summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--meta-efi-secure-boot/recipes-bsp/efitools/efitools.inc5
-rw-r--r--meta-efi-secure-boot/recipes-bsp/efitools/efitools/Fix-for-the-cross-compilation.patch48
-rw-r--r--meta-efi-secure-boot/recipes-bsp/efitools/efitools/Kill-all-the-build-warning-caused-by-implicit-declar.patch25
-rw-r--r--meta-efi-secure-boot/recipes-bsp/efitools/efitools/cert-to-efi-hash-list-support-to-build-with-openssl-.patch32
4 files changed, 30 insertions, 80 deletions
diff --git a/meta-efi-secure-boot/recipes-bsp/efitools/efitools.inc b/meta-efi-secure-boot/recipes-bsp/efitools/efitools.inc
index 0217818..a1a1d1d 100644
--- a/meta-efi-secure-boot/recipes-bsp/efitools/efitools.inc
+++ b/meta-efi-secure-boot/recipes-bsp/efitools/efitools.inc
@@ -15,7 +15,7 @@ DEPENDS_append += "\
15 libfile-slurp-perl-native \ 15 libfile-slurp-perl-native \
16" 16"
17 17
18PV = "1.7.0+git${SRCPV}" 18PV = "1.9.2+git${SRCPV}"
19 19
20SRC_URI = "\ 20SRC_URI = "\
21 git://git.kernel.org/pub/scm/linux/kernel/git/jejb/efitools.git \ 21 git://git.kernel.org/pub/scm/linux/kernel/git/jejb/efitools.git \
@@ -29,9 +29,8 @@ SRC_URI = "\
29 file://Reuse-xxdi.pl.patch \ 29 file://Reuse-xxdi.pl.patch \
30 file://Add-static-keyword-for-IsValidVariableHeader.patch \ 30 file://Add-static-keyword-for-IsValidVariableHeader.patch \
31 file://Dynamically-load-openssl.cnf-for-openssl-1.0.x-and-1.patch \ 31 file://Dynamically-load-openssl.cnf-for-openssl-1.0.x-and-1.patch \
32 file://cert-to-efi-hash-list-support-to-build-with-openssl-.patch \
33" 32"
34SRCREV = "0649468475d20d8ca5634433c4912467cef3ce93" 33SRCREV = "392836a46ce3c92b55dc88a1aebbcfdfc5dcddce"
35 34
36PARALLEL_MAKE = "" 35PARALLEL_MAKE = ""
37 36
diff --git a/meta-efi-secure-boot/recipes-bsp/efitools/efitools/Fix-for-the-cross-compilation.patch b/meta-efi-secure-boot/recipes-bsp/efitools/efitools/Fix-for-the-cross-compilation.patch
index a5be1ef..d846fb1 100644
--- a/meta-efi-secure-boot/recipes-bsp/efitools/efitools/Fix-for-the-cross-compilation.patch
+++ b/meta-efi-secure-boot/recipes-bsp/efitools/efitools/Fix-for-the-cross-compilation.patch
@@ -8,11 +8,9 @@ Upstream-Status: Pending
8Signed-off-by: Lans Zhang <jia.zhang@windriver.com> 8Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
9--- 9---
10 Make.rules | 51 ++++++++++++++++++++++++++++----------------------- 10 Make.rules | 51 ++++++++++++++++++++++++++++-----------------------
11 Makefile | 12 ++++++------ 11 Makefile | 20 ++++++++++----------
12 2 files changed, 34 insertions(+), 29 deletions(-) 12 2 files changed, 38 insertions(+), 33 deletions(-)
13 13
