2 ifneq ($(origin RELEASE
),undefined
)
3 DASHRELEASE ?
= -$(RELEASE
)
11 override TOPDIR
:= $(abspath
$(TOPDIR
))
14 include $(TOPDIR
)/Make.defaults
17 TARGETS
+= $(SHIMNAME
).debug
$(MMNAME
).debug
$(FBNAME
).debug
18 ifneq ($(origin ENABLE_SHIM_HASH
),undefined
)
19 TARGETS
+= $(SHIMHASHNAME
)
21 ifneq ($(origin ENABLE_SHIM_CERT
),undefined
)
22 TARGETS
+= $(MMNAME
).signed
$(FBNAME
).signed
23 CFLAGS
+= -DENABLE_SHIM_CERT
25 TARGETS
+= $(MMNAME
) $(FBNAME
)
27 OBJS
= shim.o netboot.o cert.o replacements.o tpm.o version.o errlog.o
28 KEYS
= shim_cert.h ocsp.
* ca.
* shim.crt shim.csr shim.p12 shim.pem shim.key shim.cer
29 ORIG_SOURCES
= shim.c shim.h netboot.c
include/PeImage.h
include/wincert.h
include/console.h replacements.c replacements.h tpm.c tpm.h version.h errlog.c
30 MOK_OBJS
= MokManager.o PasswordCrypt.o crypt_blowfish.o
31 ORIG_MOK_SOURCES
= MokManager.c shim.h
include/console.h PasswordCrypt.c PasswordCrypt.h crypt_blowfish.c crypt_blowfish.h
32 FALLBACK_OBJS
= fallback.o tpm.o
33 ORIG_FALLBACK_SRCS
= fallback.c
35 ifneq ($(origin ENABLE_HTTPBOOT
), undefined
)
37 SOURCES
+= httpboot.c httpboot.h
40 SOURCES
= $(foreach source
,$(ORIG_SOURCES
),$(TOPDIR
)/$(source
)) version.c
41 MOK_SOURCES
= $(foreach source
,$(ORIG_MOK_SOURCES
),$(TOPDIR
)/$(source
))
42 FALLBACK_SRCS
= $(foreach source
,$(ORIG_FALLBACK_SRCS
),$(TOPDIR
)/$(source
))
47 $(TOPDIR
)/make-certs shim shim@xn--u4h.net
all codesign
1.3.6.1.4.1.311.10.3.1 </dev
/null
50 $(OPENSSL
) x509
-outform der
-in
$< -out
$@
52 .NOTPARALLEL
: shim_cert.h
54 echo
"static UINT8 shim_cert[] __attribute__((__unused__)) = {" > $@
55 $(HEXDUMP
) -v
-e
'1/1 "0x%02x, "' $< >> $@
58 version.c
: $(TOPDIR
)/version.c.in
59 sed
-e
"s,@@VERSION@@,$(VERSION)," \
60 -e
"s,@@UNAME@@,$(shell uname -s -m -p -i -o)," \
61 -e
"s,@@COMMIT@@,$(COMMIT_ID)," \
64 certdb
/secmod.db
: shim.crt
66 $(PK12UTIL
) -d certdb
/ -i shim.p12
-W
"" -K
""
67 $(CERTUTIL
) -d certdb
/ -A
-i shim.crt
-n shim
-t u
70 ifneq ($(origin ENABLE_SHIM_CERT
),undefined
)
73 shim.o
: $(wildcard $(TOPDIR
)/*.h
)
75 cert.o
: $(TOPDIR
)/cert.S
76 $(CC
) $(CFLAGS
) -c
-o
$@
$<
78 $(SHIMNAME
) : $(SHIMSONAME
)
79 $(MMNAME
) : $(MMSONAME
)
80 $(FBNAME
) : $(FBSONAME
)
82 $(SHIMSONAME
): $(OBJS
) Cryptlib
/libcryptlib.a Cryptlib
/OpenSSL
/libopenssl.a lib
/lib.a
83 $(LD
) -o
$@
$(LDFLAGS
) $^
$(EFI_LIBS
)
85 fallback.o
: $(FALLBACK_SRCS
