Changeset View
Changeset View
Standalone View
Standalone View
lib/libsecureboot/Makefile.inc
| Show First 20 Lines • Show All 86 Lines • ▼ Show 20 Lines | |||||
| .if ${VE_SELF_TESTS} != "no" | .if ${VE_SELF_TESTS} != "no" | ||||
| # The input used for hash KATs | # The input used for hash KATs | ||||
| VE_HASH_KAT_STR?= vc_PEM | VE_HASH_KAT_STR?= vc_PEM | ||||
| XCFLAGS.vets+= -DVE_HASH_KAT_STR=${VE_HASH_KAT_STR} | XCFLAGS.vets+= -DVE_HASH_KAT_STR=${VE_HASH_KAT_STR} | ||||
| .endif | .endif | ||||
| # this should be updated occassionally this is 2019-01-01Z | |||||
| SOURCE_DATE_EPOCH?= 1546329600 | |||||
| .if ${MK_REPRODUCIBLE_BUILD} == "yes" | |||||
| BUILD_UTC?= ${SOURCE_DATE_EPOCH} | |||||
| .endif | |||||
| # BUILD_UTC provides a basis for the loader's notion of time | |||||
| # By default we use the mtime of BUILD_UTC_FILE | |||||
| .if empty(BUILD_UTC_FILE) | |||||
| BUILD_UTC_FILE:= ${.PARSEDIR:tA}/${.PARSEFILE} | |||||
| .endif | |||||
| # you can of course set BUILD_UTC to any value you like | |||||
| BUILD_UTC?= ${${STAT:Ustat} -f %m ${BUILD_UTC_FILE}:L:sh} | |||||
| # Generate ta.h containing one or more PEM encoded trust anchors in ta_PEM. | # Generate ta.h containing one or more PEM encoded trust anchors in ta_PEM. | ||||
| # | # | ||||
| # If we are doing self-tests, we define another arrary vc_PEM | # If we are doing self-tests, we define another arrary vc_PEM | ||||
| # containing certificates that we can verify for each trust anchor. | # containing certificates that we can verify for each trust anchor. | ||||
| # This is typically a subordinate CA cert. | # This is typically a subordinate CA cert. | ||||
| # Finally we generate a hash of vc_PEM using each supported hash method | # Finally we generate a hash of vc_PEM using each supported hash method | ||||
| # to use as a Known Answer Test (needed for FIPS 140-2) | # to use as a Known Answer Test (needed for FIPS 140-2) | ||||
| # | # | ||||
| vets.o vets.po vets.pico: ta.h | vets.o vets.po vets.pico: ta.h | ||||
| ta.h: ${.ALLTARGETS:M[tv]*pem:O:u} | ta.h: ${.ALLTARGETS:M[tv]*pem:O:u} | ||||
| @( echo '/* Autogenerated - DO NOT EDIT!!! */'; echo; \ | @( echo '/* Autogenerated - DO NOT EDIT!!! */'; echo; \ | ||||
| cat ${.ALLSRC:N*crl*:Mt*.pem} /dev/null | \ | cat ${.ALLSRC:N*crl*:Mt*.pem} /dev/null | \ | ||||
| file2c -sx 'static const char ta_PEM[] = {' '};'; \ | file2c -sx 'static const char ta_PEM[] = {' '};'; \ | ||||
| echo "${.newline}${VE_HASH_LIST:@H@static char vh_$H[] = \"`cat ${.ALLSRC:N*crl*:Mv*.pem} | ${$H:U${H:tl}}`\";${.newline}@}"; ) > ${.TARGET} | echo "${.newline}${VE_HASH_LIST:@H@static char vh_$H[] = \"`cat ${.ALLSRC:N*crl*:Mv*.pem} | ${$H:U${H:tl}}`\";${.newline}@}"; ) > ${.TARGET} | ||||
| .if ${VE_SELF_TESTS} != "no" | .if ${VE_SELF_TESTS} != "no" | ||||
| ( cat ${.ALLSRC:N*crl*:Mv*.pem} /dev/null | \ | ( cat ${.ALLSRC:N*crl*:Mv*.pem} /dev/null | \ | ||||
| file2c -sx 'static const char vc_PEM[] = {' '};'; echo ) >> ${.TARGET} | file2c -sx 'static const char vc_PEM[] = {' '};'; echo ) >> ${.TARGET} | ||||
| .endif | .endif | ||||
| .if !empty(BUILD_UTC_FILE) | echo '#define BUILD_UTC ${BUILD_UTC}' >> ${.TARGET} ${.OODATE:MNOMETA_CMP} | ||||
| echo '#define BUILD_UTC ${${STAT:Ustat} -f %m ${BUILD_UTC_FILE}:L:sh}' >> ${.TARGET} ${.OODATE:MNOMETA_CMP} | |||||
| .endif | |||||
| # This header records our preference for signature extensions. | # This header records our preference for signature extensions. | ||||
| vesigned.o vesigned.po vesigned.pico: vse.h | vesigned.o vesigned.po vesigned.pico: vse.h | ||||
| vse.h: | vse.h: | ||||
| @( echo '/* Autogenerated - DO NOT EDIT!!! */'; echo; \ | @( echo '/* Autogenerated - DO NOT EDIT!!! */'; echo; \ | ||||
| echo "static const char *signature_exts[] = {"; \ | echo "static const char *signature_exts[] = {"; \ | ||||
| echo '${VE_SIGNATURE_EXT_LIST:@e@"$e",${.newline}@}'; \ | echo '${VE_SIGNATURE_EXT_LIST:@e@"$e",${.newline}@}'; \ | ||||
| echo 'NULL };' ) > ${.TARGET} | echo 'NULL };' ) > ${.TARGET} | ||||
| Show All 10 Lines | |||||