code style fixup

Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
This commit is contained in:
Lans Zhang
2017-06-29 10:50:23 +08:00
parent ad2d9c8e22
commit e664a331d5
10 changed files with 51 additions and 42 deletions
@@ -1,13 +1,15 @@
DESCRIPTION = "EFI Secure Boot packages for secure-environment." DESCRIPTION = "EFI Secure Boot packages for secure-environment."
LICENSE = "MIT" LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690 \ LIC_FILES_CHKSUM = "\
file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" file://${COREBASE}/LICENSE;md5=4d92cd373abda3937c2bc47fbc49d690 \
file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420 \
"
S = "${WORKDIR}" S = "${WORKDIR}"
ALLOW_EMPTY_${PN} = "1" ALLOW_EMPTY_${PN} = "1"
pkgs = " \ pkgs = "\
grub-efi \ grub-efi \
efitools \ efitools \
efibootmgr \ efibootmgr \
@@ -19,7 +21,7 @@ pkgs = " \
RDEPENDS_${PN}_x86 = "${pkgs}" RDEPENDS_${PN}_x86 = "${pkgs}"
RDEPENDS_${PN}_x86-64 = "${pkgs}" RDEPENDS_${PN}_x86-64 = "${pkgs}"
kmods = " \ kmods = "\
kernel-module-efivarfs \ kernel-module-efivarfs \
kernel-module-efivars \ kernel-module-efivars \
" "
@@ -4,7 +4,7 @@ inherit native
DEPENDS_append = " gnu-efi-native" DEPENDS_append = " gnu-efi-native"
EXTRA_OEMAKE_append = " \ EXTRA_OEMAKE_append = "\
INCDIR_PREFIX='${STAGING_DIR_NATIVE}' \ INCDIR_PREFIX='${STAGING_DIR_NATIVE}' \
CRTPATH_PREFIX='${STAGING_DIR_NATIVE}' \ CRTPATH_PREFIX='${STAGING_DIR_NATIVE}' \
EXTRA_LDFLAGS='-Wl,-rpath,${libdir}' \ EXTRA_LDFLAGS='-Wl,-rpath,${libdir}' \
@@ -10,7 +10,7 @@ in the Linux 3.8 kernel. \
LICENSE = "GPLv2" LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=e28f66b16cb46be47b20a4cdfe6e99a1" LIC_FILES_CHKSUM = "file://COPYING;md5=e28f66b16cb46be47b20a4cdfe6e99a1"
SRC_URI = " \ SRC_URI = "\
git://git.kernel.org/pub/scm/linux/kernel/git/jejb/efitools.git \ git://git.kernel.org/pub/scm/linux/kernel/git/jejb/efitools.git \
file://Fix-for-the-cross-compilation.patch \ file://Fix-for-the-cross-compilation.patch \
file://Kill-all-the-build-warning-caused-by-implicit-declar.patch \ file://Kill-all-the-build-warning-caused-by-implicit-declar.patch \
@@ -37,7 +37,7 @@ DEPENDS_append += "\
S = "${WORKDIR}/git" S = "${WORKDIR}/git"
EXTRA_OEMAKE = " \ EXTRA_OEMAKE = "\
HELP2MAN='${STAGING_BINDIR_NATIVE}/help2man' \ HELP2MAN='${STAGING_BINDIR_NATIVE}/help2man' \
OPENSSL='${STAGING_BINDIR_NATIVE}/openssl' \ OPENSSL='${STAGING_BINDIR_NATIVE}/openssl' \
SBSIGN='${STAGING_BINDIR_NATIVE}/sbsign' \ SBSIGN='${STAGING_BINDIR_NATIVE}/sbsign' \
@@ -1,6 +1,6 @@
require efitools.inc require efitools.inc
SRC_URI_append += " \ SRC_URI_append += "\
file://LockDown-enable-the-enrollment-for-DBX.patch \ file://LockDown-enable-the-enrollment-for-DBX.patch \
file://LockDown-show-the-error-message-with-3-sec-timeout.patch \ file://LockDown-show-the-error-message-with-3-sec-timeout.patch \
file://Makefile-do-not-build-signed-efi-image.patch \ file://Makefile-do-not-build-signed-efi-image.patch \
@@ -16,11 +16,11 @@ inherit user-key-store deploy
# The generated native binaries are used during native and target build # The generated native binaries are used during native and target build
DEPENDS += "${BPN}-native gnu-efi openssl" DEPENDS += "${BPN}-native gnu-efi openssl"
