diff options
author | Tom Rini <trini@konsulko.com> | 2018-05-01 20:42:20 -0400 |
---|---|---|
committer | Jia Zhang <zhang.jia@linux.alibaba.com> | 2018-05-02 14:29:20 +0800 |
commit | e00aed3e080beac7907050524eb304f25bb039dd (patch) | |
tree | 04e0e51497b869e895519f5870b8ebb569126b0d | |
parent | 15a25c9a4a1c5fb99d252d6422b56ecc92195433 (diff) | |
download | meta-secure-core-e00aed3e080beac7907050524eb304f25bb039dd.tar.gz |
efitools: Rework how we deal with rpath and linking of Linux apps
- In all cases, when building Linux apps (and thus linking with gcc) we
need to pass in the normal set of LDFLAGS for both rpath and link hash
type.
- Rework Fix-for-the-cross-compilation.patch a bit. When linking EFI
apps (and thus linking with ld) we don't need to pass in other special
flags. When linking the "openssl" apps we do not need to spell out
the crtN files as gcc handles that for us, they are normal Linux apps.
Ensure that all Linux apps get our EXTRA_LDFLAGS passed in.
With all of these changes we are now able to reuse sstate cache between
build directories.
Signed-off-by: Tom Rini <trini@konsulko.com>
3 files changed, 28 insertions, 30 deletions
diff --git a/meta-efi-secure-boot/recipes-bsp/efitools/efitools-native_git.bb b/meta-efi-secure-boot/recipes-bsp/efitools/efitools-native_git.bb index 418eb77..616e2fd 100644 --- a/meta-efi-secure-boot/recipes-bsp/efitools/efitools-native_git.bb +++ b/meta-efi-secure-boot/recipes-bsp/efitools/efitools-native_git.bb | |||
@@ -7,5 +7,4 @@ inherit native | |||
7 | EXTRA_OEMAKE_append = "\ | 7 | EXTRA_OEMAKE_append = "\ |
8 | INCDIR_PREFIX='${STAGING_DIR_NATIVE}' \ | 8 | INCDIR_PREFIX='${STAGING_DIR_NATIVE}' \ |
9 | CRTPATH_PREFIX='${STAGING_DIR_NATIVE}' \ | 9 | CRTPATH_PREFIX='${STAGING_DIR_NATIVE}' \ |
10 | EXTRA_LDFLAGS='-Wl,-rpath,${libdir}' \ | ||
11 | " | 10 | " |
diff --git a/meta-efi-secure-boot/recipes-bsp/efitools/efitools.inc b/meta-efi-secure-boot/recipes-bsp/efitools/efitools.inc index 97a489f..8dadf60 100644 --- a/meta-efi-secure-boot/recipes-bsp/efitools/efitools.inc +++ b/meta-efi-secure-boot/recipes-bsp/efitools/efitools.inc | |||
@@ -45,14 +45,11 @@ EXTRA_OEMAKE = "\ | |||
45 | SBSIGN='${STAGING_BINDIR_NATIVE}/sbsign' \ | 45 | SBSIGN='${STAGING_BINDIR_NATIVE}/sbsign' \ |
46 | NM='${NM}' AR='${AR}' \ | 46 | NM='${NM}' AR='${AR}' \ |
47 | OPENSSL_LIB='${STAGING_LIBDIR_NATIVE}' \ | 47 | OPENSSL_LIB='${STAGING_LIBDIR_NATIVE}' \ |
48 | EXTRA_LDFLAGS='${LDFLAGS}' \ | ||
48 | " | 49 | " |
49 | EXTRA_OEMAKE_append_x86 += " ARCH=ia32" | 50 | EXTRA_OEMAKE_append_x86 += " ARCH=ia32" |
50 | EXTRA_OEMAKE_append_x86-64 += " ARCH=x86_64" | 51 | EXTRA_OEMAKE_append_x86-64 += " ARCH=x86_64" |
