7 CC
= $(CROSS_COMPILE
)gcc
8 LD
= $(CROSS_COMPILE
)ld
9 OBJCOPY
= $(CROSS_COMPILE
)objcopy
11 ARCH
= $(shell $(CC
) -dumpmachine | cut
-f1
-d- | sed s
,i
[3456789]86,ia32
,)
12 OBJCOPY_GTE224
= $(shell expr
`$(OBJCOPY) --version |grep ^"GNU objcopy" | sed 's/^.*\((.*)\|version\) //g' | cut -f1-2 -d.` \
>= 2.24)
14 SUBDIRS
= Cryptlib lib
16 EFI_INCLUDE
:= /usr
/include/efi
17 EFI_INCLUDES
= -nostdinc
-ICryptlib
-ICryptlib
/Include
-I
$(EFI_INCLUDE
) -I
$(EFI_INCLUDE
)/$(ARCH
) -I
$(EFI_INCLUDE
)/protocol
-I
$(shell pwd
)/include
19 LIB_GCC
= $(shell $(CC
) -print-libgcc-file-name
)
20 EFI_LIBS
= -lefi
-lgnuefi
--start-group Cryptlib
/libcryptlib.a Cryptlib
/OpenSSL
/libopenssl.a
--end-group
$(LIB_GCC
)
22 EFI_CRT_OBJS
= $(EFI_PATH
)/crt0-efi-
$(ARCH
).o
23 EFI_LDS
= elf_
$(ARCH
)_efi.lds
25 DEFAULT_LOADER
:= \\\\grub.efi
26 CFLAGS
= -ggdb
-O0
-fno-stack-protector
-fno-strict-aliasing
-fpic \
27 -fshort-wchar
-Wall
-Wsign-compare
-Werror
-fno-builtin \
28 -Werror
=sign-compare
-ffreestanding
-std
=gnu89 \
29 -I
$(shell $(CC
) -print-file-name
=include) \
30 "-DDEFAULT_LOADER=L\"$(DEFAULT_LOADER)\"" \
31 "-DDEFAULT_LOADER_CHAR=\"$(DEFAULT_LOADER)\"" \
37 COMMITID ?
= $(shell if
[ -d .git
] ; then git log
-1 --pretty
=format
:%H
; elif
[ -f commit
]; then cat commit
; else echo commit id not available
; fi
)
39 ifneq ($(origin OVERRIDE_SECURITY_POLICY
), undefined
)
40 CFLAGS
+= -DOVERRIDE_SECURITY_POLICY
43 ifneq ($(origin ENABLE_HTTPBOOT
), undefined
)
44 CFLAGS
+= -DENABLE_HTTPBOOT
48 CFLAGS
+= -mno-mmx
-mno-sse
-mno-red-zone
-nostdinc \
49 -maccumulate-outgoing-args \
50 -DEFI_FUNCTION_WRAPPER
-DGNU_EFI_USE_MS_ABI \
51 -DNO_BUILTIN_VA_FUNCS \
52 -DMDE_CPU_X64
"-DEFI_ARCH=L\"x64\"" -DPAGE_SIZE
=4096 \
53 "-DDEBUGDIR=L\"/usr/lib/debug/usr/share/shim/x64-$(VERSION)$(RELEASE)/\""
57 EFI_PATH
:=/usr
/lib64
/gnuefi
62 CFLAGS
+= -mno-mmx
-mno-sse
-mno-red-zone
-nostdinc \
63 -maccumulate-outgoing-args
-m32 \
64 -DMDE_CPU_IA32
"-DEFI_ARCH=L\"ia32\"" -DPAGE_SIZE
=4096 \
65 "-DDEBUGDIR=L\"/usr/lib/debug/usr/share/shim/ia32-$(VERSION)$(RELEASE)/\""
69 EFI_PATH
:=/usr
/lib
/gnuefi
72 ifeq ($(ARCH
),aarch64
)
73 CFLAGS
+= -DMDE_CPU_AARCH64
"-DEFI_ARCH=L\"aa64\"" -DPAGE_SIZE
=4096 \
74 "-DDEBUGDIR=L\"/usr/lib/debug/usr/share/shim/aa64-$(VERSION)$(RELEASE)/\""
78 EFI_PATH
:=/usr
/lib64
/gnuefi
82 ifneq ($(origin VENDOR_CERT_FILE
), undefined
)
83 CFLAGS
+= -DVENDOR_CERT_FILE
=\"$(VENDOR_CERT_FILE
)\"
85 ifneq ($(origin VENDOR_DBX_FILE
), undefined
)
86 CFLAGS
+= -DVENDOR_DBX_FILE
=\"$(VENDOR_DBX_FILE
)\"
89 LDFLAGS
= --hash-style
=sysv
-nostdlib
-znocombreloc
-T
$(EFI_LDS
) -shared
-Bsymbolic
-L
$(EFI_PATH
) -L
$(LIB_PATH
) -LCryptlib
-LCryptlib
/OpenSSL
$(EFI_CRT_OBJS
) --build-id
=sha1
91 TARGET
= $(SHIMNAME
).efi
$(MMNAME
).efi.signed
$(FBNAME
).efi.signed
92 OBJS
= shim.o netboot.o cert.o replacements.o tpm.o version.o
93 KEYS
= shim_cert.h ocsp.
