15fff9558SSimon J. Gerraty 25fff9558SSimon J. GerratyBRSSL_CFLAGS+= -DNO_STDIO 35fff9558SSimon J. Gerraty 45fff9558SSimon J. Gerraty.include "Makefile.inc" 55fff9558SSimon J. Gerraty 65fff9558SSimon J. Gerraty# for "measured boot" 75fff9558SSimon J. Gerraty# loader puts the equivalent of TPM's PCR register into kenv 85fff9558SSimon J. Gerraty# this is not as good but *way* simpler than talking to TPM 95fff9558SSimon J. GerratyCFLAGS+= -DVE_PCR_SUPPORT 105fff9558SSimon J. Gerraty 115fff9558SSimon J. Gerraty# sources that only apply to libsa 125fff9558SSimon J. GerratySRCS+= \ 135fff9558SSimon J. Gerraty vectx.c \ 145fff9558SSimon J. Gerraty veopen.c \ 155fff9558SSimon J. Gerraty vepcr.c \ 165fff9558SSimon J. Gerraty verify_file.c \ 175fff9558SSimon J. Gerraty 1813ea0450SMarcin Wojtas# Build library with support for the UEFI based authentication 1913ea0450SMarcin Wojtas.if ${MK_LOADER_EFI_SECUREBOOT} == "yes" 2013ea0450SMarcin WojtasSRCS+= \ 2113ea0450SMarcin Wojtas efi/efi_variables.c \ 2213ea0450SMarcin Wojtas efi/efi_init.c 2313ea0450SMarcin Wojtas 2413ea0450SMarcin Wojtas# Add includes required by efi part 2513ea0450SMarcin WojtasCFLAGS+= \ 2613ea0450SMarcin Wojtas -I${SRCTOP}/stand/efi/include \ 2713ea0450SMarcin Wojtas -I${SRCTOP}/lib/libsecureboot/efi/include \ 2813ea0450SMarcin Wojtas -I${SRCTOP}/stand/efi/include/${MACHINE} 2913ea0450SMarcin Wojtas.endif 3013ea0450SMarcin Wojtas 31b0fefb25SMarcin Wojtas.if ${MK_LOADER_VERIEXEC_PASS_MANIFEST} == "yes" 32b0fefb25SMarcin WojtasSRCS+= \ 33b0fefb25SMarcin Wojtas pass_manifest.c 34b0fefb25SMarcin Wojtas.endif 35b0fefb25SMarcin Wojtas 365fff9558SSimon J. Gerraty# this is the list of paths (relative to a file 375fff9558SSimon J. Gerraty# that we need to verify) used to find a signed manifest. 385fff9558SSimon J. Gerraty# the signature extensions in VE_SIGNATURE_EXT_LIST 395fff9558SSimon J. Gerraty# will be applied to each. 405fff9558SSimon J. GerratyVE_MANIFEST_LIST?= manifest ../manifest 415fff9558SSimon J. Gerraty 425fff9558SSimon J. Gerratyverify_file.o: manifests.h 435fff9558SSimon J. Gerratymanifests.h: 445fff9558SSimon J. Gerraty @( echo '/* Autogenerated - DO NOT EDIT!!! */'; echo; \ 455fff9558SSimon J. Gerraty echo "static const char *manifest_names[] = {"; \ 465fff9558SSimon J. Gerraty echo '${VE_MANIFEST_LIST:@m@"$m",${.newline}@}'; \ 475fff9558SSimon J. Gerraty echo 'NULL };' ) > ${.TARGET} 485fff9558SSimon J. Gerraty 49*f616d61aSSimon J. Gerraty# only add these if set 505fff9558SSimon J. GerratyXCFLAGS.verify_file+= \ 51*f616d61aSSimon J. Gerraty ${VE_DEBUG_LEVEL \ 52*f616d61aSSimon J. Gerraty VE_VERBOSE_DEFAULT \ 53*f616d61aSSimon J. Gerraty VE_VERIFY_FLAGS \ 54*f616d61aSSimon J. Gerraty :L:@v@${$v:S,^,-D$v=,}@} 555fff9558SSimon J. Gerraty 565fff9558SSimon J. Gerraty.if !empty(MANIFEST_SKIP_ALWAYS) 575fff9558SSimon J. GerratyXCFLAGS.verify_file+= -DMANIFEST_SKIP_ALWAYS=\"${MANIFEST_SKIP_ALWAYS}\" 585fff9558SSimon J. Gerraty.elif !empty(MANIFEST_SKIP) 595fff9558SSimon J. GerratyXCFLAGS.verify_file+= -DMANIFEST_SKIP=\"${MANIFEST_SKIP}\" 605fff9558SSimon J. Gerraty.endif 61