14diff --git a/Make.rules b/Make.rules
15index 88d5481bef6a..c794a621095b 100644
16--- a/Make.rules 14--- a/Make.rules
17+++ b/Make.rules 15+++ b/Make.rules
18@@ -13,21 +13,26 @@ ARCH3264 = 16@@ -13,21 +13,26 @@ ARCH3264 =
@@ -21,21 +19,21 @@ index 88d5481bef6a..c794a621095b 100644
21 endif 19 endif
22-INCDIR = -I$(TOPDIR)include/ -I/usr/include/efi -I/usr/include/efi/$(ARCH) -I/usr/include/efi/protocol 20-INCDIR = -I$(TOPDIR)include/ -I/usr/include/efi -I/usr/include/efi/$(ARCH) -I/usr/include/efi/protocol
23-CPPFLAGS = -DCONFIG_$(ARCH) 21-CPPFLAGS = -DCONFIG_$(ARCH)
24-CFLAGS = -O2 $(ARCH3264) -fpic -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants -fno-stack-protector -ffreestanding -fno-stack-check 22-CFLAGS = -O2 -g $(ARCH3264) -fpic -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants -fno-stack-protector -ffreestanding -fno-stack-check
25-LDFLAGS = -nostdlib 23-LDFLAGS = -nostdlib
26+INCDIR = -I$(TOPDIR)include/ -I$(INCDIR_PREFIX)/usr/include/efi -I$(INCDIR_PREFIX)/usr/include/efi/$(ARCH) -I$(INCDIR_PREFIX)/usr/include/efi/protocol 24+INCDIR = -I$(TOPDIR)include/ -I$(INCDIR_PREFIX)/usr/include -I$(INCDIR_PREFIX)/usr/include/efi -I$(INCDIR_PREFIX)/usr/include/efi/$(ARCH) -I$(INCDIR_PREFIX)/usr/include/efi/protocol
27+cppflags = -DCONFIG_$(ARCH) 25+cppflags = -DCONFIG_$(ARCH)
28+cflags = -O2 $(ARCH3264) -fpic -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants -fno-stack-protector -ffreestanding -fno-stack-check $(CFLAGS) 26+cflags = -O2 -g $(ARCH3264) -fpic -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants -fno-stack-protector -ffreestanding -fno-stack-check
29+ldflags = -nostdlib 27+ldflags = -nostdlib
30 CRTOBJ = crt0-efi-$(ARCH).o 28 CRTOBJ = crt0-efi-$(ARCH).o
31 CRTPATHS = /lib /lib64 /lib/efi /lib64/efi /usr/lib /usr/lib64 /usr/lib/efi /usr/lib64/efi 29 CRTPATHS = /lib /lib64 /lib/efi /lib64/efi /usr/lib /usr/lib64 /usr/lib/efi /usr/lib64/efi /usr/lib/gnuefi /usr/lib64/gnuefi
32-CRTPATH = $(shell for f in $(CRTPATHS); do if [ -e $$f/$(CRTOBJ) ]; then echo $$f; break; fi; done) 30-CRTPATH = $(shell for f in $(CRTPATHS); do if [ -e $$f/$(CRTOBJ) ]; then echo $$f; break; fi; done)
33+CRTPATH = $(shell for f in $(CRTPATHS); do if [ -e $(CRTPATH_PREFIX)/$$f/$(CRTOBJ) ]; then echo $(CRTPATH_PREFIX)/$$f; break; fi; done) 31+CRTPATH = $(shell for f in $(CRTPATHS); do if [ -e $(CRTPATH_PREFIX)/$$f/$(CRTOBJ) ]; then echo $(CRTPATH_PREFIX)/$$f; break; fi; done)
34 CRTOBJS = $(CRTPATH)/$(CRTOBJ) 32 CRTOBJS = $(CRTPATH)/$(CRTOBJ)
35 # there's a bug in the gnu tools ... the .reloc section has to be 33 # there's a bug in the gnu tools ... the .reloc section has to be
