summaryrefslogtreecommitdiffstats
path: root/Config.kmk
diff options
context:
space:
mode:
Diffstat (limited to 'Config.kmk')
-rw-r--r--Config.kmk57
1 files changed, 31 insertions, 26 deletions
diff --git a/Config.kmk b/Config.kmk
index 37ec8fbf..abcef4ad 100644
--- a/Config.kmk
+++ b/Config.kmk
@@ -1147,6 +1147,9 @@ ifndef VBOX_WITH_HARDENING
VBOX_WITH_ORIGIN = 1
endif
endif
+# Building windows without a kernel code signing certificate (as good as
+# impossible to get these days, so enabled by default).
+VBOX_WITHOUT_WINDOWS_KERNEL_CODE_SIGNING_CERT = 1
# Enable the system wide support service/daemon.
# Very sketchy work in progress.
#VBOX_WITH_SUPSVC = 1
@@ -4057,7 +4060,7 @@ ifdef VBOX_SIGNING_MODE
# @param $2 The file to be submitted for signing.
# @param $3 The directory to put the signed file in. Defaults to $(dir $2).
# @param $4 Additional options.
- VBOX_CCS_SIGN_CMD = $(VBOX_RETRY) $(VBOX_JAVA) -jar "$(VBOX_CCS_CLIENT_JAR)" \
+ VBOX_CCS_SIGN_CMD = $(VBOX_RETRY) $(VBOX_JAVA) -Xmx256m -jar "$(VBOX_CCS_CLIENT_JAR)" \
sign -user "$(VBOX_CCS_USER)" -global_uid "$(VBOX_CCS_GLOBAL_UID)" \
-job_timeout 90 -server_timeout 75 -server "$(VBOX_CCS_SERVER)" \
-sign_method "$1" -file_to_sign "$2" -signed_location "$(if $3,$3,$(call VBOX_DIRX,$2))" $4
@@ -4163,25 +4166,24 @@ ifdef VBOX_SIGNING_MODE
# @param 4 Set to 2 if the expression will be expanded twice before chopped into commands (for _CMDS).
# @param 5 Disables dual signing if non-empty, picking the SHA2 signature (since 2022-07-18).
# @param 6 non-zero for alternative command separator. This is used for generating repacking scripts.
+ # @param 7 non-zero for timed execution if possible
ifndef VBOX_SIGN_FILE_FN
if $(intersects win all 1,$(VBOX_WITH_CORP_CODE_SIGNING))
- VBOX_SIGN_FILE_FN = $(call VBOX_CCS_SIGN_CMD,driver$(if-expr "$3" == "/ph",_pagehash,),$1,,-digest_algo $(if-expr "$5" == "",SHA1,SHA2)) \
- $(if-expr "$5" == "", \
- $(if-expr "$6" == "",$(if-expr "$4" == "2",$$(NLTAB),$(NLTAB)),$6) \
- $(call VBOX_CCS_SIGN_CMD,driver$(if-expr "$3" == "/ph",_pagehash,),$1,,-dual_sign -digest_algo SHA2))
+ # CCS has lost the ability to do dual signing a while ago, can do SHA256 only
+ VBOX_SIGN_FILE_FN = $(if $(strip $7),$(TIME) ,)$(call VBOX_CCS_SIGN_CMD,driver$(if-expr "$3" == "/ph",_pagehash,),$1,,-digest_algo SHA2)
else ifdef VBOX_CERTIFICATE_SHA2_SUBJECT_NAME
ifdef VBOX_CERTIFICATE_SUBJECT_NAME
- VBOX_SIGN_FILE_FN = $(if-expr "$5" == "",$(VBOX_SIGNTOOL_SHA1) \
- sign /fd sha1 \
- $(VBOX_CROSS_CERTIFICATE_FILE_ARGS) \
- $(VBOX_CERTIFICATE_STORE_ARGS) \
- $(VBOX_CERTIFICATE_SUBJECT_NAME_ARGS) \
- $(VBOX_CERTIFICATE_FINGERPRINT_ARGS) \
- $(VBOX_TSA_URL_ARGS) \
- $(if $(strip $(2)),/d "$(strip $(2))",) \
- $(3) \
- "$(1)" \
- $(if-expr "$6" == "",$(if-expr "$4" == "2",$$(NLTAB),$(NLTAB)),$6))$(VBOX_SIGNTOOL_SHA2) \
+ VBOX_SIGN_FILE_FN = $(if-expr "$5" == "",$(if $(strip $7),$(TIME) ,)$(VBOX_SIGNTOOL_SHA1) \
+ sign /fd sha1 \
+ $(VBOX_CROSS_CERTIFICATE_FILE_ARGS) \
+ $(VBOX_CERTIFICATE_STORE_ARGS) \
+ $(VBOX_CERTIFICATE_SUBJECT_NAME_ARGS) \
+ $(VBOX_CERTIFICATE_FINGERPRINT_ARGS) \
+ $(VBOX_TSA_URL_ARGS) \