51 | 52 | ||
52 | # LDFLAGS is used by LD not CC, so remove '-Wl,' | ||
53 | LDFLAGS := "${@oe.utils.str_filter_out('-Wl,', '${LDFLAGS}', d)}" | ||
54 | BUILD_LDFLAGS := "${@oe.utils.str_filter_out('-Wl,', '${BUILD_LDFLAGS}', d)}" | ||
55 | |||
56 | EFI_BOOT_PATH = "/boot/efi/EFI/BOOT" | 53 | EFI_BOOT_PATH = "/boot/efi/EFI/BOOT" |
57 | 54 | ||
58 | do_compile_prepend() { | 55 | do_compile_prepend() { |
diff --git a/meta-efi-secure-boot/recipes-bsp/efitools/efitools/Fix-for-the-cross-compilation.patch b/meta-efi-secure-boot/recipes-bsp/efitools/efitools/Fix-for-the-cross-compilation.patch index 75c64ae..a5be1ef 100644 --- a/meta-efi-secure-boot/recipes-bsp/efitools/efitools/Fix-for-the-cross-compilation.patch +++ b/meta-efi-secure-boot/recipes-bsp/efitools/efitools/Fix-for-the-cross-compilation.patch | |||
@@ -7,15 +7,15 @@ Upstream-Status: Pending | |||
7 | 7 | ||
8 | Signed-off-by: Lans Zhang <jia.zhang@windriver.com> | 8 | Signed-off-by: Lans Zhang <jia.zhang@windriver.com> |
9 | --- | 9 | --- |
10 | Make.rules | 52 +++++++++++++++++++++++++++++----------------------- | 10 | Make.rules | 51 ++++++++++++++++++++++++++++----------------------- |
11 | Makefile | 14 +++++++------- | 11 | Makefile | 12 ++++++------ |
12 | 2 files changed, 36 insertions(+), 30 deletions(-) | 12 | 2 files changed, 34 insertions(+), 29 deletions(-) |
13 | 13 | ||
14 | diff --git a/Make.rules b/Make.rules | 14 | diff --git a/Make.rules b/Make.rules |
15 | index 88d5481..7e89332 100644 | 15 | index 88d5481bef6a..c794a621095b 100644 |
16 | --- a/Make.rules | 16 | --- a/Make.rules |
17 | +++ b/Make.rules | 17 | +++ b/Make.rules |
18 | @@ -13,21 +13,27 @@ ARCH3264 = | 18 | @@ -13,21 +13,26 @@ ARCH3264 = |
19 | else | 19 | else |
20 | $(error unknown architecture $(ARCH)) | 20 | $(error unknown architecture $(ARCH)) |
21 | endif | 21 | endif |
@@ -26,7 +26,7 @@ index 88d5481..7e89332 100644 | |||
26 | +INCDIR = -I$(TOPDIR)include/ -I$(INCDIR_PREFIX)/usr/include/efi -I$(INCDIR_PREFIX)/usr/include/efi/$(ARCH) -I$(INCDIR_PREFIX)/usr/include/efi/protocol | 26 | +INCDIR = -I$(TOPDIR)include/ -I$(INCDIR_PREFIX)/usr/include/efi -I$(INCDIR_PREFIX)/usr/include/efi/$(ARCH) -I$(INCDIR_PREFIX)/usr/include/efi/protocol |
27 | +cppflags = -DCONFIG_$(ARCH) | 27 | +cppflags = -DCONFIG_$(ARCH) |
28 | +cflags = -O2 $(ARCH3264) -fpic -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants -fno-stack-protector -ffreestanding -fno-stack-check $(CFLAGS) | 28 | +cflags = -O2 $(ARCH3264) -fpic -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants -fno-stack-protector -ffreestanding -fno-stack-check $(CFLAGS) |