36 # aligned otherwise the file alignment gets screwed up 34 # aligned otherwise the file alignment gets screwed up
37 LDSCRIPT = elf_$(ARCH)_efi.lds 35 LDSCRIPT = elf_$(ARCH)_efi.lds
38-LDFLAGS += -shared -Bsymbolic $(CRTOBJS) -L $(CRTPATH) -T $(LDSCRIPT) 36-LDFLAGS += -shared -Bsymbolic $(CRTOBJS) -L $(CRTPATH) -L /usr/lib -L /usr/lib64 -T $(LDSCRIPT)
39+ldflags += -shared -Bsymbolic $(CRTOBJS) -L $(CRTPATH) -T $(LDSCRIPT) 37+ldflags += -shared -Bsymbolic $(CRTOBJS) -L $(CRTPATH) -T $(LDSCRIPT)
40 LOADLIBES = -lefi -lgnuefi $(shell $(CC) $(ARCH3264) -print-libgcc-file-name) 38 LOADLIBES = -lefi -lgnuefi $(shell $(CC) $(ARCH3264) -print-libgcc-file-name)
41 FORMAT = --target=efi-app-$(ARCH) 39 FORMAT = --target=efi-app-$(ARCH)
@@ -48,7 +46,7 @@ index 88d5481bef6a..c794a621095b 100644
48 MYGUID = 11111111-2222-3333-4444-123456789abc 46 MYGUID = 11111111-2222-3333-4444-123456789abc
49 INSTALL = install 47 INSTALL = install
50 BINDIR = $(DESTDIR)/usr/bin 48 BINDIR = $(DESTDIR)/usr/bin
51@@ -36,23 +41,23 @@ EFIDIR = $(DESTDIR)/usr/share/efitools/efi 49@@ -36,23 +41,23 @@ EFIDIR = $(DESTDIR)/usr/share/efitools/
52 DOCDIR = $(DESTDIR)/usr/share/efitools 50 DOCDIR = $(DESTDIR)/usr/share/efitools
53 51
54 # globally use EFI calling conventions (requires gcc >= 4.7) 52 # globally use EFI calling conventions (requires gcc >= 4.7)
@@ -93,7 +91,7 @@ index 88d5481bef6a..c794a621095b 100644
93 91
94 %.hash: %.efi hash-to-efi-sig-list 92 %.hash: %.efi hash-to-efi-sig-list
95 ./hash-to-efi-sig-list $< $@ 93 ./hash-to-efi-sig-list $< $@
96@@ -99,28 +104,28 @@ getvar = $(shell if [ "$(1)" = "PK" -o "$(1)" = "KEK" ]; then echo $(1); else ec 94@@ -99,28 +104,28 @@ getvar = $(shell if [ "$(1)" = "PK" -o "
97 ./sign-efi-sig-list -a -c PK.crt -k PK.key dbx $< $@ 95 ./sign-efi-sig-list -a -c PK.crt -k PK.key dbx $< $@
98 96
99 %.o: %.c 97 %.o: %.c
@@ -130,7 +128,7 @@ index 88d5481bef6a..c794a621095b 100644
130 128
131 ## 129 ##
132 # No need for KEK signing 130 # No need for KEK signing
133@@ -129,7 +134,7 @@ getvar = $(shell if [ "$(1)" = "PK" -o "$(1)" = "KEK" ]; then echo $(1); else ec 131@@ -129,7 +134,7 @@ getvar = $(shell if [ "$(1)" = "PK" -o "
134 # sbsign --key KEK.key --cert KEK.crt --output $@ $< 132 # sbsign --key KEK.key --cert KEK.crt --output $@ $<
135 133
136 %.a: 134 %.a:
@@ -139,8 +137,6 @@ index 88d5481bef6a..c794a621095b 100644
139 137
140 doc/%.1: doc/%.1.in % 138 doc/%.1: doc/%.1.in %
141 $(HELP2MAN) --no-info -i $< -o $@ ./$* 139 $(HELP2MAN) --no-info -i $< -o $@ ./$*
142diff --git a/Makefile b/Makefile
143index 774ee0aed7e9..4c3f91b5850f 100644
144--- a/Makefile 140--- a/Makefile