* ca.
* shim.crt shim.csr shim.p12 shim.pem shim.key shim.cer
94 SOURCES
= shim.c shim.h netboot.c
include/PeImage.h
include/wincert.h
include/console.h replacements.c replacements.h tpm.c tpm.h version.c version.h
95 MOK_OBJS
= MokManager.o PasswordCrypt.o crypt_blowfish.o
96 MOK_SOURCES
= MokManager.c shim.h
include/console.h PasswordCrypt.c PasswordCrypt.h crypt_blowfish.c crypt_blowfish.h
97 FALLBACK_OBJS
= fallback.o
98 FALLBACK_SRCS
= fallback.c
100 ifneq ($(origin ENABLE_HTTPBOOT
), undefined
)
102 SOURCES
+= httpboot.c httpboot.h
108 .
/make-certs shim shim@xn--u4h.net
all codesign
1.3.6.1.4.1.311.10.3.1 </dev
/null
111 openssl x509
-outform der
-in
$< -out
$@
113 shim_cert.h
: shim.cer
114 echo
"static UINT8 shim_cert[] = {" > $@
115 hexdump
-v
-e
'1/1 "0x%02x, "' $< >> $@
118 version.c
: version.c.in
119 sed
-e
"s,@@VERSION@@,$(VERSION)," \
120 -e
"s,@@UNAME@@,$(shell uname -a)," \
121 -e
"s,@@COMMIT@@,$(COMMITID)," \
122 < version.c.in
> version.c
124 certdb
/secmod.db
: shim.crt
126 pk12util
-d certdb
/ -i shim.p12
-W
"" -K
""
127 certutil
-d certdb
/ -A
-i shim.crt
-n shim
-t u
129 shim.o
: $(SOURCES
) shim_cert.h
130 shim.o
: $(wildcard *.h
)
133 $(CC
) $(CFLAGS
) -c
-o
$@
$<
135 $(SHIMNAME
).so
: $(OBJS
) Cryptlib
/libcryptlib.a Cryptlib
/OpenSSL
/libopenssl.a lib
/lib.a
136 $(LD
) -o
$@
$(LDFLAGS
) $^
$(EFI_LIBS
)
138 fallback.o
: $(FALLBACK_SRCS
)
140 $(FBNAME
).so
: $(FALLBACK_OBJS
) Cryptlib
/libcryptlib.a Cryptlib
/OpenSSL
/libopenssl.a lib
/lib.a
141 $(LD
) -o
$@
$(LDFLAGS
) $^
$(EFI_LIBS
)
143 MokManager.o
: $(MOK_SOURCES
)
145 $(MMNAME
).so
: $(MOK_OBJS
) Cryptlib
/libcryptlib.a Cryptlib
/OpenSSL
/libopenssl.a lib
/lib.a
146 $(LD
) -o
$@
$(LDFLAGS
) $^
$(EFI_LIBS
) lib
/lib.a
148 Cryptlib
/libcryptlib.a
:
151 Cryptlib
/OpenSSL
/libopenssl.a
:
152 $(MAKE
) -C Cryptlib
/OpenSSL
155 $(MAKE
) CFLAGS
="$(CFLAGS)" -C lib
157 ifeq ($(ARCH
),aarch64
)
160 LDFLAGS
+= --defsym
=EFI_SUBSYSTEM
=$(SUBSYSTEM
)
166 LDFLAGS
+= --defsym
=EFI_SUBSYSTEM
=$(SUBSYSTEM
)
