1 2BRSSL_CFLAGS+= -DNO_STDIO 3 4.include "Makefile.inc" 5 6# for "measured boot" 7# loader puts the equivalent of TPM's PCR register into kenv 8# this is not as good but *way* simpler than talking to TPM 9CFLAGS+= -DVE_PCR_SUPPORT 10 11# sources that only apply to libsa 12SRCS+= \ 13 vectx.c \ 14 veopen.c \ 15 vepcr.c \ 16 verify_file.c \ 17 18# Build library with support for the UEFI based authentication 19.if ${MK_LOADER_EFI_SECUREBOOT} == "yes" 20SRCS+= \ 21 efi/efi_variables.c \ 22 efi/efi_init.c 23 24# Add includes required by efi part 25CFLAGS+= \ 26 -I${SRCTOP}/stand/efi/include \ 27 -I${SRCTOP}/lib/libsecureboot/efi/include \ 28 -I${SRCTOP}/stand/efi/include/${MACHINE} 29.endif 30 31.if ${MK_LOADER_VERIEXEC_PASS_MANIFEST} == "yes" 32SRCS+= \ 33 pass_manifest.c 34.endif 35 36# this is the list of paths (relative to a file 37# that we need to verify) used to find a signed manifest. 38# the signature extensions in VE_SIGNATURE_EXT_LIST 39# will be applied to each. 40VE_MANIFEST_LIST?= manifest ../manifest 41 42verify_file.o: manifests.h 43manifests.h: 44 @( echo '/* Autogenerated - DO NOT EDIT!!! */'; echo; \ 45 echo "static const char *manifest_names[] = {"; \ 46 echo '${VE_MANIFEST_LIST:@m@"$m",${.newline}@}'; \ 47 echo 'NULL };' ) > ${.TARGET} 48 49# only add these if set 50XCFLAGS.verify_file+= \ 51 ${VE_DEBUG_LEVEL \ 52 VE_VERBOSE_DEFAULT \ 53 VE_VERIFY_FLAGS \ 54 :L:@v@${$v:S,^,-D$v=,}@} 55 56.if !empty(MANIFEST_SKIP_ALWAYS) 57XCFLAGS.verify_file+= -DMANIFEST_SKIP_ALWAYS=\"${MANIFEST_SKIP_ALWAYS}\" 58.elif !empty(MANIFEST_SKIP) 59XCFLAGS.verify_file+= -DMANIFEST_SKIP=\"${MANIFEST_SKIP}\" 60.endif 61