7 CC
= $(CROSS_COMPILE
)gcc
8 LD
= $(CROSS_COMPILE
)ld
9 OBJCOPY
= $(CROSS_COMPILE
)objcopy
16 ARCH
= $(shell $(CC
) -dumpmachine | cut
-f1
-d- | sed s
,i
[3456789]86,ia32
,)
17 OBJCOPY_GTE224
= $(shell expr
`$(OBJCOPY) --version |grep ^"GNU objcopy" | sed 's/^.*\((.*)\|version\) //g' | cut -f1-2 -d.` \
>= 2.24)
19 SUBDIRS
= Cryptlib lib
21 EFI_INCLUDE
:= /usr
/include/efi
22 EFI_INCLUDES
= -nostdinc
-ICryptlib
-ICryptlib
/Include
-I
$(EFI_INCLUDE
) -I
$(EFI_INCLUDE
)/$(ARCH
) -I
$(EFI_INCLUDE
)/protocol
-I
$(shell pwd
)/include
24 LIB_GCC
= $(shell $(CC
) -print-libgcc-file-name
)
25 EFI_LIBS
= -lefi
-lgnuefi
--start-group Cryptlib
/libcryptlib.a Cryptlib
/OpenSSL
/libopenssl.a
--end-group
$(LIB_GCC
)
27 EFI_CRT_OBJS
= $(EFI_PATH
)/crt0-efi-
$(ARCH
).o
28 EFI_LDS
= elf_
$(ARCH
)_efi.lds
30 DEFAULT_LOADER
:= \\\\grub.efi
31 CFLAGS
= -ggdb
-O0
-fno-stack-protector
-fno-strict-aliasing
-fpic \
32 -fshort-wchar
-Wall
-Wsign-compare
-Werror
-fno-builtin \
33 -Werror
=sign-compare
-ffreestanding
-std
=gnu89 \
34 -I
$(shell $(CC
) -print-file-name
=include) \
35 "-DDEFAULT_LOADER=L\"$(DEFAULT_LOADER)\"" \
36 "-DDEFAULT_LOADER_CHAR=\"$(DEFAULT_LOADER)\"" \
42 COMMITID ?
= $(shell if
[ -d .git
] ; then git log
-1 --pretty
=format
:%H
; elif
[ -f commit
]; then cat commit
; else echo commit id not available
; fi
)
44 ifneq ($(origin OVERRIDE_SECURITY_POLICY
), undefined
)
45 CFLAGS
+= -DOVERRIDE_SECURITY_POLICY
48 ifneq ($(origin ENABLE_HTTPBOOT
), undefined
)
49 CFLAGS
+= -DENABLE_HTTPBOOT
53 CFLAGS
+= -mno-mmx
-mno-sse
-mno-red-zone
-nostdinc \
54 -maccumulate-outgoing-args \
55 -DEFI_FUNCTION_WRAPPER
-DGNU_EFI_USE_MS_ABI \
56 -DNO_BUILTIN_VA_FUNCS \
57 -DMDE_CPU_X64
"-DEFI_ARCH=L\"x64\"" -DPAGE_SIZE
=4096 \
58 "-DDEBUGDIR=L\"/usr/lib/debug/usr/share/shim/x64-$(VERSION)$(RELEASE)/\""
62 EFI_PATH
:=/usr
/lib64
/gnuefi
67 CFLAGS
+= -mno-mmx
-mno-sse
-mno-red-zone
-nostdinc \
68 -maccumulate-outgoing-args
-m32 \
69 -DMDE_CPU_IA32
"-DEFI_ARCH=L\"ia32\"" -DPAGE_SIZE
=4096 \
70 "-DDEBUGDIR=L\"/usr/lib/debug/usr/share/shim/ia32-$(VERSION)$(RELEASE)/\""
74 EFI_PATH
:=/usr
/lib
/gnuefi
77 ifeq ($(ARCH
),aarch64
)
78 CFLAGS
+= -DMDE_CPU_AARCH64
"-DEFI_ARCH=L\"aa64\"" -DPAGE_SIZE
=4096 \
79 "-DDEBUGDIR=L\"/usr/lib/debug/usr/share/shim/aa64-$(VERSION)$(RELEASE)/\""
83 EFI_PATH
:=/usr
/lib64
/gnuefi
87 ifneq ($(origin VENDOR_CERT_FILE
), undefined
)
88 CFLAGS
+= -DVENDOR_CERT_FILE
=\"$(VENDOR_CERT_FILE
)\"
90 ifneq ($(origin VENDOR_DBX_FILE
), undefined
)
91 CFLAGS
+= -DVENDOR_DBX_FILE
=\"$(VENDOR_DBX_FILE
)\"
94 LDFLAGS
= --hash-style
=sysv
-nostdlib
-znocombreloc
-T
$(EFI_LDS
) -shared
-Bsymbolic
-L
$(EFI_PATH
) -L
$(LIB_PATH
) -LCryptlib
-LCryptlib
/OpenSSL
$(EFI_CRT_OBJS
) --build-id
=sha1
96 TARGET
= $(SHIMNAME
).efi
$(MMNAME
).efi.signed
$(FBNAME
).efi.signed
97 OBJS
= shim.o netboot.o cert.o replacements.o tpm.o version.o
98 KEYS
= shim_cert.h ocsp.