+ $(if $(strip $(2)),/d "$(strip $(2))",) \
+ $(3) \
+ "$(1)" \
+ $(if-expr "$6" == "",$(if-expr "$4" == "2",$$(NLTAB),$(NLTAB)),$6))$(if $(strip $7),$(TIME) ,)$(VBOX_SIGNTOOL_SHA2) \
sign $(if-expr "$5" == "",/as,) /fd sha256 \
$(VBOX_CROSS_CERTIFICATE_SHA2_FILE_ARGS) \
$(VBOX_CERTIFICATE_SHA2_STORE_ARGS) \
@@ -4192,7 +4194,7 @@ ifdef VBOX_SIGNING_MODE
$(3) \
"$(1)"
else
- VBOX_SIGN_FILE_FN = $(VBOX_SIGNTOOL_SHA2) \
+ VBOX_SIGN_FILE_FN = $(if $(strip $7),$(TIME) ,)$(VBOX_SIGNTOOL_SHA2) \
sign /fd sha256 \
$(VBOX_CROSS_CERTIFICATE_SHA2_FILE_ARGS) \
$(VBOX_CERTIFICATE_SHA2_STORE_ARGS) \
@@ -4204,7 +4206,7 @@ ifdef VBOX_SIGNING_MODE
"$(1)"
endif
else
- VBOX_SIGN_FILE_FN = $(VBOX_SIGNTOOL) \
+ VBOX_SIGN_FILE_FN = $(if $(strip $7),$(TIME) ,)$(VBOX_SIGNTOOL) \
sign /fd $(firstword $(VBOX_TEST_SIGN_ALGORITHM) sha256) \
$(VBOX_CROSS_CERTIFICATE_FILE_ARGS) \
$(VBOX_CERTIFICATE_STORE_ARGS) \
@@ -4707,7 +4709,8 @@ if defined(VBOX_SIGNING_MODE) && "$(KBUILD_TARGET)" == "win"
$(RM) -f -- "$@"
$(CP) -- "$(quote-sh-dq $<)" "$@"
$(CHMOD) a+rw -- "$@"
- $(VBOX_VCC_EDITBIN) /LargeAddressAware /DynamicBase /NxCompat /Release /IntegrityCheck \
+ $(VBOX_VCC_EDITBIN) /LargeAddressAware /DynamicBase /NxCompat /Release \
+ $(if-expr !defined(VBOX_WITHOUT_WINDOWS_KERNEL_CODE_SIGNING_CERT),/IntegrityCheck,) \
/Version:$(VBOX_VERSION_MAJOR)0$(VBOX_VERSION_MINOR).$(VBOX_VERSION_BUILD) \
"$@"
$(call VBOX_SIGN_IMAGE_FN,$@)
@@ -4729,7 +4732,8 @@ if defined(VBOX_SIGNING_MODE) && "$(KBUILD_TARGET)" == "win"
$(RM) -f -- "$@"
$(CP) -- "$<" "$@"
$(CHMOD) a+rw -- "$@"
- $(VBOX_VCC_EDITBIN) /LargeAddressAware /DynamicBase /NxCompat /Release /IntegrityCheck \
+ $(VBOX_VCC_EDITBIN) /LargeAddressAware /DynamicBase /NxCompat /Release \
+ $(if-expr !defined(VBOX_WITHOUT_WINDOWS_KERNEL_CODE_SIGNING_CERT),/IntegrityCheck,) \
/Version:$(VBOX_VERSION_MAJOR)0$(VBOX_VERSION_MINOR).$(VBOX_VERSION_BUILD) \
"$@"
$(call VBOX_SIGN_IMAGE_FN,$@)
@@ -5247,7 +5251,7 @@ ifdef VBOX_WITH_RAW_MODE
-Driver -Subsystem:NATIVE -Incremental:NO -Align:64 -MapInfo:Exports -NoD $(VBOX_VCC_LD_WERR) -Release -Debug -Opt:Ref -Opt:Icf \
-Version:$(VBOX_VERSION_MAJOR)0$(VBOX_VERSION_MINOR).$(VBOX_VERSION_BUILD) \
-Stub:$(PATH_ROOT)/src/VBox/HostDrivers/Support/win/winstub.com
- ifdef VBOX_SIGNING_MODE
+ if defined(VBOX_SIGNING_MODE) && !defined(VBOX_WITHOUT_WINDOWS_KERNEL_CODE_SIGNING_CERT)
TEMPLATE_VBoxRc_LDFLAGS += -IntegrityCheck
endif
TEMPLATE_VBoxRc_SDKS.x86 += VBoxWinInt64Lib
@@ -6187,7 +6191,7 @@ ifeq ($(KBUILD_TARGET),win)
ifdef VBOX_WITH_DTRACE_R3
TEMPLATE_VBoxR3Exe_LDFLAGS += -Merge:VTGPrLc.Data=VTGPrLc.Begin -Merge:VTGPrLc.End=VTGPrLc.Begin -Merge:VTGPrLc.Begin=VTGObj
endif
- if defined(VBOX_SIGNING_MODE) && defined(VBOX_WITH_HARDENING)
+ if defined(VBOX_SIGNING_MODE) && defined(VBOX_WITH_HARDENING) && !defined(VBOX_WITHOUT_WINDOWS_KERNEL_CODE_SIGNING_CERT)
TEMPLATE_VBoxR3Exe_LDFLAGS += -IntegrityCheck
endif
TEMPLATE_VBoxR3Exe_LDFLAGS.win.amd64 = $(VBOX_VCC_LD_HIGH_ENTRYOPY_VA)
@@ -6834,7 +6838,8 @@ TEMPLATE_VBoxR3HardenedTstExe_INST = $(INST_TESTCASE)
TEMPLATE_VBoxR3HardenedTstDll = VBox Ring-3 Hardened Testcase Dll (currently windows only!)
