7 CC
= $(CROSS_COMPILE
)gcc
8 LD
= $(CROSS_COMPILE
)ld
9 OBJCOPY
= $(CROSS_COMPILE
)objcopy
11 ARCH
= $(shell $(CC
) -dumpmachine | cut
-f1
-d- | sed s
,i
[3456789]86,ia32
,)
12 OBJCOPY_GTE224
= $(shell expr
`$(OBJCOPY) --version |grep ^"GNU objcopy" | sed 's/^.*\((.*)\|version\) //g' | cut -f1-2 -d.` \
>= 2.24)
14 SUBDIRS
= Cryptlib lib
16 EFI_INCLUDE
:= /usr
/include/efi
17 EFI_INCLUDES
= -nostdinc
-ICryptlib
-ICryptlib
/Include
-I
$(EFI_INCLUDE
) -I
$(EFI_INCLUDE
)/$(ARCH
) -I
$(EFI_INCLUDE
)/protocol
-I
$(shell pwd
)/include
19 LIB_GCC
= $(shell $(CC
) -print-libgcc-file-name
)
20 EFI_LIBS
= -lefi
-lgnuefi
--start-group Cryptlib
/libcryptlib.a Cryptlib
/OpenSSL
/libopenssl.a
--end-group
$(LIB_GCC
)
22 EFI_CRT_OBJS
= $(EFI_PATH
)/crt0-efi-
$(ARCH
).o
23 EFI_LDS
= elf_
$(ARCH
)_efi.lds
25 DEFAULT_LOADER
:= \\\\grub.efi
26 CFLAGS
= -ggdb
-O0
-fno-stack-protector
-fno-strict-aliasing
-fpic \
27 -fshort-wchar
-Wall
-Wsign-compare
-Werror
-fno-builtin \
28 -Werror
=sign-compare
-ffreestanding
-std
=gnu89 \
29 -I
$(shell $(CC
) -print-file-name
=include) \
30 "-DDEFAULT_LOADER=L\"$(DEFAULT_LOADER)\"" \
31 "-DDEFAULT_LOADER_CHAR=\"$(DEFAULT_LOADER)\"" \
37 ifneq ($(origin OVERRIDE_SECURITY_POLICY
), undefined
)
38 CFLAGS
+= -DOVERRIDE_SECURITY_POLICY
41 ifneq ($(origin ENABLE_HTTPBOOT
), undefined
)
42 CFLAGS
+= -DENABLE_HTTPBOOT
46 CFLAGS
+= -mno-mmx
-mno-sse
-mno-red-zone
-nostdinc \
47 -maccumulate-outgoing-args \
48 -DEFI_FUNCTION_WRAPPER
-DGNU_EFI_USE_MS_ABI \
49 -DNO_BUILTIN_VA_FUNCS \
50 -DMDE_CPU_X64
"-DEFI_ARCH=L\"x64\"" -DPAGE_SIZE
=4096 \
51 "-DDEBUGDIR=L\"/usr/lib/debug/usr/share/shim/x64-$(VERSION)$(RELEASE)/\""
55 EFI_PATH
:=/usr
/lib64
/gnuefi
60 CFLAGS
+= -mno-mmx
-mno-sse
-mno-red-zone
-nostdinc \
61 -maccumulate-outgoing-args
-m32 \
62 -DMDE_CPU_IA32
"-DEFI_ARCH=L\"ia32\"" -DPAGE_SIZE
=4096 \
63 "-DDEBUGDIR=L\"/usr/lib/debug/usr/share/shim/ia32-$(VERSION)$(RELEASE)/\""
67 EFI_PATH
:=/usr
/lib
/gnuefi
70 ifeq ($(ARCH
),aarch64
)
71 CFLAGS
+= -DMDE_CPU_AARCH64
"-DEFI_ARCH=L\"aa64\"" -DPAGE_SIZE
=4096 \
72 "-DDEBUGDIR=L\"/usr/lib/debug/usr/share/shim/aa64-$(VERSION)$(RELEASE)/\""
76 EFI_PATH
:=/usr
/lib64
/gnuefi
80 ifneq ($(origin VENDOR_CERT_FILE
), undefined
)
81 CFLAGS
+= -DVENDOR_CERT_FILE
=\"$(VENDOR_CERT_FILE
)\"
83 ifneq ($(origin VENDOR_DBX_FILE
), undefined
)
84 CFLAGS
+= -DVENDOR_DBX_FILE
=\"$(VENDOR_DBX_FILE
)\"
87 LDFLAGS
= --hash-style
=sysv
-nostdlib
-znocombreloc
-T
$(EFI_LDS
) -shared
-Bsymbolic
-L
$(EFI_PATH
) -L
$(LIB_PATH
) -LCryptlib
-LCryptlib
/OpenSSL
$(EFI_CRT_OBJS
) --build-id
=sha1
89 TARGET
= $(SHIMNAME
).efi
$(MMNAME
).efi.signed
$(FBNAME
).efi.signed
90 OBJS
= shim.o netboot.o cert.o replacements.o tpm.o version.o
91 KEYS
= shim_cert.h ocsp.