* ca.
* shim.crt shim.csr shim.p12 shim.pem shim.key shim.cer
99 SOURCES
= shim.c shim.h netboot.c
include/PeImage.h
include/wincert.h
include/console.h replacements.c replacements.h tpm.c tpm.h version.c version.h
100 MOK_OBJS
= MokManager.o PasswordCrypt.o crypt_blowfish.o
101 MOK_SOURCES
= MokManager.c shim.h
include/console.h PasswordCrypt.c PasswordCrypt.h crypt_blowfish.c crypt_blowfish.h
102 FALLBACK_OBJS
= fallback.o
103 FALLBACK_SRCS
= fallback.c
105 ifneq ($(origin ENABLE_HTTPBOOT
), undefined
)
107 SOURCES
+= httpboot.c httpboot.h
113 .
/make-certs shim shim@xn--u4h.net
all codesign
1.3.6.1.4.1.311.10.3.1 </dev
/null
116 $(OPENSSL
) x509
-outform der
-in
$< -out
$@
118 shim_cert.h
: shim.cer
119 echo
"static UINT8 shim_cert[] = {" > $@
120 $(HEXDUMP
) -v
-e
'1/1 "0x%02x, "' $< >> $@
123 version.c
: version.c.in
124 sed
-e
"s,@@VERSION@@,$(VERSION)," \
125 -e
"s,@@UNAME@@,$(shell uname -a)," \
126 -e
"s,@@COMMIT@@,$(COMMITID)," \
127 < version.c.in
> version.c
129 certdb
/secmod.db
: shim.crt
131 $(PK12UTIL
) -d certdb
/ -i shim.p12
-W
"" -K
""
132 $(CERTUTIL
) -d certdb
/ -A
-i shim.crt
-n shim
-t u
134 shim.o
: $(SOURCES
) shim_cert.h
135 shim.o
: $(wildcard *.h
)
138 $(CC
) $(CFLAGS
) -c
-o
$@
$<
140 $(SHIMNAME
).so
: $(OBJS
) Cryptlib
/libcryptlib.a Cryptlib
/OpenSSL
/libopenssl.a lib
/lib.a
141 $(LD
) -o
$@
$(LDFLAGS
) $^
$(EFI_LIBS
)
143 fallback.o
: $(FALLBACK_SRCS
)
145 $(FBNAME
).so
: $(FALLBACK_OBJS
) Cryptlib
/libcryptlib.a Cryptlib
/OpenSSL
/libopenssl.a lib
/lib.a
146 $(LD
) -o
$@
$(LDFLAGS
) $^
$(EFI_LIBS
)
148 MokManager.o
: $(MOK_SOURCES
)
150 $(MMNAME
).so
: $(MOK_OBJS
) Cryptlib
/libcryptlib.a Cryptlib
/OpenSSL
/libopenssl.a lib
/lib.a
151 $(LD
) -o
$@
$(LDFLAGS
) $^
$(EFI_LIBS
) lib
/lib.a
153 Cryptlib
/libcryptlib.a
:
156 Cryptlib
/OpenSSL
/libopenssl.a
:
157 $(MAKE
) -C Cryptlib
/OpenSSL
160 $(MAKE
) CFLAGS
="$(CFLAGS)" -C lib
162 ifeq ($(ARCH
),aarch64
)
165 LDFLAGS
+= --defsym
=EFI_SUBSYSTEM
=$(SUBSYSTEM
)
171 LDFLAGS
+= --defsym
=EFI_SUBSYSTEM
=$(SUBSYSTEM
)
