAT_AUTOMATIC_DATE), undefined)
192 DEFINES += -DSBAT_AUTOMATIC_DATE=$(SBAT_AUTOMATIC_DATE)
193 endif
194
195 LDFLAGS = --hash-style=sysv -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsymbolic -L$(LOCAL_EFI_PATH) -L$(LIBDIR) -LCryptlib -LCryptlib/OpenSSL $(EFI_CRT_OBJS) --build-id=sha1 $(ARCH_LDFLAGS) --no-undefined
196
197 ifneq ($(DEBUG),)
198 export DEBUG
199 endif
200 ifneq ($(VERBOSE),)
201 export VERBOSE
202 endif
203
204 # vim:filetype=make
shim, a first-stage UEFI bootloader adapted for Proxmox projects