Attention is currently required from: Nico Huber, Martin L Roth, Angel Pons, Arthur Heymans. Hello build bot (Jenkins), Nico Huber, Martin L Roth,
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/coreboot/+/63639
to look at the new patch set (#14).
Change subject: Add SBOM (Software Bill of Materials) Generation ......................................................................
Add SBOM (Software Bill of Materials) Generation
Add Makefile.inc to Generate and build coswid tags Add templates for most payloads, coreboot and intel-microcode Add Kconfig entries to optionaly add coswid tags for payloads, coreboot and intel microcode Add CBFS entry called sbom to each build via Makefile.inc Add goswid utility tool to generate SBOM data
Motivation: https://blogs.gnome.org/hughsie/2022/03/10/firmware-software-bill-of-materia...
Signed-off-by: Maximilian Brune maximilian.brune@9elements.com Change-Id: Icb7481d4903f95d200eddbfed7728fbec51819d0 --- M Makefile.inc M payloads/Kconfig M src/Kconfig A src/sbom/Makefile.inc A src/sbom/coreboot.json.src A src/sbom/intel-microcode.json.src A src/sbom/payload-BOOTBOOT.json.src A src/sbom/payload-FILO.json.src A src/sbom/payload-GRUB2.json.src A src/sbom/payload-LinuxBoot.json.src A src/sbom/payload-SeaBIOS.json.src A src/sbom/payload-U-Boot.json.src A src/sbom/payload-Yabits.json.src A src/sbom/payload-depthcharge.json.src A src/sbom/payload-iPXE.json.src A src/sbom/payload-skiboot.json.src M src/southbridge/intel/common/firmware/Kconfig A util/goswid/cmd/main.go A util/goswid/go.mod A util/goswid/go.sum A util/goswid/pkg/uswid/uswid.go A util/goswid/vendor/github.com/davecgh/go-spew/LICENSE A util/goswid/vendor/github.com/davecgh/go-spew/spew/bypass.go A util/goswid/vendor/github.com/davecgh/go-spew/spew/bypasssafe.go A util/goswid/vendor/github.com/davecgh/go-spew/spew/common.go A util/goswid/vendor/github.com/davecgh/go-spew/spew/config.go A util/goswid/vendor/github.com/davecgh/go-spew/spew/doc.go A util/goswid/vendor/github.com/davecgh/go-spew/spew/dump.go A util/goswid/vendor/github.com/davecgh/go-spew/spew/format.go A util/goswid/vendor/github.com/davecgh/go-spew/spew/spew.go A util/goswid/vendor/github.com/fxamacker/cbor/v2/.gitignore A util/goswid/vendor/github.com/fxamacker/cbor/v2/.golangci.yml A util/goswid/vendor/github.com/fxamacker/cbor/v2/CBOR_BENCHMARKS.md A util/goswid/vendor/github.com/fxamacker/cbor/v2/CBOR_GOLANG.md A util/goswid/vendor/github.com/fxamacker/cbor/v2/CODE_OF_CONDUCT.md A util/goswid/vendor/github.com/fxamacker/cbor/v2/CONTRIBUTING.md A util/goswid/vendor/github.com/fxamacker/cbor/v2/LICENSE A util/goswid/vendor/github.com/fxamacker/cbor/v2/README.md A util/goswid/vendor/github.com/fxamacker/cbor/v2/SECURITY.md A util/goswid/vendor/github.com/fxamacker/cbor/v2/cache.go A util/goswid/vendor/github.com/fxamacker/cbor/v2/decode.go A util/goswid/vendor/github.com/fxamacker/cbor/v2/doc.go A util/goswid/vendor/github.com/fxamacker/cbor/v2/encode.go A util/goswid/vendor/github.com/fxamacker/cbor/v2/stream.go A util/goswid/vendor/github.com/fxamacker/cbor/v2/structfields.go A util/goswid/vendor/github.com/fxamacker/cbor/v2/tag.go A util/goswid/vendor/github.com/fxamacker/cbor/v2/valid.go A util/goswid/vendor/github.com/google/uuid/.travis.yml A util/goswid/vendor/github.com/google/uuid/CONTRIBUTING.md A