xref: /freebsd/lib/libsecureboot/Makefile.libsa.inc (revision 2e3507c25e42292b45a5482e116d278f5515d04d)
1
2BRSSL_CFLAGS+= -DNO_STDIO
3
4.include "Makefile.inc"
5
6# for "measured boot"
7# loader puts the equivalent of TPM's PCR register into kenv
8# this is not as good but *way* simpler than talking to TPM
9CFLAGS+= -DVE_PCR_SUPPORT
10
11# sources that only apply to libsa
12SRCS+= \
13	vectx.c \
14	veopen.c \
15	vepcr.c \
16	verify_file.c \
17
18# Build library with support for the UEFI based authentication
19.if ${MK_LOADER_EFI_SECUREBOOT} == "yes"
20SRCS+= \
21	efi/efi_variables.c \
22	efi/efi_init.c
23
24# Add includes required by efi part
25CFLAGS+= \
26	-I${SRCTOP}/stand/efi/include \
27	-I${SRCTOP}/lib/libsecureboot/efi/include \
28	-I${SRCTOP}/stand/efi/include/${MACHINE}
29.endif
30
31.if ${MK_LOADER_VERIEXEC_PASS_MANIFEST} == "yes"
32SRCS+= \
33	pass_manifest.c
34.endif
35
36# this is the list of paths (relative to a file
37# that we need to verify) used to find a signed manifest.
38# the signature extensions in VE_SIGNATURE_EXT_LIST
39# will be applied to each.
40VE_MANIFEST_LIST?= manifest ../manifest
41
42verify_file.o: manifests.h
43manifests.h:
44	@( echo '/* Autogenerated - DO NOT EDIT!!! */'; echo; \
45	echo "static const char *manifest_names[] = {"; \
46	echo '${VE_MANIFEST_LIST:@m@"$m",${.newline}@}'; \
47	echo 'NULL };' ) > ${.TARGET}
48
49XCFLAGS.verify_file+= \
50	-DVE_DEBUG_LEVEL=${VE_DEBUG_LEVEL:U0} \
51	-DVE_VERBOSE_DEFAULT=${VE_VERBOSE_DEFAULT:U0} \
52
53.if !empty(MANIFEST_SKIP_ALWAYS)
54XCFLAGS.verify_file+= -DMANIFEST_SKIP_ALWAYS=\"${MANIFEST_SKIP_ALWAYS}\"
55.elif !empty(MANIFEST_SKIP)
56XCFLAGS.verify_file+= -DMANIFEST_SKIP=\"${MANIFEST_SKIP}\"
57.endif
58