lib/libsecureboot/Makefile.libsa.inc

   1 # $FreeBSD$
   2
   3 BRSSL_CFLAGS+= -DNO_STDIO
   4
   5 .include "Makefile.inc"
   6
   7 # for "measured boot"
   8 # loader puts the equivalent of TPM's PCR register into kenv
   9 # this is not as good but *way* simpler than talking to TPM
  10 CFLAGS+= -DVE_PCR_SUPPORT
  11
  12 # sources that only apply to libsa
  13 SRCS+= \
  14         vectx.c \
  15         veopen.c \
  16         vepcr.c \
  17         verify_file.c \
  18
  19 # Build library with support for the UEFI based authentication
  20 .if ${MK_LOADER_EFI_SECUREBOOT} == "yes"
  21 SRCS+= \
  22         efi/efi_variables.c \
  23         efi/efi_init.c
  24
  25 # Add includes required by efi part
  26 CFLAGS+= \
  27         -I${SRCTOP}/stand/efi/include \
  28         -I${SRCTOP}/lib/libsecureboot/efi/include \
  29         -I${SRCTOP}/stand/efi/include/${MACHINE}
  30 .endif
  31
  32 # this is the list of paths (relative to a file
  33 # that we need to verify) used to find a signed manifest.
  34 # the signature extensions in VE_SIGNATURE_EXT_LIST
  35 # will be applied to each.
  36 VE_MANIFEST_LIST?= manifest ../manifest
  37
  38 verify_file.o: manifests.h
  39 manifests.h:
  40         @( echo '/* Autogenerated - DO NOT EDIT!!! */'; echo; \
  41         echo "static const char *manifest_names[] = {"; \
  42         echo '${VE_MANIFEST_LIST:@m@"$m",${.newline}@}'; \
  43         echo 'NULL };' ) > ${.TARGET}
  44
  45 XCFLAGS.verify_file+= \
  46         -DVE_DEBUG_LEVEL=${VE_DEBUG_LEVEL:U0} \
  47         -DVE_VERBOSE_DEFAULT=${VE_VERBOSE_DEFAULT:U0} \
  48
  49 .if !empty(MANIFEST_SKIP_ALWAYS)
  50 XCFLAGS.verify_file+= -DMANIFEST_SKIP_ALWAYS=\"${MANIFEST_SKIP_ALWAYS}\"
  51 .elif !empty(MANIFEST_SKIP)
  52 XCFLAGS.verify_file+= -DMANIFEST_SKIP=\"${MANIFEST_SKIP}\"
  53 .endif