1BRSSL_CFLAGS+= -DNO_STDIO 2 3.include "Makefile.inc" 4 5# for "measured boot" 6# loader puts the equivalent of TPM's PCR register into kenv 7# this is not as good but *way* simpler than talking to TPM 8CFLAGS+= -DVE_PCR_SUPPORT 9 10# sources that only apply to libsa 11SRCS+= \ 12 vectx.c \ 13 veopen.c \ 14 vepcr.c \ 15 verify_file.c \ 16 17# Build library with support for the UEFI based authentication 18.if ${MK_LOADER_EFI_SECUREBOOT} == "yes" 19SRCS+= \ 20 efi/efi_variables.c \ 21 efi/efi_init.c 22 23# Add includes required by efi part 24CFLAGS+= \ 25 -I${SRCTOP}/stand/efi/include \ 26 -I${SRCTOP}/lib/libsecureboot/efi/include \ 27 -I${SRCTOP}/stand/efi/include/${MACHINE} 28.endif 29 30.if ${MK_LOADER_VERIEXEC_PASS_MANIFEST} == "yes" 31SRCS+= \ 32 pass_manifest.c 33.endif 34 35# this is the list of paths (relative to a file 36# that we need to verify) used to find a signed manifest. 37# the signature extensions in VE_SIGNATURE_EXT_LIST 38# will be applied to each. 39VE_MANIFEST_LIST?= manifest ../manifest 40 41verify_file.o: manifests.h 42manifests.h: 43 @( echo '/* Autogenerated - DO NOT EDIT!!! */'; echo; \ 44 echo "static const char *manifest_names[] = {"; \ 45 echo '${VE_MANIFEST_LIST:@m@"$m",${.newline}@}'; \ 46 echo 'NULL };' ) > ${.TARGET} 47 48# only add these if set 49XCFLAGS.verify_file+= \ 50 ${VE_DEBUG_LEVEL \ 51 VE_VERBOSE_DEFAULT \ 52 VE_VERIFY_FLAGS \ 53 :L:@v@${$v:S,^,-D$v=,}@} 54 55.if !empty(MANIFEST_SKIP_ALWAYS) 56XCFLAGS.verify_file+= -DMANIFEST_SKIP_ALWAYS=\"${MANIFEST_SKIP_ALWAYS}\" 57.elif !empty(MANIFEST_SKIP) 58XCFLAGS.verify_file+= -DMANIFEST_SKIP=\"${MANIFEST_SKIP}\" 59.endif 60