diff --git a/Makefile b/Makefile index d3e77cd..492154c 100644 --- a/Makefile +++ b/Makefile @@ -51,12 +51,19 @@ endef define add-vendor-sbat $(OBJCOPY) --add-section ".$(patsubst %.csv,%,$(1))=$(1)" $(2) +endef +define add-skusi +$(OBJCOPY) --add-section ".$(patsubst %.bin,%,$(1))=$(1)" $(2) endef SBATPATH = $(TOPDIR)/data/sbat.csv SBATLEVELLATESTPATH = $(TOPDIR)/data/sbat_level_latest.csv SBATLEVELPREVIOUSPATH = $(TOPDIR)/data/sbat_level_previous.csv +SSPVLATESTPATH = $(TOPDIR)/data/SkuSiPolicy_latest.bin +SSPSLATESTPATH = $(TOPDIR)/data/SkuSiPolicy_Version_latest.bin +SSPVPREVIOUSPATH = $(TOPDIR)/data/SkuSiPolicy_previous.bin +SSPSPREVIOUSPATH = $(TOPDIR)/data/SkuSiPolicy_Version_previous.bin VENDOR_SBATS := $(sort $(foreach x,$(wildcard $(TOPDIR)/data/sbat.*.csv data/sbat.*.csv),$(notdir $(x)))) OBJFLAGS = @@ -88,7 +95,7 @@ endif all : certmule.efi revocations.efi -certmule.so : sbat_data.o certmule.o +certmule.so : revocation_data.o certmule.o certmule.so : SOLIBS= certmule.so : SOFLAGS= certmule.so : BUILDFLAGS+=-DVENDOR_DB @@ -96,11 +103,11 @@ certmule.efi : OBJFLAGS = --strip-unneeded $(call VENDOR_DB, $<) certmule.efi : SECTIONS=.text .reloc .db .sbat certmule.efi : VENDOR_DB_FILE?=db.esl -revocations.so : sbat_data.o revocations.o +revocations.so : revocation_data.o revocations.o revocations.so : SOLIBS= revocations.so : SOFLAGS= -revocations.efi : OBJFLAGS = --strip-unneeded -revocations.efi : SECTIONS=.text .reloc .sbat .sbatl .sbatp +revocations.efi : OBJFLAGS = --strip-unneeded +revocations.efi : SECTIONS=.text .reloc .sbat .sbatl .sbatp .sspvp .sspsp .sspvl .sspsl revocations.o : certmule.o cp certmule.o revocations.o @@ -114,8 +121,8 @@ endif $(OBJFLAGS) \ $(FORMAT) $^ $@ -sbat_data.o : | $(SBATPATH) $(VENDOR_SBATS) -sbat_data.o : /dev/null +revocation_data.o : | $(SBATPATH) $(VENDOR_SBATS) +revocation_data.o : /dev/null $(CC) $(BUILDFLAGS) -x c -c -o $@ $< $(OBJCOPY) --add-section .sbat=$(SBATPATH) \ --set-section-flags .sbat=contents,alloc,load,readonly,data \ @@ -126,6 +133,18 @@ sbat_data.o : /dev/null $(OBJCOPY) --add-section .sbatp=$(SBATLEVELPREVIOUSPATH) \ --set-section-flags .sbatp=contents,alloc,load,readonly,data \ $@ + $(OBJCOPY) --add-section .sspvl=$(SSPVLATESTPATH) \ + --set-section-flags .sspvl=contents,alloc,load,readonly,data \ + $@ + $(OBJCOPY) --add-section .sspsl=$(SSPSLATESTPATH) \ + --set-section-flags .sspsl=contents,alloc,load,readonly,data \ + $@ + $(OBJCOPY) --add-section .sspvp=$(SSPVPREVIOUSPATH) \ + --set-section-flags .sspvp=contents,alloc,load,readonly,data \ + $@ + $(OBJCOPY) --add-section .sspsp=$(SSPSPREVIOUSPATH) \ + --set-section-flags .sspsp=contents,alloc,load,readonly,data \ + $@ $(foreach vs,$(VENDOR_SBATS),$(call add-vendor-sbat,$(vs),$@)) %.so : %.o diff --git a/data/SkuSiPolicy_Version_latest.bin b/data/SkuSiPolicy_Version_latest.bin new file mode 100644 index 0000000..329e937 Binary files /dev/null and b/data/SkuSiPolicy_Version_latest.bin differ diff --git a/data/SkuSiPolicy_Version_previous.bin b/data/SkuSiPolicy_Version_previous.bin new file mode 100644 index 0000000..412ee87 Binary files /dev/null and b/data/SkuSiPolicy_Version_previous.bin differ diff --git a/data/SkuSiPolicy_latest.bin b/data/SkuSiPolicy_latest.bin new file mode 100644 index 0000000..0296877 Binary files /dev/null and b/data/SkuSiPolicy_latest.bin differ diff --git a/data/SkuSiPolicy_previous.bin b/data/SkuSiPolicy_previous.bin new file mode 100644 index 0000000..0296877 Binary files /dev/null and b/data/SkuSiPolicy_previous.bin differ