| # Copyright 2018 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| EAPI=7 |
| |
| SRC_URI="https://github.com/rhboot/shim/releases/download/${PV}/shim-${PV}.tar.bz2" |
| KEYWORDS="*" |
| |
| inherit eutils multilib toolchain-funcs |
| |
| DESCRIPTION="Red Hat UEFI shim loader" |
| HOMEPAGE="https://github.com/rhboot/shim" |
| LICENSE="BSD-2" |
| SLOT="0" |
| IUSE="" |
| |
| RDEPEND="" |
| DEPEND="dev-libs/openssl |
| platform-key? ( sys-boot/platform-key ) |
| " |
| IUSE="platform-key" |
| |
| PATCHES=( |
| "${FILESDIR}"/shim-15.4-fix-gcc-host-leak.patch |
| "${FILESDIR}"/shim-15.4-force-ld.bfd.patch |
| "${FILESDIR}"/shim-15.5-fix-clang-format-error.patch |
| "${FILESDIR}"/shim-15.6-revert-modernize-aarch64.patch |
| "${FILESDIR}"/shim-15.6-fix-CVE-2023-40547.patch |
| "${FILESDIR}"/shim-15.6-fix-cve-2023-40551.patch |
| "${FILESDIR}"/shim-15.6-fix-cve-2023-40546.patch |
| "${FILESDIR}"/shim-15.6-fix-cve-2023-40550.patch |
| "${FILESDIR}"/shim-15.6-add-overflow-primitives.patch |
| "${FILESDIR}"/shim-15.6-fix-cve-2023-40549.patch |
| "${FILESDIR}"/shim-15.6-fix-cve-2023-40548.patch |
| ) |
| |
| |
| shim_arch() { |
| case ${ARCH} in |
| amd64) echo "x86_64";; |
| arm64) echo "aarch64";; |
| *) eerror "unsupported architecture: ${ARCH}";; |
| esac |
| } |
| |
| shim_binary() { |
| case ${ARCH} in |
| amd64) echo "shimx64.efi";; |
| arm64) echo "shimaa64.efi";; |
| *) eerror "unsupported architecture: ${ARCH}";; |
| esac |
| } |
| |
| src_prepare() { |
| cros_allow_gnu_build_tools |
| default |
| } |
| |
| src_compile() { |
| local extra_opts=() |
| |
| if use platform-key; then |
| extra_opts+=( VENDOR_CERT_FILE="${ROOT}/build/share/platform-key/signing_key.cer" ) |
| fi |
| |
| tc-export BUILD_CC |
| emake ARCH="$(shim_arch)" \ |
| CROSS_COMPILE="${CHOST}-" \ |
| HOSTCC="${BUILD_CC}" \ |
| DEFAULT_LOADER="\\\\\\\\grub-lakitu.efi" \ |
| "${extra_opts[@]}" \ |
| "$(shim_binary)" |
| } |
| |
| src_install() { |
| insinto /boot/efi/boot |
| doins "$(shim_binary)" |
| } |