util/goswid/vendor/github.com/google/uuid/CONTRIBUTORS A util/goswid/vendor/github.com/google/uuid/LICENSE A util/goswid/vendor/github.com/google/uuid/README.md A util/goswid/vendor/github.com/google/uuid/dce.go A util/goswid/vendor/github.com/google/uuid/doc.go A util/goswid/vendor/github.com/google/uuid/hash.go A util/goswid/vendor/github.com/google/uuid/marshal.go A util/goswid/vendor/github.com/google/uuid/node.go A util/goswid/vendor/github.com/google/uuid/node_js.go A util/goswid/vendor/github.com/google/uuid/node_net.go A util/goswid/vendor/github.com/google/uuid/null.go A util/goswid/vendor/github.com/google/uuid/sql.go A util/goswid/vendor/github.com/google/uuid/time.go A util/goswid/vendor/github.com/google/uuid/util.go A util/goswid/vendor/github.com/google/uuid/uuid.go A util/goswid/vendor/github.com/google/uuid/version1.go A util/goswid/vendor/github.com/google/uuid/version4.go A util/goswid/vendor/github.com/pmezard/go-difflib/LICENSE A util/goswid/vendor/github.com/pmezard/go-difflib/difflib/difflib.go A util/goswid/vendor/github.com/stretchr/testify/LICENSE A util/goswid/vendor/github.com/stretchr/testify/assert/assertion_compare.go A util/goswid/vendor/github.com/stretchr/testify/assert/assertion_format.go A util/goswid/vendor/github.com/stretchr/testify/assert/assertion_format.go.tmpl A util/goswid/vendor/github.com/stretchr/testify/assert/assertion_forward.go A util/goswid/vendor/github.com/stretchr/testify/assert/assertion_forward.go.tmpl A util/goswid/vendor/github.com/stretchr/testify/assert/assertions.go A util/goswid/vendor/github.com/stretchr/testify/assert/doc.go A util/goswid/vendor/github.com/stretchr/testify/assert/errors.go A util/goswid/vendor/github.com/stretchr/testify/assert/forward_assertions.go A util/goswid/vendor/github.com/stretchr/testify/assert/http_assertions.go A util/goswid/vendor/github.com/stretchr/testify/require/doc.go A util/goswid/vendor/github.com/stretchr/testify/require/forward_requirements.go A util/goswid/vendor/github.com/stretchr/testify/require/require.go A util/goswid/vendor/github.com/stretchr/testify/require/require.go.tmpl A util/goswid/vendor/github.com/stretchr/testify/require/require_forward.go A util/goswid/vendor/github.com/stretchr/testify/require/require_forward.go.tmpl A util/goswid/vendor/github.com/stretchr/testify/require/requirements.go A util/goswid/vendor/github.com/veraison/swid/.gitignore A util/goswid/vendor/github.com/veraison/swid/.golangci.yml A util/goswid/vendor/github.com/veraison/swid/CODE_OF_CONDUCT.md A util/goswid/vendor/github.com/veraison/swid/CONTRIBUTING.md A util/goswid/vendor/github.com/veraison/swid/LICENSE A util/goswid/vendor/github.com/veraison/swid/Makefile A util/goswid/vendor/github.com/veraison/swid/README.md A util/goswid/vendor/github.com/veraison/swid/cbor.go A util/goswid/vendor/github.com/veraison/swid/common.go A util/goswid/vendor/github.com/veraison/swid/coswid_extension.go A util/goswid/vendor/github.com/veraison/swid/directories.go A util/goswid/vendor/github.com/veraison/swid/directory.go A util/goswid/vendor/github.com/veraison/swid/directory_extension.go A util/goswid/vendor/github.com/veraison/swid/doc.go A util/goswid/vendor/github.com/veraison/swid/entities.go A util/goswid/vendor/github.com/veraison/swid/entity.go A util/goswid/vendor/github.com/veraison/swid/entity_extension.go