xref: /freebsd/lib/libsecureboot/Makefile.libsa.inc (revision 7fdf597e96a02165cfe22ff357b857d5fa15ed8a)
1BRSSL_CFLAGS+= -DNO_STDIO
2
3.include "Makefile.inc"
4
5# for "measured boot"
6# loader puts the equivalent of TPM's PCR register into kenv
7# this is not as good but *way* simpler than talking to TPM
8CFLAGS+= -DVE_PCR_SUPPORT
9
10# sources that only apply to libsa
11SRCS+= \
12	vectx.c \
13	veopen.c \
14	vepcr.c \
15	verify_file.c \
16
17# Build library with support for the UEFI based authentication
18.if ${MK_LOADER_EFI_SECUREBOOT} == "yes"
19SRCS+= \
20	efi/efi_variables.c \
21	efi/efi_init.c
22
23# Add includes required by efi part
24CFLAGS+= \
25	-I${SRCTOP}/stand/efi/include \
26	-I${SRCTOP}/lib/libsecureboot/efi/include \
27	-I${SRCTOP}/stand/efi/include/${MACHINE}
28.endif
29
30.if ${MK_LOADER_VERIEXEC_PASS_MANIFEST} == "yes"
31SRCS+= \
32	pass_manifest.c
33.endif
34
35# this is the list of paths (relative to a file
36# that we need to verify) used to find a signed manifest.
37# the signature extensions in VE_SIGNATURE_EXT_LIST
38# will be applied to each.
39VE_MANIFEST_LIST?= manifest ../manifest
40
41verify_file.o: manifests.h
42manifests.h:
43	@( echo '/* Autogenerated - DO NOT EDIT!!! */'; echo; \
44	echo "static const char *manifest_names[] = {"; \
45	echo '${VE_MANIFEST_LIST:@m@"$m",${.newline}@}'; \
46	echo 'NULL };' ) > ${.TARGET}
47
48# only add these if set
49XCFLAGS.verify_file+= \
50	${VE_DEBUG_LEVEL \
51	VE_VERBOSE_DEFAULT \
52	VE_VERIFY_FLAGS \
53	:L:@v@${$v:S,^,-D$v=,}@}
54
55.if !empty(MANIFEST_SKIP_ALWAYS)
56XCFLAGS.verify_file+= -DMANIFEST_SKIP_ALWAYS=\"${MANIFEST_SKIP_ALWAYS}\"
57.elif !empty(MANIFEST_SKIP)
58XCFLAGS.verify_file+= -DMANIFEST_SKIP=\"${MANIFEST_SKIP}\"
59.endif
60