RDEPENDS_${PN}_append += " \ RDEPENDS_${PN}_append += "\
parted mtools coreutils util-linux openssl libcrypto \ parted mtools coreutils util-linux openssl libcrypto \
" "
EXTRA_OEMAKE_append += " \ EXTRA_OEMAKE_append += "\
INCDIR_PREFIX='${STAGING_DIR_TARGET}' \ INCDIR_PREFIX='${STAGING_DIR_TARGET}' \
CRTPATH_PREFIX='${STAGING_DIR_TARGET}' \ CRTPATH_PREFIX='${STAGING_DIR_TARGET}' \
SIGN_EFI_SIG_LIST='${STAGING_BINDIR_NATIVE}/sign-efi-sig-list' \ SIGN_EFI_SIG_LIST='${STAGING_BINDIR_NATIVE}/sign-efi-sig-list' \
@@ -1,10 +1,10 @@
FILESEXTRAPATHS_prepend := "${THISDIR}/grub-efi:" FILESEXTRAPATHS_prepend := "${THISDIR}/grub-efi:"
EXTRA_SRC_URI = " \ EXTRA_SRC_URI = "\
${@'file://efi-secure-boot.inc file://password.inc' if d.getVar('UEFI_SB', True) == '1' else ''} \ ${@'file://efi-secure-boot.inc file://password.inc' if d.getVar('UEFI_SB', True) == '1' else ''} \
" "
SRC_URI += " \ SRC_URI += "\
file://0001-pe32.h-add-header-structures-for-TE-and-DOS-executab.patch \ file://0001-pe32.h-add-header-structures-for-TE-and-DOS-executab.patch \
file://0002-shim-add-needed-data-structures.patch \ file://0002-shim-add-needed-data-structures.patch \
file://0003-efi-chainloader-implement-an-UEFI-Exit-service-for-s.patch \ file://0003-efi-chainloader-implement-an-UEFI-Exit-service-for-s.patch \
@@ -27,7 +27,7 @@ SRC_URI += " \
EFI_BOOT_PATH = "/boot/efi/EFI/BOOT" EFI_BOOT_PATH = "/boot/efi/EFI/BOOT"
#GRUB_BUILDIN_append = " chain ${@'efivar mok2verify password_pbkdf2' if d.getVar('UEFI_SB', True) == '1' else ''}" # TODO: re-add mok2verify when refreshed
GRUB_BUILDIN_append += " chain ${@'efivar password_pbkdf2' if d.getVar('UEFI_SB', True) == '1' else ''}" GRUB_BUILDIN_append += " chain ${@'efivar password_pbkdf2' if d.getVar('UEFI_SB', True) == '1' else ''}"
# For efi_call_foo and efi_shim_exit # For efi_call_foo and efi_shim_exit
@@ -19,7 +19,7 @@ SECTION = "bootloaders"
LICENSE = "BSD-3-Clause" LICENSE = "BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=d9bf404642f21afb4ad89f95d7bc91ee" LIC_FILES_CHKSUM = "file://LICENSE;md5=d9bf404642f21afb4ad89f95d7bc91ee"
PR = "r0" PR = "r0"
SRC_URI = " \ SRC_URI = "\
git://github.com/jiazhang0/SELoader.git \ git://github.com/jiazhang0/SELoader.git \
" "
SRCREV = "32e3292c33603f319354aac273938fe63897a8da" SRCREV = "32e3292c33603f319354aac273938fe63897a8da"
@@ -30,14 +30,14 @@ COMPATIBLE_HOST = '(i.86|x86_64).*-linux'
inherit deploy user-key-store inherit deploy user-key-store
S = "${WORKDIR}/git" S = "${WORKDIR}/git"
DEPENDS += " \ DEPENDS += "\
gnu-efi sbsigntool-native \ gnu-efi sbsigntool-native \
" "
EFI_ARCH_x86 = "ia32" EFI_ARCH_x86 = "ia32"
EFI_ARCH_x86-64 = "x64" EFI_ARCH_x86-64 = "x64"
EXTRA_OEMAKE = " \ EXTRA_OEMAKE = "\
CROSS_COMPILE="${TARGET_PREFIX}" \ CROSS_COMPILE="${TARGET_PREFIX}" \
SBSIGN=${STAGING_BINDIR_NATIVE}/sbsign \ SBSIGN=${STAGING_BINDIR_NATIVE}/sbsign \
gnuefi_libdir=${STAGING_LIBDIR} \ gnuefi_libdir=${STAGING_LIBDIR} \
@@ -50,9 +50,12 @@ EFI_TARGET = "/boot/efi/EFI/BOOT"
FILES_${PN} += "${EFI_TARGET}" FILES_${PN} += "${EFI_TARGET}"
python do_sign() { python do_sign() {