A util/goswid/vendor/github.com/veraison/swid/evidence.go A util/goswid/vendor/github.com/veraison/swid/evidence_extension.go A util/goswid/vendor/github.com/veraison/swid/evidences.go A util/goswid/vendor/github.com/veraison/swid/file.go A util/goswid/vendor/github.com/veraison/swid/file_extension.go A util/goswid/vendor/github.com/veraison/swid/files.go A util/goswid/vendor/github.com/veraison/swid/filesystemitem.go A util/goswid/vendor/github.com/veraison/swid/globalattributes.go A util/goswid/vendor/github.com/veraison/swid/hashentry.go A util/goswid/vendor/github.com/veraison/swid/link.go A util/goswid/vendor/github.com/veraison/swid/link_extension.go A util/goswid/vendor/github.com/veraison/swid/links.go A util/goswid/vendor/github.com/veraison/swid/ownership.go A util/goswid/vendor/github.com/veraison/swid/payload.go A util/goswid/vendor/github.com/veraison/swid/payload_extension.go A util/goswid/vendor/github.com/veraison/swid/payloads.go A util/goswid/vendor/github.com/veraison/swid/process.go A util/goswid/vendor/github.com/veraison/swid/process_extension.go A util/goswid/vendor/github.com/veraison/swid/processes.go A util/goswid/vendor/github.com/veraison/swid/rel.go A util/goswid/vendor/github.com/veraison/swid/resource.go A util/goswid/vendor/github.com/veraison/swid/resource_extension.go A util/goswid/vendor/github.com/veraison/swid/resourcecollection.go A util/goswid/vendor/github.com/veraison/swid/resourcecollection_extension.go A util/goswid/vendor/github.com/veraison/swid/resources.go A util/goswid/vendor/github.com/veraison/swid/roles.go A util/goswid/vendor/github.com/veraison/swid/roundtripper.go A util/goswid/vendor/github.com/veraison/swid/softwareidentity.go A util/goswid/vendor/github.com/veraison/swid/softwaremeta.go A util/goswid/vendor/github.com/veraison/swid/softwaremeta_extension.go A util/goswid/vendor/github.com/veraison/swid/softwaremetas.go A util/goswid/vendor/github.com/veraison/swid/tagid.go A util/goswid/vendor/github.com/veraison/swid/test_utils.go A util/goswid/vendor/github.com/veraison/swid/use.go A util/goswid/vendor/github.com/veraison/swid/versionscheme.go A util/goswid/vendor/github.com/x448/float16/.travis.yml A util/goswid/vendor/github.com/x448/float16/LICENSE A util/goswid/vendor/github.com/x448/float16/README.md A util/goswid/vendor/github.com/x448/float16/float16.go A util/goswid/vendor/gopkg.in/yaml.v3/.travis.yml A util/goswid/vendor/gopkg.in/yaml.v3/LICENSE A util/goswid/vendor/gopkg.in/yaml.v3/NOTICE A util/goswid/vendor/gopkg.in/yaml.v3/README.md A util/goswid/vendor/gopkg.in/yaml.v3/apic.go A util/goswid/vendor/gopkg.in/yaml.v3/decode.go A util/goswid/vendor/gopkg.in/yaml.v3/emitterc.go A util/goswid/vendor/gopkg.in/yaml.v3/encode.go A util/goswid/vendor/gopkg.in/yaml.v3/parserc.go A util/goswid/vendor/gopkg.in/yaml.v3/readerc.go A util/goswid/vendor/gopkg.in/yaml.v3/resolve.go A util/goswid/vendor/gopkg.in/yaml.v3/scannerc.go A util/goswid/vendor/gopkg.in/yaml.v3/sorter.go A util/goswid/vendor/gopkg.in/yaml.v3/writerc.go A util/goswid/vendor/gopkg.in/yaml.v3/yaml.go A util/goswid/vendor/gopkg.in/yaml.v3/yamlh.go A util/goswid/vendor/gopkg.in/yaml.v3/yamlprivateh.go A util/goswid/vendor/modules.txt 160 files changed, 33,562 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/39/63639/14