Yes, indeed it would be helpful to having signing support integrated in the build. It would be nice if we had a place to put these requests (edk2 up for grabs or whatever).
I would appreciate a response from the BaseTools developers on this question since it seems like a need that others have as well. Eugene From: Thomas Rognon [mailto:tcrog...@gmail.com] Sent: Saturday, May 30, 2015 1:35 AM To: edk2-devel Subject: Re: [edk2] Executing Signtool When Building Applications Wouldn't it be nice if you could just reference your signing key in FDF or DSC (maybe add a section for it in the specs) and everything is done automatically? Kind of like how you can reference a signing key in Visual Studio's project properties for Windows drivers. On Fri, May 29, 2015 at 3:36 PM, Andrew Fish <af...@apple.com<mailto:af...@apple.com>> wrote: On May 29, 2015, at 1:14 PM, Andrew Fish <af...@apple.com<mailto:af...@apple.com>> wrote: On May 29, 2015, at 9:23 AM, Cohen, Eugene <eug...@hp.com<mailto:eug...@hp.com>> wrote: Dear edk2 tools experts, We are trying to invoke Signtool to sign applications (module type UEFI_APPLICATION) in the edk2 build with a development key. After reviewing the FDF and build specifications I’ve been unable to find a way to invoke this correctly. We were trying to create a build rule using this sort of syntax and it failed miserably: [Efi-Image.UEFI_APPLICATION] <InputFile> ?.efi, ?.EFI, ?.Efi <OutputFile> $(BIN_DIR)(+)$(MODULE_NAME).efi <Command> "$(SIGNTOOL)" $(SIGNTOOL_FLAGS) $(SIGNTOOL_CERT) ${src} Looking at the build specification it’s hard for me to tell how these rules really work. Its a little whacky. I usually end up looking in the makefile to “see what happened”.. I’d appreciate some recommendations on how to go about doing this. I’d prefer a solution that is in the platform FDF file so we can customize this for each build. It looks like are trying to copy the UEFI_OPTIONROM rule? https://svn.code.sf.net/p/edk2/code/trunk/edk2/BaseTools/Conf/build_rule.template [EFI-Image-File] <InputFile> ?.efi, ?.Efi, ?.EFI <OutputFile> <Command> [Efi-Image.UEFI_OPTIONROM] <InputFile> ?.efi, ?.EFI, ?.Efi <OutputFile> $(BIN_DIR)(+)$(MODULE_NAME).rom <Command> $(OPTROM) -i $(PCI_DEVICE_ID) -f $(PCI_VENDOR_ID) -l $(PCI_CLASS_CODE) -r $(PCI_REVISION) -o $dst $(OPTROM_FLAGS) $src What happens if you make <OutputFile> extension something other than .efi? Like .sefi?Or omit <OutputFile>? Forgot to mention it is also got to think about how the makefile is going get generated. The matching stuff like UEF_OPTIONROM controls when the rule gets emitted into the makefile. But remember these rules end up being makefile statements. I generally try to avoid makefiles, but I don’t know how you make a rule that produces what it depends on? Basically think of the <InputFile> as the dependency for the make target. Thanks, Andrew Fish Thanks, Andrew Fish Your help is greatly appreciated. Thanks, Eugene ------------------------------------------------------------------------------ _______________________________________________ edk2-devel mailing list edk2-devel@lists.sourceforge.net<mailto:edk2-devel@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/edk2-devel ------------------------------------------------------------------------------ _______________________________________________ edk2-devel mailing list edk2-devel@lists.sourceforge.net<mailto:edk2-devel@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/edk2-devel
------------------------------------------------------------------------------
_______________________________________________ edk2-devel mailing list edk2-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/edk2-devel
