Makefile

   1 ARCH            = $(shell uname -m | sed s,i[3456789]86,ia32,)
   2
   3 SUBDIRS         = Cryptlib lib
   4
   5 LIB_PATH        = /usr/lib64
   6
   7 EFI_INCLUDE     = /usr/include/efi
   8 EFI_INCLUDES    = -nostdinc -ICryptlib -ICryptlib/Include -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol
   9 EFI_PATH        := /usr/lib64/gnuefi
  10
  11 LIB_GCC         = $(shell $(CC) -print-libgcc-file-name)
  12 EFI_LIBS        = -lefi -lgnuefi --start-group Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a --end-group $(LIB_GCC)
  13
  14 EFI_CRT_OBJS    = $(EFI_PATH)/crt0-efi-$(ARCH).o
  15 EFI_LDS         = elf_$(ARCH)_efi.lds
  16
  17 DEFAULT_LOADER  := \\\\grub.efi
  18 CFLAGS          = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \
  19                   -fshort-wchar -Wall -Werror -mno-red-zone -maccumulate-outgoing-args \
  20                   -mno-mmx -mno-sse \
  21                   "-DDEFAULT_LOADER=L\"$(DEFAULT_LOADER)\"" \
  22                   "-DDEFAULT_LOADER_CHAR=\"$(DEFAULT_LOADER)\"" \
  23                   $(EFI_INCLUDES)
  24 ifeq ($(ARCH),x86_64)
  25         CFLAGS  += -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI
  26 endif
  27 ifneq ($(origin VENDOR_CERT_FILE), undefined)
  28         CFLAGS += -DVENDOR_CERT_FILE=\"$(VENDOR_CERT_FILE)\"
  29 endif
  30 ifneq ($(origin VENDOR_DBX_FILE), undefined)
  31         CFLAGS += -DVENDOR_DBX_FILE=\"$(VENDOR_DBX_FILE)\"
  32 endif
  33
  34 LDFLAGS         = -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsymbolic -L$(EFI_PATH) -L$(LIB_PATH) -LCryptlib -LCryptlib/OpenSSL $(EFI_CRT_OBJS)
  35
  36 VERSION         = 0.4
  37
  38 TARGET  = shim.efi MokManager.efi.signed fallback.efi.signed
  39 OBJS    = shim.o netboot.o cert.o dbx.o
  40 KEYS    = shim_cert.h ocsp.* ca.* shim.crt shim.csr shim.p12 shim.pem shim.key
  41 SOURCES = shim.c shim.h netboot.c signature.h PeImage.h
  42 MOK_OBJS = MokManager.o PasswordCrypt.o crypt_blowfish.o
  43 MOK_SOURCES = MokManager.c shim.h console_control.h PasswordCrypt.c PasswordCrypt.h crypt_blowfish.c crypt_blowfish.h
  44 FALLBACK_OBJS = fallback.o
  45 FALLBACK_SRCS = fallback.c
  46
  47 all: $(TARGET)
  48
  49 shim.crt:
  50         ./make-certs shim shim@xn--u4h.net all codesign 1.3.6.1.4.1.311.10.3.1 </dev/null
  51
  52 shim.cer: shim.crt
  53         openssl x509 -outform der -in $< -out $@
  54
  55 shim_cert.h: shim.cer
  56         echo "static UINT8 shim_cert[] = {" > $@
  57         hexdump -v -e '1/1 "0x%02x, "' $< >> $@
  58         echo "};" >> $@
  59
  60 certdb/secmod.db: shim.crt
  61         -mkdir certdb
  62         certutil -A -n 'my CA' -d certdb/ -t CT,CT,CT -i ca.crt
  63         pk12util -d certdb/ -i shim.p12 -W "" -K ""
  64         certutil -d certdb/ -A -i shim.crt -n shim -t u
  65
  66 shim.o: $(SOURCES) shim_cert.h
  67
  68 cert.o : cert.S
  69         $(CC) $(CFLAGS) -c -o $@ $<
  70
  71 dbx.o : dbx.S
