Attention is currently required from: Nico Huber, Martin L Roth.
Maximilian Brune uploaded patch set #17 to this change.
Add SBOM (Software Bill of Materials) Generation
Add Makefile.inc to Generate and build coswid tags
Add templates for most payloads, coreboot and intel-microcode
Add Kconfig entries to optionaly add coswid tags for payloads, coreboot
and intel microcode
Add CBFS entry called sbom to each build via Makefile.inc
Add goswid utility tool to generate SBOM data
Motivation:
https://blogs.gnome.org/hughsie/2022/03/10/firmware-software-bill-of-materials/
Signed-off-by: Maximilian Brune <maximilian.brune@9elements.com>
Change-Id: Icb7481d4903f95d200eddbfed7728fbec51819d0
---
M Makefile.inc
M payloads/Kconfig
M src/Kconfig
A src/sbom/Makefile.inc
A src/sbom/coreboot.json.src
A src/sbom/intel-microcode.json.src
A src/sbom/payload-BOOTBOOT.json.src
A src/sbom/payload-FILO.json.src
A src/sbom/payload-GRUB2.json.src
A src/sbom/payload-LinuxBoot.json.src
A src/sbom/payload-SeaBIOS.json.src
A src/sbom/payload-U-Boot.json.src
A src/sbom/payload-Yabits.json.src
A src/sbom/payload-depthcharge.json.src
A src/sbom/payload-iPXE.json.src
A src/sbom/payload-skiboot.json.src
M src/southbridge/intel/common/firmware/Kconfig
A util/goswid/cmd/main.go
A util/goswid/go.mod
A util/goswid/go.sum
A util/goswid/pkg/uswid/uswid.go
A util/goswid/vendor/github.com/davecgh/go-spew/LICENSE
A util/goswid/vendor/github.com/davecgh/go-spew/spew/bypass.go
A util/goswid/vendor/github.com/davecgh/go-spew/spew/bypasssafe.go
A util/goswid/vendor/github.com/davecgh/go-spew/spew/common.go
A util/goswid/vendor/github.com/davecgh/go-spew/spew/config.go
A util/goswid/vendor/github.com/davecgh/go-spew/spew/doc.go
A util/goswid/vendor/github.com/davecgh/go-spew/spew/dump.go
A util/goswid/vendor/github.com/davecgh/go-spew/spew/format.go
A util/goswid/vendor/github.com/davecgh/go-spew/spew/spew.go
A util/goswid/vendor/github.com/fxamacker/cbor/v2/.gitignore
A util/goswid/vendor/github.com/fxamacker/cbor/v2/.golangci.yml
A util/goswid/vendor/github.com/fxamacker/cbor/v2/CBOR_BENCHMARKS.md
A util/goswid/vendor/github.com/fxamacker/cbor/v2/CBOR_GOLANG.md
A util/goswid/vendor/github.com/fxamacker/cbor/v2/CODE_OF_CONDUCT.md
A util/goswid/vendor/github.com/fxamacker/cbor/v2/CONTRIBUTING.md
A util/goswid/vendor/github.com/fxamacker/cbor/v2/LICENSE
A util/goswid/vendor/github.com/fxamacker/cbor/v2/README.md
A util/goswid/vendor/github.com/fxamacker/cbor/v2/SECURITY.md
A util/goswid/vendor/github.com/fxamacker/cbor/v2/cache.go
A util/goswid/vendor/github.com/fxamacker/cbor/v2/decode.go
A util/goswid/vendor/github.com/fxamacker/cbor/v2/doc.go
A util/goswid/vendor/github.com/fxamacker/cbor/v2/encode.go
A util/goswid/vendor/github.com/fxamacker/cbor/v2/stream.go
A util/goswid/vendor/github.com/fxamacker/cbor/v2/structfields.go
A util/goswid/vendor/github.com/fxamacker/cbor/v2/tag.go
A util/goswid/vendor/github.com/fxamacker/cbor/v2/valid.go
A util/goswid/vendor/github.com/google/uuid/.travis.yml
A util/goswid/vendor/github.com/google/uuid/CONTRIBUTING.md
A util/goswid/vendor/github.com/google/uuid/CONTRIBUTORS
A util/goswid/vendor/github.com/google/uuid/LICENSE
A util/goswid/vendor/github.com/google/uuid/README.md
A util/goswid/vendor/github.com/google/uuid/dce.go
