Great! So there were no coreboot patches necessary for this? Is it just a matter of preparing the right build environment? Because when I tried to do it manually (with SeaBios) it didn't produce the same bytes.
Since SeaBios is reproducible it would be great to make the coreboot + SeaBios bundle reproducible too.
And if the bundle is reproducible then it is easy to have a script that *verifies* some external build. Assuming it included the CONFIG values, one could extract the .config file from the rom (something like grep -a CONFIG_ rom > .config), do a local build and compare the bytes. I guess one new CONFIG value would be the SeaBios version.
--emi
On Thu, Jun 11, 2015 at 8:58 AM, Paul Menzel < paulepanter@users.sourceforge.net> wrote:
Dear coreboot folks,
Am Donnerstag, den 26.02.2015, 17:23 +0200 schrieb Emilian Bold:
I was trying to duplicate a coreboot build back in November and I
noticed I
couldn't get my ROM file to be identical to the one I found online.
It seems that coreboot doesn't have reproducible builds yet.
Debian has been looking into this for a while https://wiki.debian.org/ReproducibleBuilds and I think coreboot should adopt this concept.
[…]
Holger Levsen joined #coreboot@irc.freenode.net yesterday to report that he integrated coreboot into the reproducible builds infrastructure [1].
After configuring the used build script [2] to build without a payload,
nice ionice -c 3 \ bash util/abuild/abuild --payloads none || true # don'tfail the full job just because some targets fail
it looks like most boards are passing the test now [1]. Big thanks to Alexander (lynxis) for submitting the necessary patches!
The only exceptions are the six boards below.
* a-trend_atc-6220 (256K) is unreproducible. * a-trend_atc-6240 (256K) is unreproducible. * google_nyan (4096K) is unreproducible. * google_nyan_big (4096K) is unreproducible. * google_rush (4096K) is unreproducible. * google_rush_ryu (8192K) is unreproducible.Also, as a side node, SeaBIOS also supports to be built reproducible since commit 624e8127 (build: Support "make VERSION=xyz" to override the default build version) [3], though not by default.
So the coreboot build system, building the SeaBIOS payload, would need to be adapted, if a reproducible build with the SeaBIOS payload is required.
Thanks,
Paul
[1] https://reproducible.debian.net/coreboot/coreboot.html [2] http://anonscm.debian.org/cgit/qa/jenkins.debian.net.git/tree/bin/reproducib... [3] http://seabios.org/pipermail/seabios/2015-June/009253.html
-- coreboot mailing list: coreboot@coreboot.org http://www.coreboot.org/mailman/listinfo/coreboot