EFI secure boot VECTX related changes

When VECTX is enabled as a kernel option and non-EFI loaders are
built, many reads will fail due to the mis-match of whether
LOADER_VERIEXEC_VECTX or not in readin.h.  Source that includes
bootstrap.h must ensure the kernel option agrees with the compile
time CFLAGS in the various make related files.

Submitted by:	bret_ketchum@dell.com (original revision)
Reviewed by:	sjg, bdrewery, dab, bret_ketchum@dell.com
MFC after:	1 week
Sponsored by:	Dell EMC Isilon
Differential Revision: https://reviews.freebsd.org/D29993

stand/efi/boot1/Makefile

@@ -53,6 +53,8 @@ CFLAGS+=	-DEFI_UFS_BOOT
 CFLAGS+=	-DEFI_DEBUG
 .endif
 
+.include	"${BOOTSRC}/veriexec.mk"
+
 # Always add MI sources and REGULAR efi loader bits
 .PATH:		${EFISRC}/loader/arch/${MACHINE}
 .PATH:		${EFISRC}/loader

stand/efi/fdt/Makefile

@@ -9,6 +9,8 @@ WARNS?=		6
 
 SRCS=		efi_fdt.c
 
+.include	"${BOOTSRC}/veriexec.mk"
+
 # EFI library headers
 CFLAGS+=	-I${EFISRC}/include
 CFLAGS+=	-I${EFISRC}/include/${MACHINE}

stand/efi/libefi/Makefile

@@ -67,4 +67,6 @@ CFLAGS+= ${FORMAT_EXTENSIONS}
 
 CFLAGS+= -DTERM_EMU
 
+.include "${BOOTSRC}/veriexec.mk"
+
 .include <bsd.lib.mk>

stand/fdt/Makefile

@@ -17,4 +17,6 @@ CFLAGS+=	-I${SYSDIR}/contrib/libfdt/ -I${LDRSRC}
 
 CFLAGS+=	-Wformat -Wall
 
+.include "${BOOTSRC}/veriexec.mk"
+
 .include <bsd.lib.mk>

stand/ficl.mk

@@ -17,6 +17,4 @@ CFLAGS+=	-fPIC
 CFLAGS+=	-I${FICLSRC} -I${FICLSRC}/${FICL_CPUARCH} -I${LDRSRC}
 CFLAGS+=	-DBF_DICTSIZE=30000
 
-.if ${MK_LOADER_VERIEXEC} != "no"
-CFLAGS+= -DLOADER_VERIEXEC -I${SRCTOP}/lib/libsecureboot/h
-.endif
+.include	"${BOOTSRC}/veriexec.mk"

stand/i386/libfirewire/Makefile

@@ -8,6 +8,8 @@ LIB=		firewire
 SRCS+=		firewire.c fwohci.c dconsole.c
 SRCS+=		dcons.c fwcrom.c
 
+.include	"${BOOTSRC}/veriexec.mk"
+
 CFLAGS+=	-D_BOOT
 
 CFLAGS+=	-I${LDRSRC}

stand/i386/libi386/Makefile

@@ -17,6 +17,8 @@ CFLAGS+= -I${ZFSSRC}
 .PATH:	${SYSDIR}/teken
 SRCS+=	teken.c
 
+.include "${BOOTSRC}/veriexec.mk"
+
 BOOT_COMCONSOLE_PORT?= 0x3f8
 CFLAGS+=	-DCOMPORT=${BOOT_COMCONSOLE_PORT}
 

stand/liblua/Makefile

@@ -40,8 +40,7 @@ CFLAGS.lutils.c+= -I${SRCTOP}/sys/teken -I${SRCTOP}/contrib/pnglite
 .if ${MACHINE_CPUARCH} == "amd64" && ${DO32:U0} == 0
 CFLAGS+=	-fPIC
 .endif
-.if ${MK_LOADER_VERIEXEC} == "yes"
-CFLAGS+= -I${SRCTOP}/lib/libsecureboot/h -DLOADER_VERIEXEC
-.endif
+
+.include "${BOOTSRC}/veriexec.mk"
 
 .include <bsd.lib.mk>

stand/loader.mk

@@ -90,16 +90,7 @@ SRCS+=	interp_simple.c
 .error Unknown interpreter ${LOADER_INTERP}
 .endif
 
-.if ${MK_LOADER_VERIEXEC} != "no"
-CFLAGS+= -DLOADER_VERIEXEC -I${SRCTOP}/lib/libsecureboot/h
-.if ${MK_LOADER_VERIEXEC_VECTX} != "no"
-CFLAGS+= -DLOADER_VERIEXEC_VECTX
-.endif
-.endif
-
-.if ${MK_LOADER_VERIEXEC_PASS_MANIFEST} != "no"
-CFLAGS+= -DLOADER_VERIEXEC_PASS_MANIFEST -I${SRCTOP}/lib/libsecureboot/h
-.endif
+.include "${BOOTSRC}/veriexec.mk"
 
 .if defined(BOOT_PROMPT_123)
 CFLAGS+=	-DBOOT_PROMPT_123

stand/veriexec.mk

@@ -0,0 +1,9 @@
+.if ${MK_LOADER_VERIEXEC} != "no"
+CFLAGS+= -DLOADER_VERIEXEC -I${SRCTOP}/lib/libsecureboot/h
+.if ${MK_LOADER_VERIEXEC_VECTX} != "no"
+CFLAGS+= -DLOADER_VERIEXEC_VECTX
+.endif
+.if ${MK_LOADER_VERIEXEC_PASS_MANIFEST} != "no"
+CFLAGS+= -DLOADER_VERIEXEC_PASS_MANIFEST
+.endif
+.endif