TEMPLATE_VBoxR3HardenedTstDll_EXTENDS = VBoxR3TstDll
TEMPLATE_VBoxR3HardenedTstDll_INST = $(INST_TESTCASE)
-TEMPLATE_VBoxR3HardenedTstDll_LDFLAGS.win = $(TEMPLATE_VBoxR3TstDll_LDFLAGS.win) -IntegrityCheck
+TEMPLATE_VBoxR3HardenedTstDll_LDFLAGS.win = $(TEMPLATE_VBoxR3TstDll_LDFLAGS.win) \
+ $(if-expr !defined(VBOX_WITHOUT_WINDOWS_KERNEL_CODE_SIGNING_CERT),-IntegrityCheck,)
ifn1of ($(KBUILD_TARGET), win os2)
TEMPLATE_VBoxR3HardenedTstDll_LDFLAGS = $(filter-out '$(VBOX_GCC_RPATH_OPT)%,$(TEMPLATE_VBoxR3TstDll_LDFLAGS))
TEMPLATE_VBoxR3HardenedTstDll_LDFLAGS.linux = $(filter-out $(VBOX_GCC_ORIGIN_OPT),$(TEMPLATE_VBoxR3TstDll_LDFLAGS.linux))
@@ -7135,7 +7140,7 @@ ifeq ($(KBUILD_TARGET),win)
/DISALLOWLIB:libvcruntimed.lib \
/DISALLOWLIB:libucrt.lib \
/DISALLOWLIB:libucrtd.lib
- if defined(VBOX_SIGNING_MODE) && defined(VBOX_WITH_HARDENING)
+ if defined(VBOX_SIGNING_MODE) && defined(VBOX_WITH_HARDENING) && !defined(VBOX_WITHOUT_WINDOWS_KERNEL_CODE_SIGNING_CERT)
TEMPLATE_VBoxMainExe_LDFLAGS += -IntegrityCheck
endif
ifdef VBOX_WITH_DTRACE_R3_MAIN
@@ -7795,7 +7800,7 @@ ifdef VBOX_WITH_QTGUI
$(VBOX_VCC_LD_GUARD_CF) $(VBOX_VCC_SANITIZER_LDFLAGS) \
/Version:$(VBOX_VERSION_MAJOR)0$(VBOX_VERSION_MINOR).$(VBOX_VERSION_BUILD) \
/STUB:$(PATH_ROOT)/src/VBox/HostDrivers/Support/win/winstub.com
- if defined(VBOX_SIGNING_MODE) && defined(VBOX_WITH_HARDENING)
+ if defined(VBOX_SIGNING_MODE) && defined(VBOX_WITH_HARDENING) && !defined(VBOX_WITHOUT_WINDOWS_KERNEL_CODE_SIGNING_CERT)
TEMPLATE_VBoxQtGuiExe_LDFLAGS += -IntegrityCheck
endif
if "$(VBOX_VCC_TOOL_STEM)" >= "VCC142" # Don't waste space on x86/amd64-on-arm emulation optimizations.
@@ -9006,7 +9011,7 @@ endif
SVN ?= svn$(HOSTSUFF_EXE)
VBOX_SVN_REV_KMK = $(PATH_OUT)/revision.kmk
ifndef VBOX_SVN_REV
- VBOX_SVN_REV_CONFIG_FALLBACK := $(patsubst %:,, $Rev: 162738 $ )
+ VBOX_SVN_REV_CONFIG_FALLBACK := $(patsubst %:,, $Rev: 162950 $ )
VBOX_SVN_REV_FALLBACK := $(if-expr $(VBOX_SVN_REV_CONFIG_FALLBACK) > $(VBOX_SVN_REV_VERSION_FALLBACK),$(VBOX_SVN_REV_CONFIG_FALLBACK),$(VBOX_SVN_REV_VERSION_FALLBACK))
VBOX_SVN_DEP := $(firstword $(wildcard $(PATH_ROOT)/.svn/wc.db $(abspath $(PATH_ROOT)/../.svn/wc.db) $(abspath $(PATH_ROOT)/../../.svn/wc.db) $(PATH_ROOT)/.svn/entries))
ifeq ($(which $(SVN)),)
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-04 04:50:43 +0000