sb_sign(d.expand('${B}/Src/Efi/SELoader.efi'), d.expand('${B}/Src/Efi/SELoader.efi.signed'), d) sb_sign(d.expand('${B}/Src/Efi/SELoader.efi'), \
sb_sign(d.expand('${B}/Bin/Hash2DxeCrypto.efi'), d.expand('${B}/Bin/Hash2DxeCrypto.efi.signed'), d) d.expand('${B}/Src/Efi/SELoader.efi.signed'), d)
sb_sign(d.expand('${B}/Bin/Pkcs7VerifyDxe.efi'), d.expand('${B}/Bin/Pkcs7VerifyDxe.efi.signed'), d) sb_sign(d.expand('${B}/Bin/Hash2DxeCrypto.efi'), \
d.expand('${B}/Bin/Hash2DxeCrypto.efi.signed'), d)
sb_sign(d.expand('${B}/Bin/Pkcs7VerifyDxe.efi'), \
d.expand('${B}/Bin/Pkcs7VerifyDxe.efi.signed'), d)
} }
addtask sign after do_compile before do_install addtask sign after do_compile before do_install
@@ -63,20 +66,20 @@ do_install() {
if [ x"${UEFI_SB}" = x"1" ]; then if [ x"${UEFI_SB}" = x"1" ]; then
if [ x"${MOK_SB}" != x"1" ]; then if [ x"${MOK_SB}" != x"1" ]; then
mv ${D}${EFI_TARGET}/SELoader${EFI_ARCH}.efi \ mv "${D}${EFI_TARGET}/SELoader${EFI_ARCH}.efi" \
${D}${EFI_TARGET}/boot${EFI_ARCH}.efi "${D}${EFI_TARGET}/boot${EFI_ARCH}.efi"
fi fi
fi fi
} }
do_deploy() { do_deploy() {
# Deploy the unsigned images for manual signing # Deploy the unsigned images for manual signing
install -d ${DEPLOYDIR}/efi-unsigned install -d "${DEPLOYDIR}/efi-unsigned"
install -m 0600 ${B}/Src/Efi/SELoader.efi \ install -m 0600 "${B}/Src/Efi/SELoader.efi" \
${DEPLOYDIR}/efi-unsigned/SELoader${EFI_ARCH}.efi "${DEPLOYDIR}/efi-unsigned/SELoader${EFI_ARCH}.efi"
install -m 0600 ${B}/Bin/Hash2DxeCrypto.efi ${DEPLOYDIR}/efi-unsigned/ install -m 0600 "${B}/Bin/Hash2DxeCrypto.efi" "${DEPLOYDIR}/efi-unsigned"
install -m 0600 ${B}/Bin/Pkcs7VerifyDxe.efi ${DEPLOYDIR}/efi-unsigned/ install -m 0600 "${B}/Bin/Pkcs7VerifyDxe.efi" "${DEPLOYDIR}/efi-unsigned"
# Deploy the signed images # Deploy the signed images
if [ x"${UEFI_SB}" = x"1" -a x"${MOK_SB}" != x"1" ]; then if [ x"${UEFI_SB}" = x"1" -a x"${MOK_SB}" != x"1" ]; then
@@ -84,11 +87,11 @@ do_deploy() {
else else
SEL_NAME=SELoader SEL_NAME=SELoader
fi fi
install -m 0600 ${D}${EFI_TARGET}/${SEL_NAME}${EFI_ARCH}.efi \ install -m 0600 "${D}${EFI_TARGET}/${SEL_NAME}${EFI_ARCH}.efi" \
${DEPLOYDIR}/${SEL_NAME}${EFI_ARCH}.efi "${DEPLOYDIR}/${SEL_NAME}${EFI_ARCH}.efi"
install -m 0600 ${D}${EFI_TARGET}/Hash2DxeCrypto.efi \ install -m 0600 "${D}${EFI_TARGET}/Hash2DxeCrypto.efi" \
${DEPLOYDIR}/Hash2DxeCrypto.efi "${DEPLOYDIR}/Hash2DxeCrypto.efi"
install -m 0600 ${D}${EFI_TARGET}/Pkcs7VerifyDxe.efi \ install -m 0600 "${D}${EFI_TARGET}/Pkcs7VerifyDxe.efi" \
${DEPLOYDIR}/Pkcs7VerifyDxe.efi "${DEPLOYDIR}/Pkcs7VerifyDxe.efi"
} }
addtask deploy after do_install before do_build addtask deploy after do_install before do_build
@@ -17,7 +17,7 @@ COMPATIBLE_HOST = '(i.86|x86_64).*-linux'
inherit deploy user-key-store inherit deploy user-key-store
SRC_URI = " \ SRC_URI = "\
git://github.com/rhinstaller/shim.git \ git://github.com/rhinstaller/shim.git \
file://0001-shim-allow-to-verify-sha1-digest-for-Authenticode.patch \ file://0001-shim-allow-to-verify-sha1-digest-for-Authenticode.patch \
file://0005-Fix-signing-failure-due-to-not-finding-certificate.patch;apply=0 \ file://0005-Fix-signing-failure-due-to-not-finding-certificate.patch;apply=0 \
@@ -28,7 +28,7 @@ SRC_URI = " \
