Attention is currently required from: Nico Huber, Martin L Roth, Angel Pons, Arthur Heymans. Maximilian Brune has posted comments on this change. ( https://review.coreboot.org/c/coreboot/+/63639 )

Change subject: Add SBOM (Software Bill of Materials) Generation ......................................................................

Patch Set 14:

(1 comment)

Patchset:

PS12:

Given that this change is WIP, I imagine that SBOM entries for other firmware ingredients will be im […]

Yes, the goal is that the software owners of these various blobs, supply a SBOM file along with it. So we only have to include it in the build (with a given path). for microcode I am currently extracting the information myself (which is not the intention/goal), but should be good enough for a proof of concept.

I am planning to add an option to the goswid tool. It will probably look like this: goswid -o sbom-new.uswid -a my-custom-payload.json sbom-old.uswid the '-a' would be for 'append' Then you only have to use the cbfstool to add sbom-new.uswid into the CBFS.