145+++ b/Makefile 141+++ b/Makefile
146@@ -73,7 +73,7 @@ ms-%.esl: ms-%.crt cert-to-efi-sig-list 142@@ -73,7 +73,7 @@ ms-%.esl: ms-%.crt cert-to-efi-sig-list
@@ -156,36 +152,36 @@ index 774ee0aed7e9..4c3f91b5850f 100644
156 ShimReplace.so: lib/lib-efi.a 152 ShimReplace.so: lib/lib-efi.a
157 153
158 cert-to-efi-sig-list: cert-to-efi-sig-list.o lib/lib.a 154 cert-to-efi-sig-list: cert-to-efi-sig-list.o lib/lib.a
159- $(CC) $(ARCH3264) -o $@ $< -lcrypto lib/lib.a 155- $(CC) $(ARCH3264) -o $@ $< lib/lib.a -lcrypto
160+ $(CC) $(ARCH3264) -o $@ $< $(EXTRA_LDFLAGS) -lcrypto lib/lib.a 156+ $(CC) $(ARCH3264) -o $@ $< $(EXTRA_LDFLAGS) lib/lib.a -lcrypto
161 157
162 sig-list-to-certs: sig-list-to-certs.o lib/lib.a 158 sig-list-to-certs: sig-list-to-certs.o lib/lib.a
163- $(CC) $(ARCH3264) -o $@ $< -lcrypto lib/lib.a 159- $(CC) $(ARCH3264) -o $@ $< lib/lib.a -lcrypto
164+ $(CC) $(ARCH3264) -o $@ $< $(EXTRA_LDFLAGS) -lcrypto lib/lib.a 160+ $(CC) $(ARCH3264) -o $@ $< $(EXTRA_LDFLAGS) lib/lib.a -lcrypto
165 161
166 sign-efi-sig-list: sign-efi-sig-list.o lib/lib.a 162 sign-efi-sig-list: sign-efi-sig-list.o lib/lib.a
167- $(CC) $(ARCH3264) -o $@ $< -lcrypto lib/lib.a 163- $(CC) $(ARCH3264) -o $@ $< lib/lib.a -lcrypto
168+ $(CC) $(ARCH3264) -o $@ $< $(EXTRA_LDFLAGS) -lcrypto lib/lib.a 164+ $(CC) $(ARCH3264) -o $@ $< $(EXTRA_LDFLAGS) lib/lib.a -lcrypto
169 165
170 hash-to-efi-sig-list: hash-to-efi-sig-list.o lib/lib.a 166 hash-to-efi-sig-list: hash-to-efi-sig-list.o lib/lib.a
171- $(CC) $(ARCH3264) -o $@ $< lib/lib.a 167- $(CC) $(ARCH3264) -o $@ $< lib/lib.a
172+ $(CC) $(ARCH3264) -o $@ $< $(EXTRA_LDFLAGS) lib/lib.a 168+ $(CC) $(ARCH3264) -o $@ $< $(EXTRA_LDFLAGS) lib/lib.a
173 169
174 cert-to-efi-hash-list: cert-to-efi-hash-list.o lib/lib.a 170 cert-to-efi-hash-list: cert-to-efi-hash-list.o lib/lib.a
175- $(CC) $(ARCH3264) -o $@ $< -lcrypto lib/lib.a 171- $(CC) $(ARCH3264) -o $@ $< lib/lib.a -lcrypto
176+ $(CC) $(ARCH3264) -o $@ $< $(EXTRA_LDFLAGS) -lcrypto lib/lib.a 172+ $(CC) $(ARCH3264) -o $@ $< $(EXTRA_LDFLAGS) lib/lib.a -lcrypto
177 173
178 efi-keytool: efi-keytool.o lib/lib.a 174 efi-keytool: efi-keytool.o lib/lib.a
179- $(CC) $(ARCH3264) -o $@ $< lib/lib.a 175- $(CC) $(ARCH3264) -o $@ $< lib/lib.a
180+ $(CC) $(ARCH3264) -o $@ $< $(EXTRA_LDFLAGS) lib/lib.a 176+ $(CC) $(ARCH3264) -o $@ $< $(EXTRA_LDFLAGS) lib/lib.a
181 177
182 efi-readvar: efi-readvar.o lib/lib.a 178 efi-readvar: efi-readvar.o lib/lib.a
183- $(CC) $(ARCH3264) -o $@ $< -lcrypto lib/lib.a 179- $(CC) $(ARCH3264) -o $@ $< lib/lib.a -lcrypto
184+ $(CC) $(ARCH3264) -o $@ $< $(EXTRA_LDFLAGS) -lcrypto lib/lib.a 180+ $(CC) $(ARCH3264) -o $@ $< $(EXTRA_LDFLAGS) lib/lib.a -lcrypto