)
87 $(FBSONAME
): $(FALLBACK_OBJS
) Cryptlib
/libcryptlib.a Cryptlib
/OpenSSL
/libopenssl.a lib
/lib.a
88 $(LD
) -o
$@
$(LDFLAGS
) $^
$(EFI_LIBS
)
90 MokManager.o
: $(MOK_SOURCES
)
92 $(MMSONAME
): $(MOK_OBJS
) Cryptlib
/libcryptlib.a Cryptlib
/OpenSSL
/libopenssl.a lib
/lib.a
93 $(LD
) -o
$@
$(LDFLAGS
) $^
$(EFI_LIBS
) lib
/lib.a
95 Cryptlib
/libcryptlib.a
:
96 mkdir
-p Cryptlib
/{Hash
,Hmac
,Cipher
,Rand
,Pk
,Pem
,SysCall
}
97 $(MAKE
) VPATH
=$(TOPDIR
)/Cryptlib TOPDIR
=$(TOPDIR
)/Cryptlib
-C Cryptlib
-f
$(TOPDIR
)/Cryptlib
/Makefile
99 Cryptlib
/OpenSSL
/libopenssl.a
:
100 mkdir
-p Cryptlib
/OpenSSL
/crypto
/{x509v3
,x509
,txt_db
,stack
,sha
,rsa
,rc4
,rand
,pkcs7
,pkcs12
,pem
,ocsp
,objects
,modes
,md5
,lhash
,kdf
,hmac
,evp
,err
,dso
,dh
,conf
,comp
,cmac
,buffer
,bn
,bio
,async
{,/arch
},asn1
,aes
}/
101 $(MAKE
) VPATH
=$(TOPDIR
)/Cryptlib
/OpenSSL TOPDIR
=$(TOPDIR
)/Cryptlib
/OpenSSL
-C Cryptlib
/OpenSSL
-f
$(TOPDIR
)/Cryptlib
/OpenSSL
/Makefile
104 if
[ ! -d lib
]; then mkdir lib
; fi
105 $(MAKE
) VPATH
=$(TOPDIR
)/lib TOPDIR
=$(TOPDIR
) CFLAGS
="$(CFLAGS)" -C lib
-f
$(TOPDIR
)/lib
/Makefile
107 buildid
: $(TOPDIR
)/buildid.c
108 $(CC
) -Og
-g3
-Wall
-Werror
-Wextra
-o
$@
$< -lelf
112 @echo
"$(SHIMNAME),$(OSLABEL),,This is the boot entry for $(OSLABEL)" | iconv
-t UCS-2LE
> $@
115 ifeq ($(origin LIBDIR
),undefined
)
116 $(error Architecture
$(ARCH
) is not a supported build target.
)
118 ifeq ($(origin EFIDIR
),undefined
)
119 $(error EFIDIR must be set to your reserved EFI System Partition subdirectory name
)
122 install-deps
: $(TARGETS
)
123 install-deps
: $(SHIMNAME
).debug
$(MMNAME
).debug
$(FBNAME
).debug buildid
124 install-deps
: $(BOOTCSVNAME
)
126 install-debugsource
: install-deps
127 $(INSTALL
) -d
-m
0755 $(DESTDIR
)/$(DEBUGSOURCE
)/$(PKGNAME
)-$(VERSION
)$(DASHRELEASE
)
128 find
$(TOPDIR
) -type f
-a
'(' -iname
'*.c' -o
-iname
'*.h' -o
-iname
'*.S' ')' | while read file
; do \
129 outfile
=$$(echo
$${file} | sed
-e
"s,^$(TOPDIR),,") ; \
130 $(INSTALL
) -d
-m
0755 $(DESTDIR
)/$(DEBUGSOURCE
)/$(PKGNAME
)-$(VERSION
)$(DASHRELEASE
)/$$(dirname
$${outfile}) ; \
131 $(INSTALL
) -m
0644 $${file} $(DESTDIR
)/$(DEBUGSOURCE
)/$(PKGNAME
)-$(VERSION
)$(DASHRELEASE
)/$${outfile} ; \
134 install-debuginfo
: install-deps
135 $(INSTALL
) -d
-m
0755 $(DESTDIR
)/
136 $(INSTALL
) -d
-m
0755 $(DESTDIR
)/$(DEBUGINFO
)$(TARGETDIR
)/
137 @.