29 | +ldflags = -nostdlib $(LDFLAGS) | 29 | +ldflags = -nostdlib |
30 | CRTOBJ = crt0-efi-$(ARCH).o | 30 | CRTOBJ = crt0-efi-$(ARCH).o |
31 | CRTPATHS = /lib /lib64 /lib/efi /lib64/efi /usr/lib /usr/lib64 /usr/lib/efi /usr/lib64/efi | 31 | CRTPATHS = /lib /lib64 /lib/efi /lib64/efi /usr/lib /usr/lib64 /usr/lib/efi /usr/lib64/efi |
32 | -CRTPATH = $(shell for f in $(CRTPATHS); do if [ -e $$f/$(CRTOBJ) ]; then echo $$f; break; fi; done) | 32 | -CRTPATH = $(shell for f in $(CRTPATHS); do if [ -e $$f/$(CRTOBJ) ]; then echo $$f; break; fi; done) |
@@ -37,7 +37,6 @@ index 88d5481..7e89332 100644 | |||
37 | LDSCRIPT = elf_$(ARCH)_efi.lds | 37 | LDSCRIPT = elf_$(ARCH)_efi.lds |
38 | -LDFLAGS += -shared -Bsymbolic $(CRTOBJS) -L $(CRTPATH) -T $(LDSCRIPT) | 38 | -LDFLAGS += -shared -Bsymbolic $(CRTOBJS) -L $(CRTPATH) -T $(LDSCRIPT) |
39 | +ldflags += -shared -Bsymbolic $(CRTOBJS) -L $(CRTPATH) -T $(LDSCRIPT) | 39 | +ldflags += -shared -Bsymbolic $(CRTOBJS) -L $(CRTPATH) -T $(LDSCRIPT) |
40 | +ldflags_openssl = $(addprefix -L$(CRTPATH_PREFIX),$(CRTPATHS)) | ||
41 | LOADLIBES = -lefi -lgnuefi $(shell $(CC) $(ARCH3264) -print-libgcc-file-name) | 40 | LOADLIBES = -lefi -lgnuefi $(shell $(CC) $(ARCH3264) -print-libgcc-file-name) |
42 | FORMAT = --target=efi-app-$(ARCH) | 41 | FORMAT = --target=efi-app-$(ARCH) |
43 | OBJCOPY = objcopy | 42 | OBJCOPY = objcopy |
@@ -49,7 +48,7 @@ index 88d5481..7e89332 100644 | |||
49 | MYGUID = 11111111-2222-3333-4444-123456789abc | 48 | MYGUID = 11111111-2222-3333-4444-123456789abc |
50 | INSTALL = install | 49 | INSTALL = install |
51 | BINDIR = $(DESTDIR)/usr/bin | 50 | BINDIR = $(DESTDIR)/usr/bin |
52 | @@ -36,23 +42,23 @@ EFIDIR = $(DESTDIR)/usr/share/efitools/efi | 51 | @@ -36,23 +41,23 @@ EFIDIR = $(DESTDIR)/usr/share/efitools/efi |
53 | DOCDIR = $(DESTDIR)/usr/share/efitools | 52 | DOCDIR = $(DESTDIR)/usr/share/efitools |
54 | 53 | ||
55 | # globally use EFI calling conventions (requires gcc >= 4.7) | 54 | # globally use EFI calling conventions (requires gcc >= 4.7) |
@@ -78,7 +77,7 @@ index 88d5481..7e89332 100644 | |||
78 | FORMAT = -O binary | 77 | FORMAT = -O binary |
79 | endif | 78 | endif |
80 | 79 | ||
81 | @@ -61,12 +67,12 @@ endif | 80 | @@ -61,12 +66,12 @@ endif |
82 | -j .rel -j .rela -j .rel.* -j .rela.* -j .rel* -j .rela* \ | 81 | -j .rel -j .rela -j .rel.* -j .rela.* -j .rel* -j .rela* \ |
83 | -j .reloc $(FORMAT) $*.so $@ | 82 | -j .reloc $(FORMAT) $*.so $@ |
84 | %.so: %.o | 83 | %.so: %.o |
@@ -94,7 +93,7 @@ index 88d5481..7e89332 100644 | |||
94 | 93 | ||
95 | %.hash: %.efi hash-to-efi-sig-list | 94 | %.hash: %.efi hash-to-efi-sig-list |
