Wouldn't it be nice if you could just reference your signing key in FDF or
DSC (maybe add a section for it in the specs) and everything is done
automatically? Kind of like how you can reference a signing key in Visual
Studio's project properties for Windows drivers.
On Fri, May 29, 2015 at 3:36 PM, Andrew Fish <af...@apple.com> wrote:
>
> On May 29, 2015, at 1:14 PM, Andrew Fish <af...@apple.com> wrote:
>
>
> On May 29, 2015, at 9:23 AM, Cohen, Eugene <eug...@hp.com> wrote:
>
> Dear edk2 tools experts,
>
> We are trying to invoke Signtool to sign applications (module type
> UEFI_APPLICATION) in the edk2 build with a development key. After
> reviewing the FDF and build specifications I’ve been unable to find a way
> to invoke this correctly.
>
> We were trying to create a build rule using this sort of syntax and it
> failed miserably:
>
> [Efi-Image.UEFI_APPLICATION]
> <InputFile>
> ?.efi, ?.EFI, ?.Efi
>
> <OutputFile>
> $(BIN_DIR)(+)$(MODULE_NAME).efi
>
> <Command>
> "$(SIGNTOOL)" $(SIGNTOOL_FLAGS) $(SIGNTOOL_CERT) ${src}
>
>
> Looking at the build specification it’s hard for me to tell how these
> rules really work.
>
>
>
> Its a little whacky. I usually end up looking in the makefile to “see what
> happened”..
>
> I’d appreciate some recommendations on how to go about doing this. I’d
> prefer a solution that is in the platform FDF file so we can customize this
> for each build.
>
>
>
> It looks like are trying to copy the UEFI_OPTIONROM rule?
>
>
> https://svn.code.sf.net/p/edk2/code/trunk/edk2/BaseTools/Conf/build_rule.template
>
> [EFI-Image-File]
> <InputFile>
> ?.efi, ?.Efi, ?.EFI
>
> <OutputFile>
>
> <Command>
>
> [Efi-Image.UEFI_OPTIONROM]
> <InputFile>
> ?.efi, ?.EFI, ?.Efi
>
> <OutputFile>
> $(BIN_DIR)(+)$(MODULE_NAME).rom
>
> <Command>
> $(OPTROM) -i $(PCI_DEVICE_ID) -f $(PCI_VENDOR_ID) -l
> $(PCI_CLASS_CODE) -r $(PCI_REVISION) -o $dst $(OPTROM_FLAGS) $src
>
>
> What happens if you make <OutputFile> extension something other than .efi?
> Like .sefi?Or omit <OutputFile>?
>
>
> Forgot to mention it is also got to think about how the makefile is going
> get generated. The matching stuff like UEF_OPTIONROM controls when the rule
> gets emitted into the makefile. But remember these rules end up being
> makefile statements. I generally try to avoid makefiles, but I don’t know
> how you make a rule that produces what it depends on? Basically think of
> the <InputFile> as the dependency for the make target.
>
> Thanks,
>
> Andrew Fish
>
> Thanks,
>
> Andrew Fish
>
>
> Your help is greatly appreciated.
>
> Thanks,
>
> Eugene
>
>
> ------------------------------------------------------------------------------
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/edk2-devel
>
>
>
>
> ------------------------------------------------------------------------------
>
> _______________________________________________
> edk2-devel mailing list
> edk2-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/edk2-devel
>
>
------------------------------------------------------------------------------
_______________________________________________
edk2-devel mailing list
edk2-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/edk2-devel
