use SbatLevel_Variable.txt in shim repo as source for revocations

With shim added as a git module this allows builds to specify revocations from SbatLevel_Variable.txt on the command line they currently default to: SBAT_LATEST_DATE=2023012950 SBAT_AUTOMATIC_DATE=2023012900 Signed-off-by: Jan Setje-Eilers <[email protected]>
rhboot · Dec 23, 2024 · a7546a7 · a7546a7
1 parent dea7500
commit a7546a7
Show file tree

Hide file tree

Showing 6 changed files with 23 additions and 8 deletions.
diff --git a/.gitignore b/.gitignore
@@ -18,3 +18,7 @@
 # editor backup/tmp files
 *~
 *.sw?
+
+# generated revocation payload
+data/sbat_level_automatic.csv
+data/sbat_level_latest.csv
diff --git a/.gitmodules b/.gitmodules
@@ -2,3 +2,6 @@
 	path = gnu-efi
 	url = https://github.com/rhboot/gnu-efi
 	branch = shim-15.6
+[submodule "shim"]
+	path = shim
+	url = https://github.com/rhboot/shim
diff --git a/Makefile b/Makefile
@@ -112,6 +112,19 @@ revocations.efi : SECTIONS=.text .reloc .sbat .sbatl .sbata .sspva .sspsa .sspvl
 revocations.o : certwrapper.o
 	cp certwrapper.o revocations.o
 
+SBAT_LATEST_DATE ?= 2023012950
+SBAT_AUTOMATIC_DATE ?= 2023012900
+
+$(SBATLEVELLATESTPATH) :
+	awk '/^sbat,1,$(SBAT_LATEST_DATE)/ { print $$0 }' \
+		FS=\"\n\" RS=\\n\\n shim/SbatLevel_Variable.txt \
+		> $@
+
+$(SBATLEVELAUTOMATICPATH) :
+	awk '/^sbat,1,$(SBAT_AUTOMATIC_DATE)/ { print $$0 }' \
+		FS=\"\n\" RS=\\n\\n shim/SbatLevel_Variable.txt \
+		> $@
+
 %.efi : %.so
 ifneq ($(OBJCOPY_GTE224),1)
 	$(error objcopy >= 2.24 is required)
@@ -121,6 +134,7 @@ endif
 		   $(OBJFLAGS) \
 		   $(FORMAT) $^ $@
 
+revocation_data.o : $(SBATLEVELLATESTPATH) $(SBATLEVELAUTOMATICPATH)
 revocation_data.o : | $(SBATPATH) $(VENDOR_SBATS)
 revocation_data.o : /dev/null
 	$(CC) $(BUILDFLAGS) -x c -c -o $@ $<
@@ -156,7 +170,7 @@ revocation_data.o : /dev/null
 	$(CC) $(BUILDFLAGS) -c -o $@ $^
 
 clean :
-	@rm -vf *.o *.so *.efi
+	@rm -vf *.o *.so *.efi $(SBATLEVELLATESTPATH) $(SBATLEVELAUTOMATICPATH)
 
 update :
 	git submodule update --init --recursive

diff --git a/data/sbat_level_automatic.csv b/data/sbat_level_automatic.csv
diff --git a/data/sbat_level_latest.csv b/data/sbat_level_latest.csv
diff --git a/shim b/shim