  72         $(CC) $(CFLAGS) -c -o $@ $<
  73
  74 shim.so: $(OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a
  75         $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS)
  76
  77 fallback.o: $(FALLBACK_SRCS)
  78
  79 fallback.so: $(FALLBACK_OBJS)
  80         $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS)
  81
  82 MokManager.o: $(MOK_SOURCES)
  83
  84 MokManager.so: $(MOK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a
  85         $(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) lib/lib.a
  86
  87 Cryptlib/libcryptlib.a:
  88         $(MAKE) -C Cryptlib
  89
  90 Cryptlib/OpenSSL/libopenssl.a:
  91         $(MAKE) -C Cryptlib/OpenSSL
  92
  93 lib/lib.a:
  94         $(MAKE) -C lib EFI_PATH=$(EFI_PATH)
  95
  96 %.efi: %.so
  97         objcopy -j .text -j .sdata -j .data \
  98                 -j .dynamic -j .dynsym  -j .rel \
  99                 -j .rela -j .reloc -j .eh_frame \
 100                 -j .vendor_cert \
 101                 --target=efi-app-$(ARCH) $^ $@
 102         objcopy -j .text -j .sdata -j .data \
 103                 -j .dynamic -j .dynsym  -j .rel \
 104                 -j .rela -j .reloc -j .eh_frame \
 105                 -j .debug_info -j .debug_abbrev -j .debug_aranges \
 106                 -j .debug_line -j .debug_str -j .debug_ranges \
 107                 --target=efi-app-$(ARCH) $^ $@.debug
 108
 109 %.efi.signed: %.efi certdb/secmod.db
 110         pesign -n certdb -i $< -c "shim" -s -o $@ -f
 111
 112 clean:
 113         $(MAKE) -C Cryptlib clean
 114         $(MAKE) -C Cryptlib/OpenSSL clean
 115         $(MAKE) -C lib clean
 116         rm -rf $(TARGET) $(OBJS) $(MOK_OBJS) $(FALLBACK_OBJS) $(KEYS) certdb
 117         rm -f *.debug *.so *.efi
 118
 119 GITTAG = $(VERSION)
 120
 121 test-archive:
 122         @rm -rf /tmp/shim-$(VERSION) /tmp/shim-$(VERSION)-tmp
 123         @mkdir -p /tmp/shim-$(VERSION)-tmp
 124         @git archive --format=tar $(shell git branch | awk '/^*/ { print $$2 }') | ( cd /tmp/shim-$(VERSION)-tmp/ ; tar x )
 125         @git diff | ( cd /tmp/shim-$(VERSION)-tmp/ ; patch -s -p1 -b -z .gitdiff )
 126         @mv /tmp/shim-$(VERSION)-tmp/ /tmp/shim-$(VERSION)/
 127         @dir=$$PWD; cd /tmp; tar -c --bzip2 -f $$dir/shim-$(VERSION).tar.bz2 shim-$(VERSION)
 128         @rm -rf /tmp/shim-$(VERSION)
 129         @echo "The archive is in shim-$(VERSION).tar.bz2"
 130
 131 archive:
 132         git tag $(GITTAG) refs/heads/master
 133         @rm -rf /tmp/shim-$(VERSION) /tmp/shim-$(VERSION)-tmp
 134         @mkdir -p /tmp/shim-$(VERSION)-tmp
 135         @git archive --format=tar $(GITTAG) | ( cd /tmp/shim-$(VERSION)-tmp/ ; tar x )
 136         @mv /tmp/shim-$(VERSION)-tmp/ /tmp/shim-$(VERSION)/
 137         @dir=$$PWD; cd /tmp; tar -c --bzip2 -f $$dir/shim-$(VERSION).tar.bz2 shim-$(VERSION)
 138         @rm -rf /tmp/shim-$(VERSION)
 139         @echo "The archive is in shim-$(VERSION).tar.bz2"