169 FORMAT ?
= --target efi-app-
$(ARCH
)
172 ifneq ($(OBJCOPY_GTE224
),1)
173 $(error objcopy
>= 2.24 is required
)
175 $(OBJCOPY
) -j .text
-j .sdata
-j .data
-j .data.ident \
176 -j .dynamic
-j .dynsym
-j .rel
* \
177 -j .rela
* -j .reloc
-j .eh_frame \
180 $(OBJCOPY
) -j .text
-j .sdata
-j .data \
181 -j .dynamic
-j .dynsym
-j .rel
* \
182 -j .rela
* -j .reloc
-j .eh_frame \
183 -j .debug_info
-j .debug_abbrev
-j .debug_aranges \
184 -j .debug_line
-j .debug_str
-j .debug_ranges \
185 -j .note.gnu.build-id \
186 $(FORMAT
) $^
$@.debug
188 %.efi.signed
: %.efi certdb
/secmod.db
189 pesign
-n certdb
-i
$< -c
"shim" -s
-o
$@
-f
192 $(MAKE
) -C Cryptlib
clean
193 $(MAKE
) -C Cryptlib
/OpenSSL
clean
195 rm -rf
$(TARGET
) $(OBJS
) $(MOK_OBJS
) $(FALLBACK_OBJS
) $(KEYS
) certdb
196 rm -f
*.debug
*.so
*.efi
*.
tar.
* version.c
201 @
rm -rf
/tmp
/shim-
$(VERSION
) /tmp
/shim-
$(VERSION
)-tmp
202 @mkdir
-p
/tmp
/shim-
$(VERSION
)-tmp
203 @git archive
--format
=tar $(shell git branch | awk
'/^*/ { print $$2 }') |
( cd
/tmp
/shim-
$(VERSION
)-tmp
/ ; tar x
)
204 @git diff |
( cd
/tmp
/shim-
$(VERSION
)-tmp
/ ; patch
-s
-p1
-b
-z .gitdiff
)
205 @mv
/tmp
/shim-
$(VERSION
)-tmp
/ /tmp
/shim-
$(VERSION
)/
206 @git log
-1 --pretty
=format
:%H
> /tmp
/shim-
$(VERSION
)/commit
207 @
dir=$$PWD; cd
/tmp
; tar -c
--bzip2
-f
$$dir/shim-
$(VERSION
).
tar.bz2 shim-
$(VERSION
)
208 @
rm -rf
/tmp
/shim-
$(VERSION
)
209 @echo
"The archive is in shim-$(VERSION).tar.bz2"
212 git tag
--sign
$(GITTAG
) refs
/heads
/master
213 git tag
-f latest-release
$(GITTAG
)
216 @
rm -rf
/tmp
/shim-
$(VERSION
) /tmp
/shim-
$(VERSION
)-tmp
217 @mkdir
-p
/tmp
/shim-
$(VERSION
)-tmp
218 @git archive
--format
=tar $(GITTAG
) |
( cd
/tmp
/shim-
$(VERSION
)-tmp
/ ; tar x
)
219 @mv
/tmp
/shim-
$(VERSION
)-tmp
/ /tmp
/shim-
$(VERSION
)/
220 @git log
-1 --pretty
=format
:%H
> /tmp
/shim-
$(VERSION
)/commit
221 @
dir=$$PWD; cd
/tmp
; tar -c
--bzip2
-f
$$dir/shim-
$(VERSION
).
tar.bz2 shim-
$(VERSION
)
222 @
rm -rf
/tmp
/shim-
$(VERSION
)
223 @echo
"The archive is in shim-$(VERSION).tar.bz2"
225 export ARCH CC LD OBJCOPY EFI_INCLUDE