96 | ./hash-to-efi-sig-list $< $@ | 95 | ./hash-to-efi-sig-list $< $@ |
97 | @@ -99,28 +105,28 @@ getvar = $(shell if [ "$(1)" = "PK" -o "$(1)" = "KEK" ]; then echo $(1); else ec | 96 | @@ -99,28 +104,28 @@ getvar = $(shell if [ "$(1)" = "PK" -o "$(1)" = "KEK" ]; then echo $(1); else ec |
98 | ./sign-efi-sig-list -a -c PK.crt -k PK.key dbx $< $@ | 97 | ./sign-efi-sig-list -a -c PK.crt -k PK.key dbx $< $@ |
99 | 98 | ||
100 | %.o: %.c | 99 | %.o: %.c |
@@ -131,7 +130,7 @@ index 88d5481..7e89332 100644 | |||
131 | 130 | ||
132 | ## | 131 | ## |
133 | # No need for KEK signing | 132 | # No need for KEK signing |
134 | @@ -129,7 +135,7 @@ getvar = $(shell if [ "$(1)" = "PK" -o "$(1)" = "KEK" ]; then echo $(1); else ec | 133 | @@ -129,7 +134,7 @@ getvar = $(shell if [ "$(1)" = "PK" -o "$(1)" = "KEK" ]; then echo $(1); else ec |
135 | # sbsign --key KEK.key --cert KEK.crt --output $@ $< | 134 | # sbsign --key KEK.key --cert KEK.crt --output $@ $< |
136 | 135 | ||
137 | %.a: | 136 | %.a: |
@@ -141,7 +140,7 @@ index 88d5481..7e89332 100644 | |||
141 | doc/%.1: doc/%.1.in % | 140 | doc/%.1: doc/%.1.in % |
142 | $(HELP2MAN) --no-info -i $< -o $@ ./$* | 141 | $(HELP2MAN) --no-info -i $< -o $@ ./$* |
143 | diff --git a/Makefile b/Makefile | 142 | diff --git a/Makefile b/Makefile |
144 | index 774ee0a..46e4620 100644 | 143 | index 774ee0aed7e9..4c3f91b5850f 100644 |
145 | --- a/Makefile | 144 | --- a/Makefile |
146 | +++ b/Makefile | 145 | +++ b/Makefile |
147 | @@ -73,7 +73,7 @@ ms-%.esl: ms-%.crt cert-to-efi-sig-list | 146 | @@ -73,7 +73,7 @@ ms-%.esl: ms-%.crt cert-to-efi-sig-list |
@@ -153,41 +152,44 @@ index 774ee0a..46e4620 100644 | |||
153 | rm -f /tmp/tmp.hash | 152 | rm -f /tmp/tmp.hash |
154 | 153 | ||
155 | 154 | ||
156 | @@ -88,28 +88,28 @@ HelloWorld.so: lib/lib-efi.a | 155 | @@ -88,31 +88,31 @@ HelloWorld.so: lib/lib-efi.a |
157 | ShimReplace.so: lib/lib-efi.a | 156 | ShimReplace.so: lib/lib-efi.a |
158 | 157 | ||
159 | cert-to-efi-sig-list: cert-to-efi-sig-list.o lib/lib.a | 158 | cert-to-efi-sig-list: cert-to-efi-sig-list.o lib/lib.a |
160 | - $(CC) $(ARCH3264) -o $@ $< -lcrypto lib/lib.a | 159 | - $(CC) $(ARCH3264) -o $@ $< -lcrypto lib/lib.a |
161 | + $(CC) $(ARCH3264) -o $@ $< $(ldflags_openssl) $(EXTRA_LDFLAGS) -lcrypto lib/lib.a | 160 | + $(CC) $(ARCH3264) -o $@ $< $(EXTRA_LDFLAGS) -lcrypto lib/lib.a |
162 | 161 | ||
163 | sig-list-to-certs: sig-list-to-certs.o lib/lib.a | 162 | sig-list-to-certs: sig-list-to-certs.o lib/lib.a |
164 | - $(CC) $(ARCH3264) -o $@ $< -lcrypto lib/lib.a | 163 | - $(CC) $(ARCH3264) -o $@ $< -lcrypto lib/lib.a |
