diff --git a/src/Makefile b/src/Makefile index 911d27ab..d74565d1 100644 --- a/src/Makefile +++ b/src/Makefile @@ -62,7 +62,7 @@ QEMUIMG := qemu-img SRCDIRS := SRCDIRS += libgcc SRCDIRS += core -SRCDIRS += net net/oncrpc net/tcp net/udp net/infiniband net/80211 +SRCDIRS += net net/tcp net/udp net/infiniband SRCDIRS += image SRCDIRS += drivers/bus SRCDIRS += drivers/net @@ -71,10 +71,6 @@ SRCDIRS += drivers/net/e1000e SRCDIRS += drivers/net/igb SRCDIRS += drivers/net/igbvf SRCDIRS += drivers/net/phantom -SRCDIRS += drivers/net/rtl818x -SRCDIRS += drivers/net/ath -SRCDIRS += drivers/net/ath/ath5k -SRCDIRS += drivers/net/ath/ath9k SRCDIRS += drivers/net/vxge SRCDIRS += drivers/net/efi SRCDIRS += drivers/net/tg3 @@ -105,6 +101,16 @@ SRCDIRS += hci/keymap SRCDIRS += usr SRCDIRS += config +# These directories contain code that is not eligible for UEFI Secure +# Boot signing. +# +SRCDIRS_INSEC += net/oncrpc +SRCDIRS_INSEC += net/80211 +SRCDIRS_INSEC += drivers/net/rtl818x +SRCDIRS_INSEC += drivers/net/ath +SRCDIRS_INSEC += drivers/net/ath/ath5k +SRCDIRS_INSEC += drivers/net/ath/ath9k + # NON_AUTO_SRCS lists files that are excluded from the normal # automatic build system. # diff --git a/src/Makefile.housekeeping b/src/Makefile.housekeeping index f09db372..00b07926 100644 --- a/src/Makefile.housekeeping +++ b/src/Makefile.housekeeping @@ -299,7 +299,7 @@ endif # # Select build architecture and platform based on $(BIN) # -# BIN has the form bin[-[arch-]platform] +# BIN has the form bin[-[-][-sb]] ARCHS := $(patsubst arch/%,%,$(wildcard arch/*)) PLATFORMS := $(patsubst config/defaults/%.h,%,\ @@ -312,17 +312,18 @@ platforms : ifdef BIN -# Determine architecture portion of $(BIN), if present -BIN_ARCH := $(strip $(foreach A,$(ARCHS),\ - $(patsubst bin-$(A)-%,$(A),\ - $(filter bin-$(A)-%,$(BIN))))) - -# Determine platform portion of $(BIN), if present -ifeq ($(BIN_ARCH),) -BIN_PLATFORM := $(patsubst bin-%,%,$(filter bin-%,$(BIN))) +# Split $(BIN) into architecture, platform, and security flag (where present) +BIN_ELEMENTS := $(subst -,$(SPACE),$(BIN)) +BIN_APS := $(wordlist 2,4,$(BIN_ELEMENTS)) +ifeq ($(lastword $(BIN_APS)),sb) +BIN_AP := $(wordlist 2,$(words $(BIN_APS)),discard $(BIN_APS)) +BIN_SECUREBOOT := 1 else -BIN_PLATFORM := $(patsubst bin-$(BIN_ARCH)-%,%,$(BIN)) +BIN_AP := $(BIN_APS) +BIN_SECUREBOOT := 0 endif +BIN_PLATFORM := $(lastword $(BIN_AP)) +BIN_ARCH := $(wordlist 2,$(words $(BIN_AP)),discard $(BIN_AP)) # Determine build architecture DEFAULT_ARCH := i386 @@ -339,6 +340,13 @@ CFLAGS += -DPLATFORM=$(PLATFORM) platform : @$(ECHO) $(PLATFORM) +# Determine security flag +DEFAULT_SECUREBOOT := 0 +SECUREBOOT := $(firstword $(BIN_SECUREBOOT) $(DEFAULT_SECUREBOOT)) +CFLAGS += -DSECUREBOOT=$(SECUREBOOT) +secureboot : + @$(ECHO) $(SECUREBOOT) + endif # defined(BIN) # Include architecture-specific Makefile @@ -357,6 +365,11 @@ endif # # Source file handling +# Exclude known-insecure files from Secure Boot builds +ifeq ($(SECUREBOOT),0) +SRCDIRS += $(SRCDIRS_INSEC) +endif + # SRCDIRS lists all directories containing source files. srcdirs : @$(ECHO) $(SRCDIRS)