* ca.
* shim.crt shim.csr shim.p12 shim.pem shim.key shim.cer
92 SOURCES
= shim.c shim.h netboot.c
include/PeImage.h
include/wincert.h
include/console.h replacements.c replacements.h tpm.c tpm.h version.c version.h
93 MOK_OBJS
= MokManager.o PasswordCrypt.o crypt_blowfish.o
94 MOK_SOURCES
= MokManager.c shim.h
include/console.h PasswordCrypt.c PasswordCrypt.h crypt_blowfish.c crypt_blowfish.h
95 FALLBACK_OBJS
= fallback.o
96 FALLBACK_SRCS
= fallback.c
98 ifneq ($(origin ENABLE_HTTPBOOT
), undefined
)
100 SOURCES
+= httpboot.c httpboot.h
106 .
/make-certs shim shim@xn--u4h.net
all codesign
1.3.6.1.4.1.311.10.3.1 </dev
/null
109 openssl x509
-outform der
-in
$< -out
$@
111 shim_cert.h
: shim.cer
112 echo
"static UINT8 shim_cert[] = {" > $@
113 hexdump
-v
-e
'1/1 "0x%02x, "' $< >> $@
116 version.c
: version.c.in
117 sed
-e
"s,@@VERSION@@,$(VERSION)," \
118 -e
"s,@@UNAME@@,$(shell uname -a)," \
119 -e
"s,@@COMMIT@@,$(shell if [ -d .git ] ; then git log -1 --pretty=format:%H ; elif [ -f commit ]; then cat commit ; else echo commit id not available; fi)," \
120 < version.c.in
> version.c
122 certdb
/secmod.db
: shim.crt
124 pk12util
-d certdb
/ -i shim.p12
-W
"" -K
""
125 certutil
-d certdb
/ -A
-i shim.crt
-n shim
-t u
127 shim.o
: $(SOURCES
) shim_cert.h
128 shim.o
: $(wildcard *.h
)
131 $(CC
) $(CFLAGS
) -c
-o
$@
$<
133 $(SHIMNAME
).so
: $(OBJS
) Cryptlib
/libcryptlib.a Cryptlib
/OpenSSL
/libopenssl.a lib
/lib.a
134 $(LD
) -o
$@
$(LDFLAGS
) $^
$(EFI_LIBS
)
136 fallback.o
: $(FALLBACK_SRCS
)
138 $(FBNAME
).so
: $(FALLBACK_OBJS
) Cryptlib
/libcryptlib.a Cryptlib
/OpenSSL
/libopenssl.a lib
/lib.a
139 $(LD
) -o
$@
$(LDFLAGS
) $^
$(EFI_LIBS
)
141 MokManager.o
: $(MOK_SOURCES
)
143 $(MMNAME
).so
: $(MOK_OBJS
) Cryptlib
/libcryptlib.a Cryptlib
/OpenSSL
/libopenssl.a lib
/lib.a
144 $(LD
) -o
$@
$(LDFLAGS
) $^
$(EFI_LIBS
) lib
/lib.a
146 Cryptlib
/libcryptlib.a
:
149 Cryptlib
/OpenSSL
/libopenssl.a
:
150 $(MAKE
) -C Cryptlib
/OpenSSL
153 $(MAKE
) CFLAGS
="$(CFLAGS)" -C lib
155 ifeq ($(ARCH
),aarch64
)
158 LDFLAGS
+= --defsym
=EFI_SUBSYSTEM
=$(SUBSYSTEM
)
164 LDFLAGS
+= --defsym
=EFI_SUBSYSTEM
=$(SUBSYSTEM
)