165 | + $(CC) $(ARCH3264) -o $@ $< $(ldflags_openssl) $(EXTRA_LDFLAGS) -lcrypto lib/lib.a | 164 | + $(CC) $(ARCH3264) -o $@ $< $(EXTRA_LDFLAGS) -lcrypto lib/lib.a |
166 | 165 | ||
167 | sign-efi-sig-list: sign-efi-sig-list.o lib/lib.a | 166 | sign-efi-sig-list: sign-efi-sig-list.o lib/lib.a |
168 | - $(CC) $(ARCH3264) -o $@ $< -lcrypto lib/lib.a | 167 | - $(CC) $(ARCH3264) -o $@ $< -lcrypto lib/lib.a |
169 | + $(CC) $(ARCH3264) -o $@ $< $(ldflags_openssl) $(EXTRA_LDFLAGS) -lcrypto lib/lib.a | 168 | + $(CC) $(ARCH3264) -o $@ $< $(EXTRA_LDFLAGS) -lcrypto lib/lib.a |
170 | 169 | ||
171 | hash-to-efi-sig-list: hash-to-efi-sig-list.o lib/lib.a | 170 | hash-to-efi-sig-list: hash-to-efi-sig-list.o lib/lib.a |
172 | $(CC) $(ARCH3264) -o $@ $< lib/lib.a | 171 | - $(CC) $(ARCH3264) -o $@ $< lib/lib.a |
172 | + $(CC) $(ARCH3264) -o $@ $< $(EXTRA_LDFLAGS) lib/lib.a | ||
173 | 173 | ||
174 | cert-to-efi-hash-list: cert-to-efi-hash-list.o lib/lib.a | 174 | cert-to-efi-hash-list: cert-to-efi-hash-list.o lib/lib.a |
175 | - $(CC) $(ARCH3264) -o $@ $< -lcrypto lib/lib.a | 175 | - $(CC) $(ARCH3264) -o $@ $< -lcrypto lib/lib.a |
176 | + $(CC) $(ARCH3264) -o $@ $< $(ldflags_openssl) $(EXTRA_LDFLAGS) -lcrypto lib/lib.a | 176 | + $(CC) $(ARCH3264) -o $@ $< $(EXTRA_LDFLAGS) -lcrypto lib/lib.a |
177 | 177 | ||
178 | efi-keytool: efi-keytool.o lib/lib.a | 178 | efi-keytool: efi-keytool.o lib/lib.a |
179 | $(CC) $(ARCH3264) -o $@ $< lib/lib.a | 179 | - $(CC) $(ARCH3264) -o $@ $< lib/lib.a |
180 | + $(CC) $(ARCH3264) -o $@ $< $(EXTRA_LDFLAGS) lib/lib.a | ||
180 | 181 | ||
181 | efi-readvar: efi-readvar.o lib/lib.a | 182 | efi-readvar: efi-readvar.o lib/lib.a |
182 | - $(CC) $(ARCH3264) -o $@ $< -lcrypto lib/lib.a | 183 | - $(CC) $(ARCH3264) -o $@ $< -lcrypto lib/lib.a |
183 | + $(CC) $(ARCH3264) -o $@ $< $(ldflags_openssl) $(EXTRA_LDFLAGS) -lcrypto lib/lib.a | 184 | + $(CC) $(ARCH3264) -o $@ $< $(EXTRA_LDFLAGS) -lcrypto lib/lib.a |
184 | 185 | ||
185 | efi-updatevar: efi-updatevar.o lib/lib.a | 186 | efi-updatevar: efi-updatevar.o lib/lib.a |
186 | - $(CC) $(ARCH3264) -o $@ $< -lcrypto lib/lib.a | 187 | - $(CC) $(ARCH3264) -o $@ $< -lcrypto lib/lib.a |
187 | + $(CC) $(ARCH3264) -o $@ $< $(ldflags_openssl) $(EXTRA_LDFLAGS) -lcrypto lib/lib.a | 188 | + $(CC) $(ARCH3264) -o $@ $< $(EXTRA_LDFLAGS) -lcrypto lib/lib.a |
188 | 189 | ||
189 | flash-var: flash-var.o lib/lib.a | 190 | flash-var: flash-var.o lib/lib.a |
190 | $(CC) $(ARCH3264) -o $@ $< lib/lib.a | 191 | - $(CC) $(ARCH3264) -o $@ $< lib/lib.a |
191 | -- | 192 | + $(CC) $(ARCH3264) -o $@ $< $(EXTRA_LDFLAGS) lib/lib.a |
192 | 1.9.1 | 193 | |
193 | 194 | clean: | |
195 | rm -f PK.* KEK.* DB.* $(EFIFILES) $(EFISIGNED) $(BINARIES) *.o *.so | ||