[coreboot] Coreboot reproducible builds

Patrick Georgi pgeorgi at google.com
Thu Feb 26 17:10:51 CET 2015


2015-02-26 16:23 GMT+01:00 Emilian Bold <emilian.bold at gmail.com>:
> It seems that Coreboot doesn't have reproducible builds yet.
You're right, it doesn't. One of the major items is probably to
replace the current build time stamps with something more reasonable.
For example, the current commit's time stamp (unless the tree is
dirty, in which reproducability is impossible).

> I think Coreboot should adopt this concept.
Patches accepted.

>
> It seems like we are halfway there with INCLUDE_CONFIG_FILE but what I've
> noticed is that even if I extract the CONFIG_ values the build still needs
> some manual tweaking.
>
> Ideally we should record the tools used (crossgcc version, etc), the
We do.

> coreboot git revision id,
We do.

> the CONFIG_ values and the build info for the
We optionally do.

> payloads (for the auto-downloaded SeaBIOS I think just the git revision id
> would be enough).
Payloads are more intricate. I'd stick with the coreboot parts, that
is, a coreboot build without adding a payload is bit-identical. Then
do the same for the payload (we can add meta-data to cbfs files or
store payload information in a separate cbfs file).

> Is there anyone willing to help me with this (or already working on this)?
Like Peter I'm happy to review changesets on gerrit.


Patrick
-- 
Google Germany GmbH
ABC-Str. 19
20354 Hamburg

Registergericht und -nummer: Hamburg, HRB 86891
Sitz der Gesellschaft: Hamburg
Geschäftsführer: Graham Law, Christine Elizabeth Flores



More information about the coreboot mailing list