[build] Exclude selected directories from Secure Boot builds
authorMichael Brown <mcb30@ipxe.org>
Mon, 18 Sep 2017 12:32:39 +0000 (13:32 +0100)
committerMichael Brown <mcb30@ipxe.org>
Mon, 18 Sep 2017 13:38:12 +0000 (14:38 +0100)
commit7428ab7258e03ddef79ba774432b7b8c11cc2730
treebe87ba6f133384c149b9976718d3694ad047d10b
parentd46c53cfc6fe98fbb51afc2560dac26703e3d178
[build] Exclude selected directories from Secure Boot builds

When submitting binaries for UEFI Secure Boot signing, certain
known-dubious subsystems (such as 802.11 and NFS) must be excluded
from the build.  Mark the directories containing these subsystems as
insecure, and allow the build target to include an explicit "security
flag" (a literal "-sb" appended to the build platform) to exclude
these source directories from the build process.

For example:

  make bin-x86_64-efi-sb/ipxe.efi

will build iPXE with all code from the 802.11 and NFS subsystems
excluded from the build.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
src/Makefile
src/Makefile.housekeeping