1 ARCH
= $(shell uname
-m | sed s
,i
[3456789]86,ia32
,)
7 EFI_INCLUDE
= /usr
/include/efi
8 EFI_INCLUDES
= -nostdinc
-ICryptlib
-ICryptlib
/Include
-I
$(EFI_INCLUDE
) -I
$(EFI_INCLUDE
)/$(ARCH
) -I
$(EFI_INCLUDE
)/protocol
9 EFI_PATH
:= /usr
/lib64
/gnuefi
11 LIB_GCC
= $(shell $(CC
) -print-libgcc-file-name
)
12 EFI_LIBS
= -lefi
-lgnuefi
--start-group Cryptlib
/libcryptlib.a Cryptlib
/OpenSSL
/libopenssl.a
--end-group
$(LIB_GCC
)
14 EFI_CRT_OBJS
= $(EFI_PATH
)/crt0-efi-
$(ARCH
).o
15 EFI_LDS
= elf_
$(ARCH
)_efi.lds
17 DEFAULT_LOADER
:= \\\\grub.efi
18 CFLAGS
= -ggdb
-O0
-fno-stack-protector
-fno-strict-aliasing
-fpic \
19 -fshort-wchar
-Wall
-Werror
-mno-red-zone
-maccumulate-outgoing-args \
21 "-DDEFAULT_LOADER=L\"$(DEFAULT_LOADER)\"" \
22 "-DDEFAULT_LOADER_CHAR=\"$(DEFAULT_LOADER)\"" \
25 CFLAGS
+= -DEFI_FUNCTION_WRAPPER
-DGNU_EFI_USE_MS_ABI
27 ifneq ($(origin VENDOR_CERT_FILE
), undefined
)
28 CFLAGS
+= -DVENDOR_CERT_FILE
=\"$(VENDOR_CERT_FILE
)\"
30 ifneq ($(origin VENDOR_DBX_FILE
), undefined
)
31 CFLAGS
+= -DVENDOR_DBX_FILE
=\"$(VENDOR_DBX_FILE
)\"
34 LDFLAGS
= -nostdlib
-znocombreloc
-T
$(EFI_LDS
) -shared
-Bsymbolic
-L
$(EFI_PATH
) -L
$(LIB_PATH
) -LCryptlib
-LCryptlib
/OpenSSL
$(EFI_CRT_OBJS
)
38 TARGET
= shim.efi MokManager.efi.signed fallback.efi.signed
39 OBJS
= shim.o netboot.o cert.o dbx.o
40 KEYS
= shim_cert.h ocsp.
* ca.
* shim.crt shim.csr shim.p12 shim.pem shim.key
41 SOURCES
= shim.c shim.h netboot.c signature.h PeImage.h
42 MOK_OBJS
= MokManager.o PasswordCrypt.o crypt_blowfish.o
43 MOK_SOURCES
= MokManager.c shim.h console_control.h PasswordCrypt.c PasswordCrypt.h crypt_blowfish.c crypt_blowfish.h
44 FALLBACK_OBJS
= fallback.o
45 FALLBACK_SRCS
= fallback.c
50 .