185 181
186 efi-updatevar: efi-updatevar.o lib/lib.a 182 efi-updatevar: efi-updatevar.o lib/lib.a
187- $(CC) $(ARCH3264) -o $@ $< -lcrypto lib/lib.a 183- $(CC) $(ARCH3264) -o $@ $< lib/lib.a -lcrypto
188+ $(CC) $(ARCH3264) -o $@ $< $(EXTRA_LDFLAGS) -lcrypto lib/lib.a 184+ $(CC) $(ARCH3264) -o $@ $< $(EXTRA_LDFLAGS) lib/lib.a -lcrypto
189 185
190 flash-var: flash-var.o lib/lib.a 186 flash-var: flash-var.o lib/lib.a
191- $(CC) $(ARCH3264) -o $@ $< lib/lib.a 187- $(CC) $(ARCH3264) -o $@ $< lib/lib.a
diff --git a/meta-efi-secure-boot/recipes-bsp/efitools/efitools/Kill-all-the-build-warning-caused-by-implicit-declar.patch b/meta-efi-secure-boot/recipes-bsp/efitools/efitools/Kill-all-the-build-warning-caused-by-implicit-declar.patch
index f7f32c3..b072e89 100644
--- a/meta-efi-secure-boot/recipes-bsp/efitools/efitools/Kill-all-the-build-warning-caused-by-implicit-declar.patch
+++ b/meta-efi-secure-boot/recipes-bsp/efitools/efitools/Kill-all-the-build-warning-caused-by-implicit-declar.patch
@@ -8,15 +8,13 @@ Upstream-Status: Pending
8 8
9Signed-off-by: Lans Zhang <jia.zhang@windriver.com> 9Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
10--- 10---
11 Loader.c | 1 + 11 Loader.c | 1 +
12 cert-to-efi-hash-list.c | 2 +- 12 cert-to-efi-hash-list.c | 2 +-
13 flash-var.c | 2 ++ 13 flash-var.c | 2 ++
14 lib/pecoff.c | 1 + 14 lib/pecoff.c | 1 +
15 sign-efi-sig-list.c | 2 ++ 15 sign-efi-sig-list.c | 2 ++
16 5 files changed, 7 insertions(+), 1 deletion(-) 16 5 files changed, 7 insertions(+), 1 deletion(-)
17 17
18diff --git a/Loader.c b/Loader.c
19index 1f9201a..044469a 100644
20--- a/Loader.c 18--- a/Loader.c
21+++ b/Loader.c 19+++ b/Loader.c
22@@ -9,6 +9,7 @@ 20@@ -9,6 +9,7 @@
@@ -27,8 +25,6 @@ index 1f9201a..044469a 100644
27 #include <simple_file.h> 25 #include <simple_file.h>
28 #include <pecoff.h> 26 #include <pecoff.h>
29 #include <sha256.h> 27 #include <sha256.h>
30diff --git a/cert-to-efi-hash-list.c b/cert-to-efi-hash-list.c
31index d4484f9..3792553 100644
32--- a/cert-to-efi-hash-list.c 28--- a/cert-to-efi-hash-list.c
33+++ b/cert-to-efi-hash-list.c 29+++ b/cert-to-efi-hash-list.c
34@@ -3,7 +3,7 @@ 30@@ -3,7 +3,7 @@
@@ -39,9 +35,7 @@ index d4484f9..3792553 100644
39+#define _GNU_SOURCE 35+#define _GNU_SOURCE
40 36
41 #include <stdint.h> 37 #include <stdint.h>
42 #define __STDC_VERSION__ 199901L 38 #define _XOPEN_SOURCE
43diff --git a/flash-var.c b/flash-var.c
44index aa10ae6..10429bc 100644
45--- a/flash-var.c 39--- a/flash-var.c
46+++ b/flash-var.c 40+++ b/flash-var.c
47@@ -1,3 +1,5 @@ 41@@ -1,3 +1,5 @@