167 FORMAT ?
= --target efi-app-
$(ARCH
)
170 ifneq ($(OBJCOPY_GTE224
),1)
171 $(error objcopy
>= 2.24 is required
)
173 $(OBJCOPY
) -j .text
-j .sdata
-j .data
-j .data.ident \
174 -j .dynamic
-j .dynsym
-j .rel
* \
175 -j .rela
* -j .reloc
-j .eh_frame \
178 $(OBJCOPY
) -j .text
-j .sdata
-j .data \
179 -j .dynamic
-j .dynsym
-j .rel
* \
180 -j .rela
* -j .reloc
-j .eh_frame \
181 -j .debug_info
-j .debug_abbrev
-j .debug_aranges \
182 -j .debug_line
-j .debug_str
-j .debug_ranges \
183 -j .note.gnu.build-id \
184 $(FORMAT
) $^
$@.debug
186 %.efi.signed
: %.efi certdb
/secmod.db
187 pesign
-n certdb
-i
$< -c
"shim" -s
-o
$@
-f
190 $(MAKE
) -C Cryptlib
clean
191 $(MAKE
) -C Cryptlib
/OpenSSL
clean
193 rm -rf
$(TARGET
) $(OBJS
) $(MOK_OBJS
) $(FALLBACK_OBJS
) $(KEYS
) certdb
194 rm -f
*.debug
*.so
*.efi
*.
tar.
* version.c
199 @
rm -rf
/tmp
/shim-
$(VERSION
) /tmp
/shim-
$(VERSION
)-tmp
200 @mkdir
-p
/tmp
/shim-
$(VERSION
)-tmp
201 @git archive
--format
=tar $(shell git branch | awk
'/^*/ { print $$2 }') |
( cd
/tmp
/shim-
$(VERSION
)-tmp
/ ; tar x
)
202 @git diff |
( cd
/tmp
/shim-
$(VERSION
)-tmp
/ ; patch
-s
-p1
-b
-z .gitdiff
)
203 @mv
/tmp
/shim-
$(VERSION
)-tmp
/ /tmp
/shim-
$(VERSION
)/
204 @git log
-1 --pretty
=format
:%H
> /tmp
/shim-
$(VERSION
)/commit
205 @
dir=$$PWD; cd
/tmp
; tar -c
--bzip2
-f
$$dir/shim-
$(VERSION
).
tar.bz2 shim-
$(VERSION
)
206 @
rm -rf
/tmp
/shim-
$(VERSION
)
207 @echo
"The archive is in shim-$(VERSION).tar.bz2"
210 git tag
--sign
$(GITTAG
) refs
/heads
/master
213 @
rm -rf
/tmp
/shim-
$(VERSION
) /tmp
/shim-
$(VERSION
)-tmp
214 @mkdir
-p
/tmp
/shim-
$(VERSION
)-tmp
215 @git archive
--format
=tar $(GITTAG
) |
( cd
/tmp
/shim-
$(VERSION
)-tmp
/ ; tar x
)
216 @mv
/tmp
/shim-
$(VERSION
)-tmp
/ /tmp
/shim-
$(VERSION
)/
217 @git log
-1 --pretty
=format
:%H
> /tmp
/shim-
$(VERSION
)/commit
218 @
dir=$$PWD; cd
/tmp
; tar -c
--bzip2
-f
$$dir/shim-
$(VERSION
).
tar.bz2 shim-
$(VERSION
)
219 @
rm -rf
/tmp
/shim-
$(VERSION
)
220 @echo
"The archive is in shim-$(VERSION).tar.bz2"
222 export ARCH CC LD OBJCOPY EFI_INCLUDE