/buildid
$(wildcard *.efi.debug
) | while read file buildid
; do \
138 first
=$$(echo
$${buildid} | cut
-b
-2) ; \
139 rest
=$$(echo
$${buildid} | cut
-b
3-) ; \
140 $(INSTALL
) -d
-m
0755 $(DESTDIR
)/$(DEBUGINFO
).build-id
/$${first}/ ;\
141 $(INSTALL
) -m
0644 $${file} $(DESTDIR
)/$(DEBUGINFO
)$(TARGETDIR
) ; \
142 ln
-s ..
/..
/..
/..
/..
$(DEBUGINFO
)$(TARGETDIR
)$${file} $(DESTDIR
)/$(DEBUGINFO
).build-id
/$${first}/$${rest}.debug
;\
143 ln
-s ..
/..
/..
/.build-id
/$${first}/$${rest} $(DESTDIR
)/$(DEBUGINFO
).build-id
/$${first}/$${rest} ;\
146 install : | install-check
147 install : install-deps install-debuginfo install-debugsource
148 $(INSTALL
) -d
-m
0755 $(DESTDIR
)/
149 $(INSTALL
) -d
-m
0700 $(DESTDIR
)/$(ESPROOTDIR
)
150 $(INSTALL
) -d
-m
0755 $(DESTDIR
)/$(EFIBOOTDIR
)
151 $(INSTALL
) -d
-m
0755 $(DESTDIR
)/$(TARGETDIR
)
152 $(INSTALL
) -m
0644 $(SHIMNAME
) $(DESTDIR
)/$(EFIBOOTDIR
)/$(BOOTEFINAME
)
153 $(INSTALL
) -m
0644 $(SHIMNAME
) $(DESTDIR
)/$(TARGETDIR
)/
154 $(INSTALL
) -m
0644 $(BOOTCSVNAME
) $(DESTDIR
)/$(TARGETDIR
)/
155 ifneq ($(origin ENABLE_SHIM_CERT
),undefined
)
156 $(INSTALL
) -m
0644 $(FBNAME
).signed
$(DESTDIR
)/$(EFIBOOTDIR
)/$(FBNAME
)
157 $(INSTALL
) -m
0644 $(MMNAME
).signed
$(DESTDIR
)/$(EFIBOOTDIR
)/$(MMNAME
)
158 $(INSTALL
) -m
0644 $(MMNAME
).signed
$(DESTDIR
)/$(TARGETDIR
)/$(MMNAME
)
160 $(INSTALL
) -m
0644 $(FBNAME
) $(DESTDIR
)/$(EFIBOOTDIR
)/
161 $(INSTALL
) -m
0644 $(MMNAME
) $(DESTDIR
)/$(EFIBOOTDIR
)/
162 $(INSTALL
) -m
0644 $(MMNAME
) $(DESTDIR
)/$(TARGETDIR
)/
165 install-as-data
: install-deps
166 $(INSTALL
) -d
-m
0755 $(DESTDIR
)/$(DATATARGETDIR
)
167 $(INSTALL
) -m
0644 $(SHIMNAME
) $(DESTDIR
)/$(DATATARGETDIR
)/
168 ifneq ($(origin ENABLE_SHIM_HASH
),undefined
)
169 $(INSTALL
) -m
0644 $(SHIMHASHNAME
) $(DESTDIR
)/$(DATATARGETDIR
)/
171 ifneq ($(origin ENABLE_SHIM_CERT
),undefined
)
172 $(INSTALL
) -m
0644 $(MMNAME
).signed
$(DESTDIR
)/$(DATATARGETDIR
)/$(MMNAME
)
173 $(INSTALL
) -m
0644 $(FBNAME
).signed
$(DESTDIR
)/$(DATATARGETDIR
)/$(FBNAME
)
175 $(INSTALL
) -m
0644 $(MMNAME
) $(DESTDIR
)/$(DATATARGETDIR
)/$(MMNAME
)
176 $(INSTALL
) -m
0644 $(FBNAME
) $(DESTDIR
)/$(DATATARGETDIR
)/$(FBNAME
)
180 ifneq ($(OBJCOPY_GTE224
),1)
181 $(error objcopy
>= 2.24 is required
)
183 $(OBJCOPY
) -j .text
-j .sdata
-j .data
-j .data.ident \
184 -j .dynamic
-j .dynsym
-j .rel
* \
185 -j .rela
* -j .reloc