file://0011-Update-verification_method-if-the-loaded-image-is-si.patch;apply=0 \ file://0011-Update-verification_method-if-the-loaded-image-is-si.patch;apply=0 \
file://0012-netboot-replace-the-depreciated-EFI_PXE_BASE_CODE.patch \ file://0012-netboot-replace-the-depreciated-EFI_PXE_BASE_CODE.patch \
" "
SRC_URI_append_x86-64 = " \ SRC_URI_append_x86-64 = "\
${@bb.utils.contains('DISTRO_FEATURES', 'msft', 'file://shim${EFI_ARCH}.efi.signed file://LICENSE' if uks_signing_model(d) == 'sample' else '', '', d)} \ ${@bb.utils.contains('DISTRO_FEATURES', 'msft', 'file://shim${EFI_ARCH}.efi.signed file://LICENSE' if uks_signing_model(d) == 'sample' else '', '', d)} \
" "
@@ -43,7 +43,7 @@ DEPENDS += "\
EFI_ARCH_x86 = "ia32" EFI_ARCH_x86 = "ia32"
EFI_ARCH_x86-64 = "x64" EFI_ARCH_x86-64 = "x64"
EXTRA_OEMAKE = " \ EXTRA_OEMAKE = "\
CROSS_COMPILE="${TARGET_PREFIX}" \ CROSS_COMPILE="${TARGET_PREFIX}" \
LIB_GCC="`${CC} -print-libgcc-file-name`" \ LIB_GCC="`${CC} -print-libgcc-file-name`" \
LIB_PATH="${STAGING_LIBDIR}" \ LIB_PATH="${STAGING_LIBDIR}" \
@@ -1,7 +1,9 @@
DEPENDS += " \ DEPENDS += "\
${@bb.utils.contains('MACHINE_FEATURES', 'efi', 'gnu-efi', '', d)} \ ${@bb.utils.contains('MACHINE_FEATURES', 'efi', 'gnu-efi', '', d)} \
" "
EXTRA_OECONF += " \ EXTRA_OECONF += "\
${@bb.utils.contains('MACHINE_FEATURES', 'efi', '--enable-efi --enable-gnuefi --with-efi-libdir=${STAGING_LIBDIR} --with-efi-ldsdir=${STAGING_LIBDIR} --with-efi-includedir=${STAGING_INCDIR}', '', d)} \ ${@bb.utils.contains('MACHINE_FEATURES', 'efi', \
'--enable-efi --enable-gnuefi --with-efi-libdir=${STAGING_LIBDIR} --with-efi-ldsdir=${STAGING_LIBDIR} --with-efi-includedir=${STAGING_INCDIR}', \
'', d)} \
" "
@@ -1,6 +1,6 @@
FILESEXTRAPATHS_prepend := "${THISDIR}/linux-yocto:" FILESEXTRAPATHS_prepend := "${THISDIR}/linux-yocto:"
efi_secure_boot_sccs = " \ efi_secure_boot_sccs = "\
${@bb.utils.contains('DISTRO_FEATURES', 'efi-secure-boot', \ ${@bb.utils.contains('DISTRO_FEATURES', 'efi-secure-boot', \
'cfg/efi-ext.scc', '', d)} \ 'cfg/efi-ext.scc', '', d)} \
" "
@@ -6,13 +6,15 @@ DEPENDS += "${@'key-store openssl-native' if d.getVar('IMA_ENABLED', True) == '1
# key-store-ima-cert is required in runtime but we hope it is available # key-store-ima-cert is required in runtime but we hope it is available
# in initramfs only. So we don't add it to RDEPENDS_${PN} here. # in initramfs only. So we don't add it to RDEPENDS_${PN} here.
SRC_URI += " \ SRC_URI += "\
${@'file://ima.scc file://ima.cfg file://integrity.scc file://integrity.cfg' if d.getVar('IMA_ENABLED', True) == '1' else ''} \ ${@'file://ima.scc file://ima.cfg file://integrity.scc file://integrity.cfg' if d.getVar('IMA_ENABLED', True) == '1' else ''} \
" "
do_configure_append() { do_configure_append() {
[ -f "${STAGING_DIR_TARGET}${sysconfdir}/keys/system_trusted_key.pem" ] && if [ -f "${STAGING_DIR_TARGET}${sysconfdir}/keys/system_trusted_key.pem" ]; then
openssl x509 -in "${STAGING_DIR_TARGET}${sysconfdir}/keys/system_trusted_key.pem" \ openssl x509 -in "${STAGING_DIR_TARGET}${sysconfdir}/keys/system_trusted_key.pem" \
-outform DER -out "${B}/system_trusted_cert.x509" || -outform DER -out "${B}/system_trusted_cert.x509"
else
true true
fi
} }