A util/goswid/vendor/github.com/google/uuid/doc.go
A util/goswid/vendor/github.com/google/uuid/hash.go
A util/goswid/vendor/github.com/google/uuid/marshal.go
A util/goswid/vendor/github.com/google/uuid/node.go
A util/goswid/vendor/github.com/google/uuid/node_js.go
A util/goswid/vendor/github.com/google/uuid/node_net.go
A util/goswid/vendor/github.com/google/uuid/null.go
A util/goswid/vendor/github.com/google/uuid/sql.go
A util/goswid/vendor/github.com/google/uuid/time.go
A util/goswid/vendor/github.com/google/uuid/util.go
A util/goswid/vendor/github.com/google/uuid/uuid.go
A util/goswid/vendor/github.com/google/uuid/version1.go
A util/goswid/vendor/github.com/google/uuid/version4.go
A util/goswid/vendor/github.com/pmezard/go-difflib/LICENSE
A util/goswid/vendor/github.com/pmezard/go-difflib/difflib/difflib.go
A util/goswid/vendor/github.com/stretchr/testify/LICENSE
A util/goswid/vendor/github.com/stretchr/testify/assert/assertion_compare.go
A util/goswid/vendor/github.com/stretchr/testify/assert/assertion_format.go
A util/goswid/vendor/github.com/stretchr/testify/assert/assertion_format.go.tmpl
A util/goswid/vendor/github.com/stretchr/testify/assert/assertion_forward.go
A util/goswid/vendor/github.com/stretchr/testify/assert/assertion_forward.go.tmpl
A util/goswid/vendor/github.com/stretchr/testify/assert/assertions.go
A util/goswid/vendor/github.com/stretchr/testify/assert/doc.go
A util/goswid/vendor/github.com/stretchr/testify/assert/errors.go
A util/goswid/vendor/github.com/stretchr/testify/assert/forward_assertions.go
A util/goswid/vendor/github.com/stretchr/testify/assert/http_assertions.go
A util/goswid/vendor/github.com/stretchr/testify/require/doc.go
A util/goswid/vendor/github.com/stretchr/testify/require/forward_requirements.go
A util/goswid/vendor/github.com/stretchr/testify/require/require.go
A util/goswid/vendor/github.com/stretchr/testify/require/require.go.tmpl
A util/goswid/vendor/github.com/stretchr/testify/require/require_forward.go
A util/goswid/vendor/github.com/stretchr/testify/require/require_forward.go.tmpl
A util/goswid/vendor/github.com/stretchr/testify/require/requirements.go
A util/goswid/vendor/github.com/veraison/swid/.gitignore
A util/goswid/vendor/github.com/veraison/swid/.golangci.yml
A util/goswid/vendor/github.com/veraison/swid/CODE_OF_CONDUCT.md
A util/goswid/vendor/github.com/veraison/swid/CONTRIBUTING.md
A util/goswid/vendor/github.com/veraison/swid/LICENSE
A util/goswid/vendor/github.com/veraison/swid/Makefile
A util/goswid/vendor/github.com/veraison/swid/README.md
A util/goswid/vendor/github.com/veraison/swid/cbor.go
A util/goswid/vendor/github.com/veraison/swid/common.go
A util/goswid/vendor/github.com/veraison/swid/coswid_extension.go
A util/goswid/vendor/github.com/veraison/swid/directories.go
A util/goswid/vendor/github.com/veraison/swid/directory.go
A util/goswid/vendor/github.com/veraison/swid/directory_extension.go
A util/goswid/vendor/github.com/veraison/swid/doc.go
A util/goswid/vendor/github.com/veraison/swid/entities.go
A util/goswid/vendor/github.com/veraison/swid/entity.go
A util/goswid/vendor/github.com/veraison/swid/entity_extension.go
A util/goswid/vendor/github.com/veraison/swid/evidence.go
A util/goswid/vendor/github.com/veraison/swid/evidence_extension.go
