libsecureboot allow site.trust.mk to override settings

The current content of local.trust.mk is mostly for example purposes.
2023-04-14 17:28:10 -07:00 · 2023-04-14 17:28:10 -07:00 · d1dfe419ac
commit d1dfe419ac
parent 2b8331622f
1 changed files with 4 additions and 1 deletions
--- a/lib/libsecureboot/local.trust.mk
+++ b/lib/libsecureboot/local.trust.mk
@ -37,6 +37,9 @@ VE_SIGNATURE_EXT_LIST+= \
 VE_SIGNATURE_LIST+= OPENPGP
 VE_SIGNATURE_EXT_LIST+= asc

+# allow site override of all the above
+.-include "site.trust.mk"
+
 SIGNER ?= ${SB_TOOLS_PATH:U/volume/buildtools/bin}/sign.py

 .if exists(${SIGNER})
@ -109,7 +112,7 @@ ta.h: vc_rsa.pem
 TRUST_ANCHORS!= cd ${.CURDIR} && 'ls' -1 *.pem t*.asc 2> /dev/null
 .endif
 .if empty(TRUST_ANCHORS) && ${MK_LOADER_EFI_SECUREBOOT} != "yes"
-.error Need TRUST_ANCHORS see ${.CURDIR}/README.rst
+.error Need TRUST_ANCHORS see ${.PARSEDIR}/README.rst
 .endif
 .if ${TRUST_ANCHORS:T:Mt*.pem} != ""
 ta.h: ${TRUST_ANCHORS:M*.pem}