diff --git a/Makefile b/Makefile index ecb7e49..0983a57 100644 --- a/Makefile +++ b/Makefile @@ -51,10 +51,19 @@ endef define add-vendor-sbat $(OBJCOPY) --add-section ".$(patsubst %.csv,%,$(1))=$(1)" $(2) +endef +define add-skusi +$(OBJCOPY) --add-section ".$(patsubst %.bin,%,$(1))=$(1)" $(2) endef SBATPATH = $(TOPDIR)/data/sbat.csv +SBATLEVELLATESTPATH = $(TOPDIR)/data/sbat_level_latest.csv +SBATLEVELAUTOMATICPATH = $(TOPDIR)/data/sbat_level_automatic.csv +SSPVLATESTPATH = $(TOPDIR)/data/SkuSiPolicy_Version_latest.bin +SSPSLATESTPATH = $(TOPDIR)/data/SkuSiPolicy_latest.bin +SSPVAUTOMATICPATH = $(TOPDIR)/data/SkuSiPolicy_Version_automatic.bin +SSPSAUTOMATICPATH = $(TOPDIR)/data/SkuSiPolicy_automatic.bin VENDOR_SBATS := $(sort $(foreach x,$(wildcard $(TOPDIR)/data/sbat.*.csv data/sbat.*.csv),$(notdir $(x)))) OBJFLAGS = @@ -84,9 +93,9 @@ ifeq ($(ARCH),arm) BUILDFLAGS += -ffreestanding -I$(shell $(CC) -print-file-name=include) endif -all : certwrapper.efi +all : certmule.efi revocations.efi -certwrapper.so : sbat_data.o certwrapper.o +certwrapper.so : revocation_data.o certwrapper.o certwrapper.so : SOLIBS= certwrapper.so : SOFLAGS= certwrapper.so : BUILDFLAGS+=-DVENDOR_DB @@ -94,6 +103,15 @@ certwrapper.efi : OBJFLAGS = --strip-unneeded $(call VENDOR_DB, $<) certwrapper.efi : SECTIONS=.text .reloc .db .sbat certwrapper.efi : VENDOR_DB_FILE?=db.esl +revocations.so : revocation_data.o revocations.o +revocations.so : SOLIBS= +revocations.so : SOFLAGS= +revocations.efi : OBJFLAGS = --strip-unneeded +revocations.efi : SECTIONS=.text .reloc .sbat .sbatl .sbata .sspva .sspsa .sspvl .sspsl + +revocations.o : certmule.o + cp certmule.o revocations.o + %.efi : %.so ifneq ($(OBJCOPY_GTE224),1) $(error objcopy >= 2.24 is required) @@ -103,12 +121,30 @@ endif $(OBJFLAGS) \ $(FORMAT) $^ $@ -sbat_data.o : | $(SBATPATH) $(VENDOR_SBATS) -sbat_data.o : /dev/null +revocation_data.o : | $(SBATPATH) $(VENDOR_SBATS) +revocation_data.o : /dev/null $(CC) $(BUILDFLAGS) -x c -c -o $@ $< $(OBJCOPY) --add-section .sbat=$(SBATPATH) \ --set-section-flags .sbat=contents,alloc,load,readonly,data \ $@ + $(OBJCOPY) --add-section .sbatl=$(SBATLEVELLATESTPATH) \ + --set-section-flags .sbatl=contents,alloc,load,readonly,data \ + $@ + $(OBJCOPY) --add-section .sbata=$(SBATLEVELAUTOMATICPATH) \ + --set-section-flags .sbata=contents,alloc,load,readonly,data \ + $@ + $(OBJCOPY) --add-section .sspvl=$(SSPVLATESTPATH) \ + --set-section-flags .sspvl=contents,alloc,load,readonly,data \ + $@ + $(OBJCOPY) --add-section .sspsl=$(SSPSLATESTPATH) \ + --set-section-flags .sspsl=contents,alloc,load,readonly,data \ + $@ + $(OBJCOPY) --add-section .sspva=$(SSPVAUTOMATICPATH) \ + --set-section-flags .sspva=contents,alloc,load,readonly,data \ + $@ + $(OBJCOPY) --add-section .sspsa=$(SSPSAUTOMATICPATH) \ + --set-section-flags .sspsa=contents,alloc,load,readonly,data \ + $@ $(foreach vs,$(VENDOR_SBATS),$(call add-vendor-sbat,$(vs),$@)) %.so : %.o diff --git a/data/SkuSiPolicy_Version_automatic.bin b/data/SkuSiPolicy_Version_automatic.bin new file mode 100644 index 0000000..412ee87 Binary files /dev/null and b/data/SkuSiPolicy_Version_automatic.bin differ diff --git a/data/SkuSiPolicy_Version_latest.bin b/data/SkuSiPolicy_Version_latest.bin new file mode 100644 index 0000000..329e937 Binary files /dev/null and b/data/SkuSiPolicy_Version_latest.bin differ diff --git a/data/SkuSiPolicy_automatic.bin b/data/SkuSiPolicy_automatic.bin new file mode 100644 index 0000000..0296877 Binary files /dev/null and b/data/SkuSiPolicy_automatic.bin differ diff --git a/data/SkuSiPolicy_latest.bin b/data/SkuSiPolicy_latest.bin new file mode 100644 index 0000000..0296877 Binary files /dev/null and b/data/SkuSiPolicy_latest.bin differ diff --git a/data/sbat_level_automatic.csv b/data/sbat_level_automatic.csv new file mode 100644 index 0000000..e219305 --- /dev/null +++ b/data/sbat_level_automatic.csv @@ -0,0 +1,4 @@ +sbat,1,2022111500 +shim,2 +grub,3 +grub.debian,4 diff --git a/data/sbat_level_latest.csv b/data/sbat_level_latest.csv new file mode 100644 index 0000000..de466ab --- /dev/null +++ b/data/sbat_level_latest.csv @@ -0,0 +1,3 @@ +sbat,1,2023100300 +shim,4 +grub,4