7 CC
= $(CROSS_COMPILE
)gcc
8 LD
= $(CROSS_COMPILE
)ld
9 OBJCOPY
= $(CROSS_COMPILE
)objcopy
11 ARCH
= $(shell $(CC
) -dumpmachine | cut
-f1
-d- | sed s
,i
[3456789]86,ia32
,)
12 OBJCOPY_GTE224
= $(shell expr
`$(OBJCOPY) --version |grep ^"GNU objcopy" | sed 's/^.* //g' | cut -f1-2 -d.` \
>= 2.24)
14 SUBDIRS
= Cryptlib lib
18 EFI_INCLUDE
:= /usr
/include/efi
19 EFI_INCLUDES
= -nostdinc
-ICryptlib
-ICryptlib
/Include
-I
$(EFI_INCLUDE
) -I
$(EFI_INCLUDE
)/$(ARCH
) -I
$(EFI_INCLUDE
)/protocol
-I
$(shell pwd
)/include
20 EFI_PATH
:= /usr
/lib64
/gnuefi
22 LIB_GCC
= $(shell $(CC
) -print-libgcc-file-name
)
23 EFI_LIBS
= -lefi
-lgnuefi
--start-group Cryptlib
/libcryptlib.a Cryptlib
/OpenSSL
/libopenssl.a
--end-group
$(LIB_GCC
)
25 EFI_CRT_OBJS
= $(EFI_PATH
)/crt0-efi-
$(ARCH
).o
26 EFI_LDS
= elf_
$(ARCH
)_efi.lds
28 DEFAULT_LOADER
:= \\\\grubx64.efi
29 CFLAGS
= -ggdb
-O0
-fno-stack-protector
-fno-strict-aliasing
-fpic \
30 -fshort-wchar
-Wall
-Wsign-compare
-Werror
-fno-builtin \
31 -Werror
=sign-compare
-ffreestanding
-std
=gnu89 \
32 -I
$(shell $(CC
) -print-file-name
=include) \
33 "-DDEFAULT_LOADER=L\"$(DEFAULT_LOADER)\"" \
34 "-DDEFAULT_LOADER_CHAR=\"$(DEFAULT_LOADER)\"" \
37 ifneq ($(origin OVERRIDE_SECURITY_POLICY
), undefined
)
38 CFLAGS
+= -DOVERRIDE_SECURITY_POLICY
42 CFLAGS
+= -mno-mmx
-mno-sse
-mno-red-zone
-nostdinc \
43 -maccumulate-outgoing-args \
44 -DEFI_FUNCTION_WRAPPER
-DGNU_EFI_USE_MS_ABI \
45 -DNO_BUILTIN_VA_FUNCS \
46 "-DEFI_ARCH=L\"x64\"" \
47 "-DDEBUGDIR=L\"/usr/lib/debug/usr/share/shim/x64-$(VERSION)$(RELEASE)/\""
50 CFLAGS
+= -mno-mmx
-mno-sse
-mno-red-zone
-nostdinc \
51 -maccumulate-outgoing-args
-m32 \
52 "-DEFI_ARCH=L\"ia32\"" \
53 "-DDEBUGDIR=L\"/usr/lib/debug/usr/share/shim/ia32-$(VERSION)$(RELEASE)/\""
55 ifeq ($(ARCH
),aarch64
)
56 CFLAGS
+= "-DEFI_ARCH=L\"aa64\"" \
57 "-DDEBUGDIR=L\"/usr/lib/debug/usr/share/shim/aa64-$(VERSION)$(RELEASE)/\""
60 ifneq ($(origin VENDOR_CERT_FILE
), undefined
)
61 CFLAGS
+= -DVENDOR_CERT_FILE
=\"$(VENDOR_CERT_FILE
)\"
63 ifneq ($(origin VENDOR_DBX_FILE
), undefined
)
64 CFLAGS
+= -DVENDOR_DBX_FILE
=\"$(VENDOR_DBX_FILE
)\"
67 LDFLAGS
= --hash-style
=sysv
-nostdlib
-znocombreloc
-T
$(EFI_LDS
) -shared
-Bsymbolic
-L
$(EFI_PATH
) -L
$(LIB_PATH
) -LCryptlib
-LCryptlib
/OpenSSL
$(EFI_CRT_OBJS
) --build-id
=sha1
69 TARGET
= shim.efi MokManager.efi.signed fallback.efi.signed
70 OBJS
= shim.o netboot.o cert.o replacements.o tpm.o version.o
71 KEYS
= shim_cert.h ocsp.
* ca.
* shim.crt shim.csr shim.p12 shim.pem shim.key shim.cer
72 SOURCES
= shim.c shim.h netboot.c
include/PeImage.h
include/wincert.h
include/console.h replacements.c replacements.h tpm.c tpm.h version.c version.h
73 MOK_OBJS
= MokManager.o PasswordCrypt.o crypt_blowfish.o
74 MOK_SOURCES
= MokManager.c shim.h
include/console.h PasswordCrypt.c PasswordCrypt.h crypt_blowfish.c crypt_blowfish.h
75 FALLBACK_OBJS
= fallback.o
76 FALLBACK_SRCS
= fallback.c
81 .
