summaryrefslogtreecommitdiffstats
path: root/meta-efi-secure-boot
diff options
context:
space:
mode:
authorLans Zhang <jia.zhang@windriver.com>2017-06-30 13:41:37 +0800
committerLans Zhang <jia.zhang@windriver.com>2017-06-30 13:41:37 +0800
commitdcfd67c60b7692b44786caafbebc8ed2cf2963e4 (patch)
treebdd0cb4b46d754ff52a274bf350649135cc5bfc6 /meta-efi-secure-boot
parente664a331d51d7cebc4bf8bfdd39eb534632f90d1 (diff)
downloadmeta-secure-core-dcfd67c60b7692b44786caafbebc8ed2cf2963e4.tar.gz
shim: clean up the code style
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
Diffstat (limited to 'meta-efi-secure-boot')
-rw-r--r--meta-efi-secure-boot/recipes-bsp/shim/shim_git.bb56
1 files changed, 29 insertions, 27 deletions
diff --git a/meta-efi-secure-boot/recipes-bsp/shim/shim_git.bb b/meta-efi-secure-boot/recipes-bsp/shim/shim_git.bb
index 5e696fc..5ceac6f 100644
--- a/meta-efi-secure-boot/recipes-bsp/shim/shim_git.bb
+++ b/meta-efi-secure-boot/recipes-bsp/shim/shim_git.bb
@@ -1,47 +1,45 @@
1SUMMARY = "shim is a trivial EFI application." 1SUMMARY = "shim is a trivial EFI application."
2DESCRIPTION = "shim is a trivial EFI application that, when run, attempts to open and \ 2DESCRIPTION = "shim is a trivial EFI application that, when run, \
3execute another application. It will initially attempt to do this via the \ 3attempts to open and execute another application. It will initially \
4standard EFI LoadImage() and StartImage() calls. If these fail (because secure \ 4attempt to do this via the standard EFI LoadImage() and StartImage() \
5boot is enabled and the binary is not signed with an appropriate key, for \ 5calls. If these fail (because secure boot is enabled and the binary \
6instance) it will then validate the binary against a built-in certificate. If \ 6is not signed with an appropriate key, for instance) it will then \
7this succeeds and if the binary or signing key are not blacklisted then shim \ 7validate the binary against a built-in certificate. If this succeeds \
8will relocate and execute the binary." 8and if the binary or signing key are not blacklisted then shim will \
9relocate and execute the binary."
9HOMEPAGE = "https://github.com/rhinstaller/shim.git" 10HOMEPAGE = "https://github.com/rhinstaller/shim.git"
10SECTION = "bootloaders" 11SECTION = "bootloaders"
11
12LICENSE = "BSD-2-Clause" 12LICENSE = "BSD-2-Clause"
13LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=b92e63892681ee4e8d27e7a7e87ef2bc" 13LIC_FILES_CHKSUM = "file://COPYRIGHT;md5=b92e63892681ee4e8d27e7a7e87ef2bc"
14PR = "r0"
15 14
16COMPATIBLE_HOST = '(i.86|x86_64).*-linux' 15DEPENDS += "\
16 gnu-efi openssl util-linux-native openssl-native \
17"
17 18
18inherit deploy user-key-store 19PV = "12+git${SRCPV}"
19 20
20SRC_URI = "\ 21SRC_URI = "\
21 git://github.com/rhinstaller/shim.git \ 22 git://github.com/rhinstaller/shim.git \
22 file://0001-shim-allow-to-verify-sha1-digest-for-Authenticode.patch \ 23 file://0001-shim-allow-to-verify-sha1-digest-for-Authenticode.patch \
23 file://0005-Fix-signing-failure-due-to-not-finding-certificate.patch;apply=0 \ 24 file://0005-Fix-signing-failure-due-to-not-finding-certificate.patch;apply=0 \
24 file://0006-Prevent-from-removing-intermediate-.efi.patch \ 25 file://0006-Prevent-from-removing-intermediate-.efi.patch \
25 file://0007-Use-sbsign-to-sign-MokManager-and-fallback.patch \ 26 file://0007-Use-sbsign-to-sign-MokManager-and-fallback.patch \
26 file://0008-Fix-the-world-build-failure-due-to-the-missing-rule-.patch \ 27 file://0008-Fix-the-world-build-failure-due-to-the-missing-rule-.patch \
27 file://0010-Makefile-do-not-sign-the-efi-file.patch \ 28 file://0010-Makefile-do-not-sign-the-efi-file.patch \
28 file://0011-Update-verification_method-if-the-loaded-image-is-si.patch;apply=0 \ 29 file://0011-Update-verification_method-if-the-loaded-image-is-si.patch;apply=0 \
29 file://0012-netboot-replace-the-depreciated-EFI_PXE_BASE_CODE.patch \ 30 file://0012-netboot-replace-the-depreciated-EFI_PXE_BASE_CODE.patch \
30" 31"
31SRC_URI_append_x86-64 = "\ 32SRC_URI_append_x86-64 = "\
32 ${@bb.utils.contains('DISTRO_FEATURES', 'msft', 'file://shim${EFI_ARCH}.efi.signed file://LICENSE' if uks_signing_model(d) == 'sample' else '', '', d)} \ 33 ${@bb.utils.contains('DISTRO_FEATURES', 'msft', \
34 'file://shim' + d.expand('EFI_ARCH') + '.efi.signed file://LICENSE' \
35 if uks_signing_model(d) == 'sample' else '', '', d)} \
33" 36"
34 37
35SRCREV = "55c65546e46a78edbe41e88cb4ccbd2522e09625" 38SRCREV = "55c65546e46a78edbe41e88cb4ccbd2522e09625"
36PV = "12+git${SRCPV}"
37 39
38S = "${WORKDIR}/git" 40S = "${WORKDIR}/git"
39DEPENDS += "\
40 gnu-efi nss openssl util-linux-native openssl-native nss-native \
41"
42 41
43EFI_ARCH_x86 = "ia32" 42inherit deploy user-key-store
44EFI_ARCH_x86-64 = "x64"
45 43
46EXTRA_OEMAKE = "\ 44EXTRA_OEMAKE = "\
47 CROSS_COMPILE="${TARGET_PREFIX}" \ 45 CROSS_COMPILE="${TARGET_PREFIX}" \
@@ -63,12 +61,16 @@ EXTRA_OEMAKE = "\
63" 61"
64 62
65PARALLEL_MAKE = "" 63PARALLEL_MAKE = ""
64COMPATIBLE_HOST = '(i.86|x86_64).*-linux'
66 65
67EFI_TARGET = "/boot/efi/EFI/BOOT" 66EFI_TARGET = "/boot/efi/EFI/BOOT"
68FILES_${PN} += "${EFI_TARGET}" 67FILES_${PN} += "${EFI_TARGET}"
69 68
70MSFT = "${@bb.utils.contains('DISTRO_FEATURES', 'msft', '1', '0', d)}" 69MSFT = "${@bb.utils.contains('DISTRO_FEATURES', 'msft', '1', '0', d)}"
71 70
71EFI_ARCH_x86 = "ia32"
72EFI_ARCH_x86-64 = "x64"
73
72# Prepare the signing certificate and keys 74# Prepare the signing certificate and keys
73python do_prepare_signing_keys() { 75python do_prepare_signing_keys() {
74 # For UEFI_SB, shim is not built 76 # For UEFI_SB, shim is not built
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-07-26 02:04:30 +0000