5fff9558a4
Used by loader and veriexec Depends on libbearssl Reviewed by: emaste Sponsored by: Juniper Networks Differential Revision: D16335
41 lines
1.1 KiB
PHP
41 lines
1.1 KiB
PHP
# $FreeBSD$
|
|
|
|
BRSSL_CFLAGS+= -DNO_STDIO
|
|
|
|
.include "Makefile.inc"
|
|
|
|
# for "measured boot"
|
|
# loader puts the equivalent of TPM's PCR register into kenv
|
|
# this is not as good but *way* simpler than talking to TPM
|
|
CFLAGS+= -DVE_PCR_SUPPORT
|
|
|
|
# sources that only apply to libsa
|
|
SRCS+= \
|
|
vectx.c \
|
|
veopen.c \
|
|
vepcr.c \
|
|
verify_file.c \
|
|
|
|
# this is the list of paths (relative to a file
|
|
# that we need to verify) used to find a signed manifest.
|
|
# the signature extensions in VE_SIGNATURE_EXT_LIST
|
|
# will be applied to each.
|
|
VE_MANIFEST_LIST?= manifest ../manifest
|
|
|
|
verify_file.o: manifests.h
|
|
manifests.h:
|
|
@( echo '/* Autogenerated - DO NOT EDIT!!! */'; echo; \
|
|
echo "static const char *manifest_names[] = {"; \
|
|
echo '${VE_MANIFEST_LIST:@m@"$m",${.newline}@}'; \
|
|
echo 'NULL };' ) > ${.TARGET}
|
|
|
|
XCFLAGS.verify_file+= \
|
|
-DVE_DEBUG_LEVEL=${VE_DEBUG_LEVEL:U0} \
|
|
-DVE_VERBOSE_DEFAULT=${VE_VERBOSE_DEFAULT:U0} \
|
|
|
|
.if !empty(MANIFEST_SKIP_ALWAYS)
|
|
XCFLAGS.verify_file+= -DMANIFEST_SKIP_ALWAYS=\"${MANIFEST_SKIP_ALWAYS}\"
|
|
.elif !empty(MANIFEST_SKIP)
|
|
XCFLAGS.verify_file+= -DMANIFEST_SKIP=\"${MANIFEST_SKIP}\"
|
|
.endif
|