kumquat-buildroot/boot/shim/Config.in

config BR2_PACKAGE_SHIM_ARCH_SUPPORTS
	bool
	default y if BR2_aarch64
	default y if BR2_arm
	default y if BR2_i386
	default y if BR2_x86_64
	# it includes gnu-efi
	depends on BR2_PACKAGE_GNU_EFI_ARCH_SUPPORTS

config BR2_TARGET_SHIM
	bool "shim"
	depends on BR2_PACKAGE_SHIM_ARCH_SUPPORTS
	help
	  Boot loader to chain-load signed boot loaders under Secure
	  Boot.

	  This package provides a minimalist boot loader which allows
	  verifying signatures of other UEFI binaries against either
	  the Secure Boot DB/DBX or against a built-in signature
	  database.  Its purpose is to allow a small,
	  infrequently-changing binary to be signed by the UEFI CA,
	  while allowing an OS distributor to revision their main
	  bootloader independently of the CA.

	  https://github.com/rhboot/shim
boot/shim: add BR2_PACKAGE_SHIM_ARCH_SUPPORTS Add BR2_PACKAGE_SHIM_ARCH_SUPPORTS as requested by Thomas Petazzoni in https://patchwork.ozlabs.org/project/buildroot/patch/20220419121409.2055818-1-fontaine.fabrice@gmail.com Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> [Arnout: reorder options according to check-package] Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> 2022-04-19 22:01:22 +02:00			`config BR2_PACKAGE_SHIM_ARCH_SUPPORTS`
			`bool`
boot/shim: big endian arm/aarch64 variants are not supported Fixes: http://autobuild.buildroot.net/results/a6c7dd171529e2a7b7a26af8d99bec53117a7a02/ Commit fd5842a1dd03642b2ea084439 (boot/shim: add BR2_PACKAGE_SHIM_ARCH_SUPPORTS) added explicit support for big/little endian arm/aarch64, but the shim code is hard coded for little endian: head -n 1 elf_{arm,aarch64}_efi.lds ==> elf_arm_efi.lds <== OUTPUT_FORMAT("elf32-littlearm", "elf32-littlearm", "elf32-littlearm") ==> elf_aarch64_efi.lds <== OUTPUT_FORMAT("elf64-littleaarch64", "elf64-littleaarch64", "elf64-littleaarch64") So drop the support for the big endian variants. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2022-05-11 09:19:46 +02:00			`default y if BR2_aarch64`
			`default y if BR2_arm`
boot/shim: add BR2_PACKAGE_SHIM_ARCH_SUPPORTS Add BR2_PACKAGE_SHIM_ARCH_SUPPORTS as requested by Thomas Petazzoni in https://patchwork.ozlabs.org/project/buildroot/patch/20220419121409.2055818-1-fontaine.fabrice@gmail.com Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> [Arnout: reorder options according to check-package] Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> 2022-04-19 22:01:22 +02:00			`default y if BR2_i386`
			`default y if BR2_x86_64`
boot/shim: bump to version 15.4 - Use the tarball provided by upstream developers instead of the one generated by Github. Indeed https://github.com/rhboot/shim/releases/tag/15.4 indicates "As usual, please use the shim-15.4.tar.bz2 tarball, rather than the other two archives github automatically produces." - The tarball now includes the gnu-efi code, so we no longer need to select gnu-efi and have it as a build dependency. We continue to use BR2_PACKAGE_GNU_EFI_ARCH_SUPPORTS as we still only build for those architectures that have gnu-efi support. We also drop the EFI_INCLUDE, EFI_PATH and LIBDIR variables, as gnu-efi no longer needs to be searched in STAGING_DIR. - Drop all four patches, which were backports from upstream. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2021-04-05 22:21:54 +02:00			`# it includes gnu-efi`
boot/shim: new package This commit adds a package for 'shim', an EFI bootloader for secure boot chain loading. While gnu-efi supports 32bit ARM, this is currently broken in shim. Patches to fix this have been submitted upstream but are not included here for now. https://github.com/rhboot/shim/pull/162 Signed-off-by: Peter Korsgaard <peter@korsgaard.com> [Thomas: use BR2_PACKAGE_GNU_EFI_ARCH_SUPPORTS, add separate depends on to exclude ARM32 build.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> 2019-01-11 11:01:11 +01:00			`depends on BR2_PACKAGE_GNU_EFI_ARCH_SUPPORTS`
boot/shim: add BR2_PACKAGE_SHIM_ARCH_SUPPORTS Add BR2_PACKAGE_SHIM_ARCH_SUPPORTS as requested by Thomas Petazzoni in https://patchwork.ozlabs.org/project/buildroot/patch/20220419121409.2055818-1-fontaine.fabrice@gmail.com Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> [Arnout: reorder options according to check-package] Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be> 2022-04-19 22:01:22 +02:00
			`config BR2_TARGET_SHIM`
			`bool "shim"`
			`depends on BR2_PACKAGE_SHIM_ARCH_SUPPORTS`
boot/shim: new package This commit adds a package for 'shim', an EFI bootloader for secure boot chain loading. While gnu-efi supports 32bit ARM, this is currently broken in shim. Patches to fix this have been submitted upstream but are not included here for now. https://github.com/rhboot/shim/pull/162 Signed-off-by: Peter Korsgaard <peter@korsgaard.com> [Thomas: use BR2_PACKAGE_GNU_EFI_ARCH_SUPPORTS, add separate depends on to exclude ARM32 build.] Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> 2019-01-11 11:01:11 +01:00			`help`
			`Boot loader to chain-load signed boot loaders under Secure`
			`Boot.`

			`This package provides a minimalist boot loader which allows`
			`verifying signatures of other UEFI binaries against either`
			`the Secure Boot DB/DBX or against a built-in signature`
			`database. Its purpose is to allow a small,`
			`infrequently-changing binary to be signed by the UEFI CA,`
			`while allowing an OS distributor to revision their main`
			`bootloader independently of the CA.`

			`https://github.com/rhboot/shim`