@@ -50,8 +44,6 @@ index aa10ae6..10429bc 100644
50 #include <stdlib.h> 44 #include <stdlib.h>
51 #include <stdint.h> 45 #include <stdint.h>
52 #include <sys/types.h> 46 #include <sys/types.h>
53diff --git a/lib/pecoff.c b/lib/pecoff.c
54index 26d9dcf..10b898a 100644
55--- a/lib/pecoff.c 47--- a/lib/pecoff.c
56+++ b/lib/pecoff.c 48+++ b/lib/pecoff.c
57@@ -59,6 +59,7 @@ 49@@ -59,6 +59,7 @@
@@ -62,8 +54,6 @@ index 26d9dcf..10b898a 100644
62 #include <pecoff.h> 54 #include <pecoff.h>
63 #include <guid.h> 55 #include <guid.h>
64 #include <simple_file.h> 56 #include <simple_file.h>
65diff --git a/sign-efi-sig-list.c b/sign-efi-sig-list.c
66index e19ef97..5abcf27 100644
67--- a/sign-efi-sig-list.c 57--- a/sign-efi-sig-list.c
68+++ b/sign-efi-sig-list.c 58+++ b/sign-efi-sig-list.c
69@@ -3,6 +3,8 @@ 59@@ -3,6 +3,8 @@
@@ -75,6 +65,3 @@ index e19ef97..5abcf27 100644
75 #include <stdint.h> 65 #include <stdint.h>
76 #define __STDC_VERSION__ 199901L 66 #define __STDC_VERSION__ 199901L
77 #include <efi.h> 67 #include <efi.h>
78--
791.9.1
80
diff --git a/meta-efi-secure-boot/recipes-bsp/efitools/efitools/cert-to-efi-hash-list-support-to-build-with-openssl-.patch b/meta-efi-secure-boot/recipes-bsp/efitools/efitools/cert-to-efi-hash-list-support-to-build-with-openssl-.patch
deleted file mode 100644
index b4f9ff6..0000000
--- a/meta-efi-secure-boot/recipes-bsp/efitools/efitools/cert-to-efi-hash-list-support-to-build-with-openssl-.patch
+++ /dev/null
@@ -1,32 +0,0 @@
1From 1b87c0e53efdccec4c05d2b92699f49cd3d6ec79 Mon Sep 17 00:00:00 2001
2From: Lans Zhang <jia.zhang@windriver.com>
3Date: Wed, 16 Aug 2017 19:52:37 +0800
4Subject: [PATCH] cert-to-efi-hash-list: support to build with openssl-1.1.x
5
6X509 becomes opaque since openssl-1.1.x and thus uses the equivalent
7function i2d_re_X509_tbs() instead to encode tbs portion of the certificate.
8
9Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
10---
11 cert-to-efi-hash-list.c | 4 ++++
12 1 file changed, 4 insertions(+)
13
14diff --git a/cert-to-efi-hash-list.c b/cert-to-efi-hash-list.c
15index 3792553..2f2584c 100644
16--- a/cert-to-efi-hash-list.c
17+++ b/cert-to-efi-hash-list.c
18@@ -135,7 +135,11 @@ main(int argc, char *argv[])
19 X509 *cert = PEM_read_bio_X509(cert_bio, NULL, NULL, NULL);
20 unsigned char *cert_buf = NULL;
21
22+#if OPENSSL_VERSION_NUMBER < 0x10100000L
23 int cert_len = i2d_X509_CINF(cert->cert_info, &cert_buf);
24+#else
25+ int cert_len = i2d_re_X509_tbs(cert, &cert_buf);
26+#endif
27 ERR_print_errors_fp(stdout);
28
29 int len, digest_len, time_offset;
30--
312.7.5
32
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-06-02 15:15:30 +0000