blob: d4aab2cfd9308d36eaee31c15b58fd2b5f3af843 [file] [log] [blame]
# Copyright 2018 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.
EAPI=7
SRC_URI="https://github.com/rhboot/shim/releases/download/${PV}/shim-${PV}.tar.bz2"
KEYWORDS="*"
inherit eutils multilib toolchain-funcs
DESCRIPTION="Red Hat UEFI shim loader"
HOMEPAGE="https://github.com/rhboot/shim"
LICENSE="BSD-2"
SLOT="0"
IUSE=""
RDEPEND=""
DEPEND="dev-libs/openssl
platform-key? ( sys-boot/platform-key )
"
IUSE="platform-key"
PATCHES=(
"${FILESDIR}"/shim-15.4-fix-gcc-host-leak.patch
"${FILESDIR}"/shim-15.4-force-ld.bfd.patch
"${FILESDIR}"/shim-15.5-fix-clang-format-error.patch
"${FILESDIR}"/shim-15.6-revert-modernize-aarch64.patch
"${FILESDIR}"/shim-15.6-fix-CVE-2023-40547.patch
"${FILESDIR}"/shim-15.6-fix-cve-2023-40551.patch
"${FILESDIR}"/shim-15.6-fix-cve-2023-40546.patch
"${FILESDIR}"/shim-15.6-fix-cve-2023-40550.patch
"${FILESDIR}"/shim-15.6-add-overflow-primitives.patch
"${FILESDIR}"/shim-15.6-fix-cve-2023-40549.patch
"${FILESDIR}"/shim-15.6-fix-cve-2023-40548.patch
)
shim_arch() {
case ${ARCH} in
amd64) echo "x86_64";;
arm64) echo "aarch64";;
*) eerror "unsupported architecture: ${ARCH}";;
esac
}
shim_binary() {
case ${ARCH} in
amd64) echo "shimx64.efi";;
arm64) echo "shimaa64.efi";;
*) eerror "unsupported architecture: ${ARCH}";;
esac
}
src_prepare() {
cros_allow_gnu_build_tools
default
}
src_compile() {
local extra_opts=()
if use platform-key; then
extra_opts+=( VENDOR_CERT_FILE="${ROOT}/build/share/platform-key/signing_key.cer" )
fi
tc-export BUILD_CC
emake ARCH="$(shim_arch)" \
CROSS_COMPILE="${CHOST}-" \
HOSTCC="${BUILD_CC}" \
DEFAULT_LOADER="\\\\\\\\grub-lakitu.efi" \
"${extra_opts[@]}" \
"$(shim_binary)"
}
src_install() {
insinto /boot/efi/boot
doins "$(shim_binary)"
}