-j .eh_frame \
189 ifneq ($(origin ENABLE_SHIM_HASH
),undefined
)
191 $(PESIGN
) -i
$< -P
-h
> $@
195 ifneq ($(OBJCOPY_GTE224
),1)
196 $(error objcopy
>= 2.24 is required
)
198 $(OBJCOPY
) -j .text
-j .sdata
-j .data \
199 -j .dynamic
-j .dynsym
-j .rel
* \
200 -j .rela
* -j .reloc
-j .eh_frame \
201 -j .debug_info
-j .debug_abbrev
-j .debug_aranges \
202 -j .debug_line
-j .debug_str
-j .debug_ranges \
203 -j .note.gnu.build-id \
206 ifneq ($(origin ENABLE_SBSIGN
),undefined
)
207 %.efi.signed
: %.efi shim.key shim.crt
208 $(SBSIGN
) --key shim.key
--cert shim.crt
--output
$@
$<
210 %.efi.signed
: %.efi certdb
/secmod.db
211 $(PESIGN
) -n certdb
-i
$< -c
"shim" -s
-o
$@
-f
214 clean: OBJS
=$(wildcard *.o
)
216 $(MAKE
) -C Cryptlib
-f
$(TOPDIR
)/Cryptlib
/Makefile
clean
217 $(MAKE
) -C Cryptlib
/OpenSSL
-f
$(TOPDIR
)/Cryptlib
/OpenSSL
/Makefile
clean
218 $(MAKE
) -C lib
-f
$(TOPDIR
)/lib
/Makefile
clean
219 rm -rf
$(TARGET
) $(OBJS
) $(MOK_OBJS
) $(FALLBACK_OBJS
) $(KEYS
) certdb
$(BOOTCSVNAME
)
220 rm -f
*.debug
*.so
*.efi
*.efi.
* *.
tar.
* version.c buildid
225 @
rm -rf
/tmp
/shim-
$(VERSION
) /tmp
/shim-
$(VERSION
)-tmp
226 @mkdir
-p
/tmp
/shim-
$(VERSION
)-tmp
227 @git archive
--format
=tar $(shell git branch | awk
'/^*/ { print $$2 }') |
( cd
/tmp
/shim-
$(VERSION
)-tmp
/ ; tar x
)
228 @git diff |
( cd
/tmp
/shim-
$(VERSION
)-tmp
/ ; patch
-s
-p1
-b
-z .gitdiff
)
229 @mv
/tmp
/shim-
$(VERSION
)-tmp
/ /tmp
/shim-
$(VERSION
)/
230 @git log
-1 --pretty
=format
:%H
> /tmp
/shim-
$(VERSION
)/commit
231 @
dir=$$PWD; cd
/tmp
; tar -c
--bzip2
-f
$$dir/shim-
$(VERSION
).
tar.bz2 shim-
$(VERSION
)
232 @
rm -rf
/tmp
/shim-
$(VERSION
)
233 @echo
"The archive is in shim-$(VERSION).tar.bz2"
236 git tag
--sign
$(GITTAG
) refs
/heads
/master
237 git tag
-f latest-release
$(GITTAG
)
240 @
rm -rf
/tmp
/shim-
$(VERSION
) /tmp
/shim-
$(VERSION
)-tmp
241 @mkdir
-p
/tmp
/shim-
$(VERSION
)-tmp
242 @git archive
--format
=tar $(GITTAG
) |
( cd
/tmp
/shim-
$(VERSION
)-tmp
/ ; tar x
)
243 @mv
/tmp
/shim-
$(VERSION
)-tmp
/ /tmp
/shim-
$(VERSION
)/
244 @git log
-1 --pretty
=format
:%H
> /tmp
/shim-
$(VERSION
)/commit
245 @
dir=$$PWD; cd
/tmp
; tar -c
--bzip2
-f
$$dir/shim-
$(VERSION
).
tar.bz2 shim-
$(VERSION
)
246 @
rm -rf
/tmp
/shim-
$(VERSION
)
247 @echo
"The archive is in shim-$(VERSION).tar.bz2"
249 .PHONY
: install-deps shim.key
251 export ARCH CC LD OBJCOPY EFI_INCLUDE