174 FORMAT ?
= --target efi-app-
$(ARCH
)
177 ifneq ($(OBJCOPY_GTE224
),1)
178 $(error objcopy
>= 2.24 is required
)
180 $(OBJCOPY
) -j .text
-j .sdata
-j .data
-j .data.ident \
181 -j .dynamic
-j .dynsym
-j .rel
* \
182 -j .rela
* -j .reloc
-j .eh_frame \
185 $(OBJCOPY
) -j .text
-j .sdata
-j .data \
186 -j .dynamic
-j .dynsym
-j .rel
* \
187 -j .rela
* -j .reloc
-j .eh_frame \
188 -j .debug_info
-j .debug_abbrev
-j .debug_aranges \
189 -j .debug_line
-j .debug_str
-j .debug_ranges \
190 -j .note.gnu.build-id \
191 $(FORMAT
) $^
$@.debug
193 %.efi.signed
: %.efi certdb
/secmod.db
194 $(PESIGN
) -n certdb
-i
$< -c
"shim" -s
-o
$@
-f
197 $(MAKE
) -C Cryptlib
clean
198 $(MAKE
) -C Cryptlib
/OpenSSL
clean
200 rm -rf
$(TARGET
) $(OBJS
) $(MOK_OBJS
) $(FALLBACK_OBJS
) $(KEYS
) certdb
201 rm -f
*.debug
*.so
*.efi
*.
tar.
* version.c
206 @
rm -rf
/tmp
/shim-
$(VERSION
) /tmp
/shim-
$(VERSION
)-tmp
207 @mkdir
-p
/tmp
/shim-
$(VERSION
)-tmp
208 @git archive
--format
=tar $(shell git branch | awk
'/^*/ { print $$2 }') |
( cd
/tmp
/shim-
$(VERSION
)-tmp
/ ; tar x
)
209 @git diff |
( cd
/tmp
/shim-
$(VERSION
)-tmp
/ ; patch
-s
-p1
-b
-z .gitdiff
)
210 @mv
/tmp
/shim-
$(VERSION
)-tmp
/ /tmp
/shim-
$(VERSION
)/
211 @git log
-1 --pretty
=format
:%H
> /tmp
/shim-
$(VERSION
)/commit
212 @
dir=$$PWD; cd
/tmp
; tar -c
--bzip2
-f
$$dir/shim-
$(VERSION
).
tar.bz2 shim-
$(VERSION
)
213 @
rm -rf
/tmp
/shim-
$(VERSION
)
214 @echo
"The archive is in shim-$(VERSION).tar.bz2"
217 git tag
--sign
$(GITTAG
) refs
/heads
/master
218 git tag
-f latest-release
$(GITTAG
)
221 @
rm -rf
/tmp
/shim-
$(VERSION
) /tmp
/shim-
$(VERSION
)-tmp
222 @mkdir
-p
/tmp
/shim-
$(VERSION
)-tmp
223 @git archive
--format
=tar $(GITTAG
) |
( cd
/tmp
/shim-
$(VERSION
)-tmp
/ ; tar x
)
224 @mv
/tmp
/shim-
$(VERSION
)-tmp
/ /tmp
/shim-
$(VERSION
)/
225 @git log
-1 --pretty
=format
:%H
> /tmp
/shim-
$(VERSION
)/commit
226 @
dir=$$PWD; cd
/tmp
; tar -c
--bzip2
-f
$$dir/shim-
$(VERSION
).
tar.bz2 shim-
$(VERSION
)
227 @
rm -rf
/tmp
/shim-
$(VERSION
)
228 @echo
"The archive is in shim-$(VERSION).tar.bz2"
230 export ARCH CC LD OBJCOPY EFI_INCLUDE