/make-certs shim shim@xn--u4h.net
all codesign
1.3.6.1.4.1.311.10.3.1 </dev
/null
84 openssl x509
-outform der
-in
$< -out
$@
87 echo
"static UINT8 shim_cert[] = {" > $@
88 hexdump
-v
-e
'1/1 "0x%02x, "' $< >> $@
91 version.c
: version.c.in
92 sed
-e
"s,@@VERSION@@,$(VERSION)," \
93 -e
"s,@@UNAME@@,$(shell uname -a)," \
94 -e
"s,@@COMMIT@@,$(shell if [ -d .git ] ; then git log -1 --pretty=format:%H ; elif [ -f commit ]; then cat commit ; else echo commit id not available; fi)," \
95 < version.c.in
> version.c
97 certdb
/secmod.db
: shim.crt
99 pk12util
-d certdb
/ -i shim.p12
-W
"" -K
""
100 certutil
-d certdb
/ -A
-i shim.crt
-n shim
-t u
102 shim.o
: $(SOURCES
) shim_cert.h
103 shim.o
: $(wildcard *.h
)
106 $(CC
) $(CFLAGS
) -c
-o
$@
$<
108 shim.so
: $(OBJS
) Cryptlib
/libcryptlib.a Cryptlib
/OpenSSL
/libopenssl.a lib
/lib.a
109 $(LD
) -o
$@
$(LDFLAGS
) $^
$(EFI_LIBS
)
111 fallback.o
: $(FALLBACK_SRCS
)
113 fallback.so
: $(FALLBACK_OBJS
) Cryptlib
/libcryptlib.a Cryptlib
/OpenSSL
/libopenssl.a lib
/lib.a
114 $(LD
) -o
$@
$(LDFLAGS
) $^
$(EFI_LIBS
)
116 MokManager.o
: $(MOK_SOURCES
)
118 MokManager.so
: $(MOK_OBJS
) Cryptlib
/libcryptlib.a Cryptlib
/OpenSSL
/libopenssl.a lib
/lib.a
119 $(LD
) -o
$@
$(LDFLAGS
) $^
$(EFI_LIBS
) lib
/lib.a
121 Cryptlib
/libcryptlib.a
:
124 Cryptlib
/OpenSSL
/libopenssl.a
:
125 $(MAKE
) -C Cryptlib
/OpenSSL
128 $(MAKE
) CFLAGS
="$(CFLAGS)" -C lib
130 ifeq ($(ARCH
),aarch64
)
133 LDFLAGS
+= --defsym
=EFI_SUBSYSTEM
=$(SUBSYSTEM
)
139 LDFLAGS
+= --defsym
=EFI_SUBSYSTEM
=$(SUBSYSTEM
)
142 FORMAT ?
= --target efi-app-
$(ARCH
)
145 ifneq ($(OBJCOPY_GTE224
),1)
146 $(error objcopy
>= 2.24 is required
)
148 $(OBJCOPY
) -j .text
-j .sdata
-j .data \
149 -j .dynamic
-j .dynsym
-j .rel
* \
150 -j .rela
* -j .reloc
-j .eh_frame \
153 $(OBJCOPY
) -j .text
-j .sdata
-j .data \
154 -j .dynamic
-j .dynsym
-j .rel
* \
155 -j .rela
* -j .reloc
-j .eh_frame \
156 -j .debug_info
-j .debug_abbrev
-j .debug_aranges \
157 -j .debug_line
-j .debug_str
-j .debug_ranges \
158 -j .note.gnu.build-id \
159 $(FORMAT
) $^
$@.debug
161 %.efi.signed
: %.efi shim.crt
162 sbsign
--key shim.key
--cert shim.crt
$<
165 $(MAKE
) -C Cryptlib
clean
166 $(MAKE
) -C Cryptlib
/OpenSSL
clean
168 rm -rf
$(TARGET
) $(OBJS
) $(MOK_OBJS
) $(FALLBACK_OBJS
) $(KEYS
) certdb
169 rm -f
*.debug
*.so
*.efi
*.
tar.
* version.c
174 @
rm -rf
/tmp
/shim-
$(VERSION
) /tmp
/shim-
$(VERSION
)-tmp
175 @mkdir
-p
/tmp
/shim-
$(VERSION
)-tmp
176 @git archive
--format
=tar $(shell git branch | awk
'/^*/ { print $$2 }') |
( cd
/tmp
/shim-
$(VERSION
)-tmp
/ ; tar x
)
177 @git diff |
( cd
/tmp
/shim-
$(VERSION
)-tmp
/ ; patch
-s
-p1
-b
-z .gitdiff
)
178 @mv
/tmp
/shim-
$(VERSION
)-tmp
/ /tmp
/shim-
$(VERSION
)/
179 @git log
-1 --pretty
=format
:%H
> /tmp
/shim-
$(VERSION
)/commit
180 @
dir=$$PWD; cd
/tmp
; tar -c
--bzip2
-f
$$dir/shim-
$(VERSION
).
tar.bz2 shim-
$(VERSION
)
181 @
rm -rf
/tmp
/shim-
$(VERSION
)
182 @echo
"The archive is in shim-$(VERSION).tar.bz2"
185 git tag
--sign
$(GITTAG
) refs
/heads
/master
188 @
rm -rf
/tmp
/shim-
$(VERSION
) /tmp
/shim-
$(VERSION
)-tmp
189 @mkdir
-p
/tmp
/shim-
$(VERSION
)-tmp
190 @git archive
--format
=tar $(GITTAG
) |
( cd
/tmp
/shim-
$(VERSION
)-tmp
/ ; tar x
)
191 @mv
/tmp
/shim-
$(VERSION
)-tmp
/ /tmp
/shim-
$(VERSION
)/
192 @git log
-1 --pretty
=format
:%H
> /tmp
/shim-
$(VERSION
)/commit
193 @
dir=$$PWD; cd
/tmp
; tar -c
--bzip2
-f
$$dir/shim-
$(VERSION
).
tar.bz2 shim-
$(VERSION
)
194 @
rm -rf
/tmp
/shim-
$(VERSION
)
195 @echo
"The archive is in shim-$(VERSION).tar.bz2"
197 export ARCH CC LD OBJCOPY EFI_INCLUDE