1# $FreeBSD$ 2 3BRSSL_CFLAGS+= -DNO_STDIO 4 5.include "Makefile.inc" 6 7# for "measured boot" 8# loader puts the equivalent of TPM's PCR register into kenv 9# this is not as good but *way* simpler than talking to TPM 10CFLAGS+= -DVE_PCR_SUPPORT 11 12# sources that only apply to libsa 13SRCS+= \ 14 vectx.c \ 15 veopen.c \ 16 vepcr.c \ 17 verify_file.c \ 18 19# Build library with support for the UEFI based authentication 20.if ${MK_LOADER_EFI_SECUREBOOT} == "yes" 21SRCS+= \ 22 efi/efi_variables.c \ 23 efi/efi_init.c 24 25# Add includes required by efi part 26CFLAGS+= \ 27 -I${SRCTOP}/stand/efi/include \ 28 -I${SRCTOP}/lib/libsecureboot/efi/include \ 29 -I${SRCTOP}/stand/efi/include/${MACHINE} 30.endif 31 32# this is the list of paths (relative to a file 33# that we need to verify) used to find a signed manifest. 34# the signature extensions in VE_SIGNATURE_EXT_LIST 35# will be applied to each. 36VE_MANIFEST_LIST?= manifest ../manifest 37 38verify_file.o: manifests.h 39manifests.h: 40 @( echo '/* Autogenerated - DO NOT EDIT!!! */'; echo; \ 41 echo "static const char *manifest_names[] = {"; \ 42 echo '${VE_MANIFEST_LIST:@m@"$m",${.newline}@}'; \ 43 echo 'NULL };' ) > ${.TARGET} 44 45XCFLAGS.verify_file+= \ 46 -DVE_DEBUG_LEVEL=${VE_DEBUG_LEVEL:U0} \ 47 -DVE_VERBOSE_DEFAULT=${VE_VERBOSE_DEFAULT:U0} \ 48 49.if !empty(MANIFEST_SKIP_ALWAYS) 50XCFLAGS.verify_file+= -DMANIFEST_SKIP_ALWAYS=\"${MANIFEST_SKIP_ALWAYS}\" 51.elif !empty(MANIFEST_SKIP) 52XCFLAGS.verify_file+= -DMANIFEST_SKIP=\"${MANIFEST_SKIP}\" 53.endif 54