15fff9558SSimon J. GerratyBRSSL_CFLAGS+= -DNO_STDIO 25fff9558SSimon J. Gerraty 35fff9558SSimon J. Gerraty.include "Makefile.inc" 45fff9558SSimon J. Gerraty 55fff9558SSimon J. Gerraty# for "measured boot" 65fff9558SSimon J. Gerraty# loader puts the equivalent of TPM's PCR register into kenv 75fff9558SSimon J. Gerraty# this is not as good but *way* simpler than talking to TPM 85fff9558SSimon J. GerratyCFLAGS+= -DVE_PCR_SUPPORT 95fff9558SSimon J. Gerraty 105fff9558SSimon J. Gerraty# sources that only apply to libsa 115fff9558SSimon J. GerratySRCS+= \ 125fff9558SSimon J. Gerraty vectx.c \ 135fff9558SSimon J. Gerraty veopen.c \ 145fff9558SSimon J. Gerraty vepcr.c \ 155fff9558SSimon J. Gerraty verify_file.c \ 165fff9558SSimon J. Gerraty 1713ea0450SMarcin Wojtas# Build library with support for the UEFI based authentication 1813ea0450SMarcin Wojtas.if ${MK_LOADER_EFI_SECUREBOOT} == "yes" 1913ea0450SMarcin WojtasSRCS+= \ 2013ea0450SMarcin Wojtas efi/efi_variables.c \ 2113ea0450SMarcin Wojtas efi/efi_init.c 2213ea0450SMarcin Wojtas 2313ea0450SMarcin Wojtas# Add includes required by efi part 2413ea0450SMarcin WojtasCFLAGS+= \ 2513ea0450SMarcin Wojtas -I${SRCTOP}/stand/efi/include \ 2613ea0450SMarcin Wojtas -I${SRCTOP}/lib/libsecureboot/efi/include \ 2713ea0450SMarcin Wojtas -I${SRCTOP}/stand/efi/include/${MACHINE} 2813ea0450SMarcin Wojtas.endif 2913ea0450SMarcin Wojtas 30b0fefb25SMarcin Wojtas.if ${MK_LOADER_VERIEXEC_PASS_MANIFEST} == "yes" 31b0fefb25SMarcin WojtasSRCS+= \ 32b0fefb25SMarcin Wojtas pass_manifest.c 33b0fefb25SMarcin Wojtas.endif 34b0fefb25SMarcin Wojtas 355fff9558SSimon J. Gerraty# this is the list of paths (relative to a file 365fff9558SSimon J. Gerraty# that we need to verify) used to find a signed manifest. 375fff9558SSimon J. Gerraty# the signature extensions in VE_SIGNATURE_EXT_LIST 385fff9558SSimon J. Gerraty# will be applied to each. 395fff9558SSimon J. GerratyVE_MANIFEST_LIST?= manifest ../manifest 405fff9558SSimon J. Gerraty 415fff9558SSimon J. Gerratyverify_file.o: manifests.h 425fff9558SSimon J. Gerratymanifests.h: 435fff9558SSimon J. Gerraty @( echo '/* Autogenerated - DO NOT EDIT!!! */'; echo; \ 445fff9558SSimon J. Gerraty echo "static const char *manifest_names[] = {"; \ 455fff9558SSimon J. Gerraty echo '${VE_MANIFEST_LIST:@m@"$m",${.newline}@}'; \ 465fff9558SSimon J. Gerraty echo 'NULL };' ) > ${.TARGET} 475fff9558SSimon J. Gerraty 48*f616d61aSSimon J. Gerraty# only add these if set 495fff9558SSimon J. GerratyXCFLAGS.verify_file+= \ 50*f616d61aSSimon J. Gerraty ${VE_DEBUG_LEVEL \ 51*f616d61aSSimon J. Gerraty VE_VERBOSE_DEFAULT \ 52*f616d61aSSimon J. Gerraty VE_VERIFY_FLAGS \ 53*f616d61aSSimon J. Gerraty :L:@v@${$v:S,^,-D$v=,}@} 545fff9558SSimon J. Gerraty 555fff9558SSimon J. Gerraty.if !empty(MANIFEST_SKIP_ALWAYS) 565fff9558SSimon J. GerratyXCFLAGS.verify_file+= -DMANIFEST_SKIP_ALWAYS=\"${MANIFEST_SKIP_ALWAYS}\" 575fff9558SSimon J. Gerraty.elif !empty(MANIFEST_SKIP) 585fff9558SSimon J. GerratyXCFLAGS.verify_file+= -DMANIFEST_SKIP=\"${MANIFEST_SKIP}\" 595fff9558SSimon J. Gerraty.endif 60