A util/goswid/vendor/github.com/veraison/swid/evidences.go
A util/goswid/vendor/github.com/veraison/swid/file.go
A util/goswid/vendor/github.com/veraison/swid/file_extension.go
A util/goswid/vendor/github.com/veraison/swid/files.go
A util/goswid/vendor/github.com/veraison/swid/filesystemitem.go
A util/goswid/vendor/github.com/veraison/swid/globalattributes.go
A util/goswid/vendor/github.com/veraison/swid/hashentry.go
A util/goswid/vendor/github.com/veraison/swid/link.go
A util/goswid/vendor/github.com/veraison/swid/link_extension.go
A util/goswid/vendor/github.com/veraison/swid/links.go
A util/goswid/vendor/github.com/veraison/swid/ownership.go
A util/goswid/vendor/github.com/veraison/swid/payload.go
A util/goswid/vendor/github.com/veraison/swid/payload_extension.go
A util/goswid/vendor/github.com/veraison/swid/payloads.go
A util/goswid/vendor/github.com/veraison/swid/process.go
A util/goswid/vendor/github.com/veraison/swid/process_extension.go
A util/goswid/vendor/github.com/veraison/swid/processes.go
A util/goswid/vendor/github.com/veraison/swid/rel.go
A util/goswid/vendor/github.com/veraison/swid/resource.go
A util/goswid/vendor/github.com/veraison/swid/resource_extension.go
A util/goswid/vendor/github.com/veraison/swid/resourcecollection.go
A util/goswid/vendor/github.com/veraison/swid/resourcecollection_extension.go
A util/goswid/vendor/github.com/veraison/swid/resources.go
A util/goswid/vendor/github.com/veraison/swid/roles.go
A util/goswid/vendor/github.com/veraison/swid/roundtripper.go
A util/goswid/vendor/github.com/veraison/swid/softwareidentity.go
A util/goswid/vendor/github.com/veraison/swid/softwaremeta.go
A util/goswid/vendor/github.com/veraison/swid/softwaremeta_extension.go
A util/goswid/vendor/github.com/veraison/swid/softwaremetas.go
A util/goswid/vendor/github.com/veraison/swid/tagid.go
A util/goswid/vendor/github.com/veraison/swid/test_utils.go
A util/goswid/vendor/github.com/veraison/swid/use.go
A util/goswid/vendor/github.com/veraison/swid/versionscheme.go
A util/goswid/vendor/github.com/x448/float16/.travis.yml
A util/goswid/vendor/github.com/x448/float16/LICENSE
A util/goswid/vendor/github.com/x448/float16/README.md
A util/goswid/vendor/github.com/x448/float16/float16.go
A util/goswid/vendor/gopkg.in/yaml.v3/.travis.yml
A util/goswid/vendor/gopkg.in/yaml.v3/LICENSE
A util/goswid/vendor/gopkg.in/yaml.v3/NOTICE
A util/goswid/vendor/gopkg.in/yaml.v3/README.md
A util/goswid/vendor/gopkg.in/yaml.v3/apic.go
A util/goswid/vendor/gopkg.in/yaml.v3/decode.go
A util/goswid/vendor/gopkg.in/yaml.v3/emitterc.go
A util/goswid/vendor/gopkg.in/yaml.v3/encode.go
A util/goswid/vendor/gopkg.in/yaml.v3/parserc.go
A util/goswid/vendor/gopkg.in/yaml.v3/readerc.go
A util/goswid/vendor/gopkg.in/yaml.v3/resolve.go
A util/goswid/vendor/gopkg.in/yaml.v3/scannerc.go
A util/goswid/vendor/gopkg.in/yaml.v3/sorter.go
A util/goswid/vendor/gopkg.in/yaml.v3/writerc.go
A util/goswid/vendor/gopkg.in/yaml.v3/yaml.go
A util/goswid/vendor/gopkg.in/yaml.v3/yamlh.go
A util/goswid/vendor/gopkg.in/yaml.v3/yamlprivateh.go
A util/goswid/vendor/modules.txt
160 files changed, 33,562 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/coreboot refs/changes/39/63639/17
To view, visit change 63639. To unsubscribe, or for help writing mail filters, visit settings.