/make-certs shim shim@xn--u4h.net
all codesign
1.3.6.1.4.1.311.10.3.1 </dev
/null
53 openssl x509
-outform der
-in
$< -out
$@
56 echo
"static UINT8 shim_cert[] = {" > $@
57 hexdump
-v
-e
'1/1 "0x%02x, "' $< >> $@
60 certdb
/secmod.db
: shim.crt
62 certutil
-A
-n
'my CA' -d certdb
/ -t CT
,CT
,CT
-i ca.crt
63 pk12util
-d certdb
/ -i shim.p12
-W
"" -K
""
64 certutil
-d certdb
/ -A
-i shim.crt
-n shim
-t u
66 shim.o
: $(SOURCES
) shim_cert.h
69 $(CC
) $(CFLAGS
) -c
-o
$@
$<
72 $(CC
) $(CFLAGS
) -c
-o
$@
$<
74 shim.so
: $(OBJS
) Cryptlib
/libcryptlib.a Cryptlib
/OpenSSL
/libopenssl.a
75 $(LD
) -o
$@
$(LDFLAGS
) $^
$(EFI_LIBS
)
77 fallback.o
: $(FALLBACK_SRCS
)
79 fallback.so
: $(FALLBACK_OBJS
)
80 $(LD
) -o
$@
$(LDFLAGS
) $^
$(EFI_LIBS
)
82 MokManager.o
: $(MOK_SOURCES
)
84 MokManager.so
: $(MOK_OBJS
) Cryptlib
/libcryptlib.a Cryptlib
/OpenSSL
/libopenssl.a lib
/lib.a
85 $(LD
) -o
$@
$(LDFLAGS
) $^
$(EFI_LIBS
) lib
/lib.a
87 Cryptlib
/libcryptlib.a
:
90 Cryptlib
/OpenSSL
/libopenssl.a
:
91 $(MAKE
) -C Cryptlib
/OpenSSL
94 $(MAKE
) -C lib EFI_PATH
=$(EFI_PATH
)
97 objcopy
-j .text
-j .sdata
-j .data \
98 -j .dynamic
-j .dynsym
-j .rel \
99 -j .rela
-j .reloc
-j .eh_frame \
101 --target
=efi-app-
$(ARCH
) $^
$@
102 objcopy
-j .text
-j .sdata
-j .data \
103 -j .dynamic
-j .dynsym
-j .rel \
104 -j .rela
-j .reloc
-j .eh_frame \
105 -j .debug_info
-j .debug_abbrev
-j .debug_aranges \
106 -j .debug_line
-j .debug_str
-j .debug_ranges \
107 --target
=efi-app-
$(ARCH
) $^
$@.debug
109 %.efi.signed
: %.efi certdb
/secmod.db
110 pesign
-n certdb
-i
$< -c
"shim" -s
-o
$@
-f
113 $(MAKE
) -C Cryptlib
clean
114 $(MAKE
) -C Cryptlib
/OpenSSL
clean
116 rm -rf
$(TARGET
) $(OBJS
) $(MOK_OBJS
) $(FALLBACK_OBJS
) $(KEYS
) certdb
117 rm -f
*.debug
*.so
*.efi
122 @
rm -rf
/tmp
/shim-
$(VERSION
) /tmp
/shim-
$(VERSION
)-tmp
123 @mkdir
-p
/tmp
/shim-
$(VERSION
)-tmp
124 @git archive
--format
=tar $(shell git branch | awk
'/^*/ { print $$2 }') |
( cd
/tmp
/shim-
$(VERSION
)-tmp
/ ; tar x
)
125 @git diff |
( cd
/tmp
/shim-
$(VERSION
)-tmp
/ ; patch
-s
-p1
-b
-z .gitdiff
)
126 @mv
/tmp
/shim-
$(VERSION
)-tmp
/ /tmp
/shim-
$(VERSION
)/
127 @
dir=$$PWD; cd
/tmp
; tar -c
--bzip2
-f
$$dir/shim-
$(VERSION
).
tar.bz2 shim-
$(VERSION
)
128 @
rm -rf
/tmp
/shim-
$(VERSION
)
129 @echo
"The archive is in shim-$(VERSION).tar.bz2"
132 git tag
$(GITTAG
) refs
/heads
/master
133 @
rm -rf
/tmp
/shim-
$(VERSION
) /tmp
/shim-
$(VERSION
)-tmp
134 @mkdir
-p
/tmp
/shim-
$(VERSION
)-tmp
135 @git archive
--format
=tar $(GITTAG
) |
( cd
/tmp
/shim-
$(VERSION
)-tmp
/ ; tar x
)
136 @mv
/tmp
/shim-
$(VERSION
)-tmp
/ /tmp
/shim-
$(VERSION
)/
137 @
dir=$$PWD; cd
/tmp
; tar -c
--bzip2
-f
$$dir/shim-
$(VERSION
).
tar.bz2 shim-
$(VERSION
)
138 @
rm -rf
/tmp
/shim-
$(VERSION
)
139 @echo
"The archive is in shim-$(VERSION).tar.bz2"