Changeset View
Changeset View
Standalone View
Standalone View
lib/libsecureboot/Makefile.inc
Show First 20 Lines • Show All 86 Lines • ▼ Show 20 Lines | |||||
.if ${VE_SELF_TESTS} != "no" | .if ${VE_SELF_TESTS} != "no" | ||||
# The input used for hash KATs | # The input used for hash KATs | ||||
VE_HASH_KAT_STR?= vc_PEM | VE_HASH_KAT_STR?= vc_PEM | ||||
XCFLAGS.vets+= -DVE_HASH_KAT_STR=${VE_HASH_KAT_STR} | XCFLAGS.vets+= -DVE_HASH_KAT_STR=${VE_HASH_KAT_STR} | ||||
.endif | .endif | ||||
# this should be updated occassionally this is 2019-01-01Z | |||||
SOURCE_DATE_EPOCH?= 1546329600 | |||||
.if ${MK_REPRODUCIBLE_BUILD} == "yes" | |||||
BUILD_UTC?= ${SOURCE_DATE_EPOCH} | |||||
.endif | |||||
# BUILD_UTC provides a basis for the loader's notion of time | |||||
# By default we use the mtime of BUILD_UTC_FILE | |||||
.if empty(BUILD_UTC_FILE) | |||||
BUILD_UTC_FILE:= ${.PARSEDIR:tA}/${.PARSEFILE} | |||||
.endif | |||||
# you can of course set BUILD_UTC to any value you like | |||||
BUILD_UTC?= ${${STAT:Ustat} -f %m ${BUILD_UTC_FILE}:L:sh} | |||||
# Generate ta.h containing one or more PEM encoded trust anchors in ta_PEM. | # Generate ta.h containing one or more PEM encoded trust anchors in ta_PEM. | ||||
# | # | ||||
# If we are doing self-tests, we define another arrary vc_PEM | # If we are doing self-tests, we define another arrary vc_PEM | ||||
# containing certificates that we can verify for each trust anchor. | # containing certificates that we can verify for each trust anchor. | ||||
# This is typically a subordinate CA cert. | # This is typically a subordinate CA cert. | ||||
# Finally we generate a hash of vc_PEM using each supported hash method | # Finally we generate a hash of vc_PEM using each supported hash method | ||||
# to use as a Known Answer Test (needed for FIPS 140-2) | # to use as a Known Answer Test (needed for FIPS 140-2) | ||||
# | # | ||||
vets.o vets.po vets.pico: ta.h | vets.o vets.po vets.pico: ta.h | ||||
ta.h: ${.ALLTARGETS:M[tv]*pem:O:u} | ta.h: ${.ALLTARGETS:M[tv]*pem:O:u} | ||||
@( echo '/* Autogenerated - DO NOT EDIT!!! */'; echo; \ | @( echo '/* Autogenerated - DO NOT EDIT!!! */'; echo; \ | ||||
cat ${.ALLSRC:N*crl*:Mt*.pem} /dev/null | \ | cat ${.ALLSRC:N*crl*:Mt*.pem} /dev/null | \ | ||||
file2c -sx 'static const char ta_PEM[] = {' '};'; \ | file2c -sx 'static const char ta_PEM[] = {' '};'; \ | ||||
echo "${.newline}${VE_HASH_LIST:@H@static char vh_$H[] = \"`cat ${.ALLSRC:N*crl*:Mv*.pem} | ${$H:U${H:tl}}`\";${.newline}@}"; ) > ${.TARGET} | echo "${.newline}${VE_HASH_LIST:@H@static char vh_$H[] = \"`cat ${.ALLSRC:N*crl*:Mv*.pem} | ${$H:U${H:tl}}`\";${.newline}@}"; ) > ${.TARGET} | ||||
.if ${VE_SELF_TESTS} != "no" | .if ${VE_SELF_TESTS} != "no" | ||||
( cat ${.ALLSRC:N*crl*:Mv*.pem} /dev/null | \ | ( cat ${.ALLSRC:N*crl*:Mv*.pem} /dev/null | \ | ||||
file2c -sx 'static const char vc_PEM[] = {' '};'; echo ) >> ${.TARGET} | file2c -sx 'static const char vc_PEM[] = {' '};'; echo ) >> ${.TARGET} | ||||
.endif | .endif | ||||
.if !empty(BUILD_UTC_FILE) | echo '#define BUILD_UTC ${BUILD_UTC}' >> ${.TARGET} ${.OODATE:MNOMETA_CMP} | ||||
echo '#define BUILD_UTC ${${STAT:Ustat} -f %m ${BUILD_UTC_FILE}:L:sh}' >> ${.TARGET} ${.OODATE:MNOMETA_CMP} | |||||
.endif | |||||
# This header records our preference for signature extensions. | # This header records our preference for signature extensions. | ||||
vesigned.o vesigned.po vesigned.pico: vse.h | vesigned.o vesigned.po vesigned.pico: vse.h | ||||
vse.h: | vse.h: | ||||
@( echo '/* Autogenerated - DO NOT EDIT!!! */'; echo; \ | @( echo '/* Autogenerated - DO NOT EDIT!!! */'; echo; \ | ||||
echo "static const char *signature_exts[] = {"; \ | echo "static const char *signature_exts[] = {"; \ | ||||
echo '${VE_SIGNATURE_EXT_LIST:@e@"$e",${.newline}@}'; \ | echo '${VE_SIGNATURE_EXT_LIST:@e@"$e",${.newline}@}'; \ | ||||
echo 'NULL };' ) > ${.TARGET} | echo 'NULL };' ) > ${.TARGET} | ||||
Show All 10 Lines |