1# $FreeBSD$ 2 3BRSSL_CFLAGS+= -DNO_STDIO 4 5.include "Makefile.inc" 6 7# for "measured boot" 8# loader puts the equivalent of TPM's PCR register into kenv 9# this is not as good but *way* simpler than talking to TPM 10CFLAGS+= -DVE_PCR_SUPPORT 11 12# sources that only apply to libsa 13SRCS+= \ 14 vectx.c \ 15 veopen.c \ 16 vepcr.c \ 17 verify_file.c \ 18 19# Build library with support for the UEFI based authentication 20.if ${MK_LOADER_EFI_SECUREBOOT} == "yes" 21SRCS+= \ 22 efi/efi_variables.c \ 23 efi/efi_init.c 24 25# Add includes required by efi part 26CFLAGS+= \ 27 -I${SRCTOP}/stand/efi/include \ 28 -I${SRCTOP}/lib/libsecureboot/efi/include \ 29 -I${SRCTOP}/stand/efi/include/${MACHINE} 30.endif 31 32.if ${MK_LOADER_VERIEXEC_PASS_MANIFEST} == "yes" 33SRCS+= \ 34 pass_manifest.c 35.endif 36 37# this is the list of paths (relative to a file 38# that we need to verify) used to find a signed manifest. 39# the signature extensions in VE_SIGNATURE_EXT_LIST 40# will be applied to each. 41VE_MANIFEST_LIST?= manifest ../manifest 42 43verify_file.o: manifests.h 44manifests.h: 45 @( echo '/* Autogenerated - DO NOT EDIT!!! */'; echo; \ 46 echo "static const char *manifest_names[] = {"; \ 47 echo '${VE_MANIFEST_LIST:@m@"$m",${.newline}@}'; \ 48 echo 'NULL };' ) > ${.TARGET} 49 50XCFLAGS.verify_file+= \ 51 -DVE_DEBUG_LEVEL=${VE_DEBUG_LEVEL:U0} \ 52 -DVE_VERBOSE_DEFAULT=${VE_VERBOSE_DEFAULT:U0} \ 53 54.if !empty(MANIFEST_SKIP_ALWAYS) 55XCFLAGS.verify_file+= -DMANIFEST_SKIP_ALWAYS=\"${MANIFEST_SKIP_ALWAYS}\" 56.elif !empty(MANIFEST_SKIP) 57XCFLAGS.verify_file+= -DMANIFEST_SKIP=\"${MANIFEST_SKIP}\" 58.endif 59