1d7a9debf2
Firmware is typically delivered as one large binary image that gets flashed. Since this final image consists of binaries and data from a vast number of different people and companies, it's hard to determine what all the small parts included in it are. The goal of the software bill of materials (SBOM) is to take a firmware image and make it easy to find out what it consists of and where those pieces came from. Basically, this answers the question, who supplied the code that's running on my system right now? For example, buyers of a system can use an SBOM to perform an automated vulnerability check or license analysis, both of which can be used to evaluate risk in a product. Furthermore, one can quickly check to see if the firmware is subject to a new vulnerability included in one of the software parts (with the specified version) of the firmware. Further reference: https://web.archive.org/web/20220310104905/https://blogs.gnome.org/hughsie/2022/03/10/firmware-software-bill-of-materials/ - Add Makefile.inc to generate and build coswid tags - Add templates for most payloads, coreboot, intel-microcode, amd-microcode. intel FSP-S/M/T, EC, BIOS_ACM, SINIT_ACM, intel ME and compiler (gcc,clang,other) - Add Kconfig entries to optionally supply a path to CoSWID tags instead of using the default CoSWID tags - Add CBFS entry called SBOM to each build via Makefile.inc - Add goswid utility tool to generate SBOM data Signed-off-by: Maximilian Brune <maximilian.brune@9elements.com> Change-Id: Icb7481d4903f95d200eddbfed7728fbec51819d0 Reviewed-on: https://review.coreboot.org/c/coreboot/+/63639 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Martin Roth <martin.roth@amd.corp-partner.google.com> |
||
|---|---|---|
| 3rdparty | ||
| configs | ||
| Documentation | ||
| LICENSES | ||
| payloads | ||
| spd | ||
| src | ||
| tests | ||
| util | ||
| .checkpatch.conf | ||
| .clang-format | ||
| .editorconfig | ||
| .gitignore | ||
| .gitmodules | ||
| .gitreview | ||
| .mailmap | ||
| AUTHORS | ||
| COPYING | ||
| gnat.adc | ||
| MAINTAINERS | ||
| Makefile | ||
| Makefile.inc | ||
| README.md | ||
| toolchain.inc | ||
coreboot README
coreboot is a Free Software project aimed at replacing the proprietary BIOS (firmware) found in most computers. coreboot performs a little bit of hardware initialization and then executes additional boot logic, called a payload.
With the separation of hardware initialization and later boot logic, coreboot can scale from specialized applications that run directly firmware, run operating systems in flash, load custom bootloaders, or implement firmware standards, like PC BIOS services or UEFI. This allows for systems to only include the features necessary in the target application, reducing the amount of code and flash space required.
coreboot was formerly known as LinuxBIOS.
Payloads
After the basic initialization of the hardware has been performed, any desired "payload" can be started by coreboot.
See https://www.coreboot.org/Payloads for a list of supported payloads.
Supported Hardware
coreboot supports a wide range of chipsets, devices, and mainboards.
For details please consult:
Build Requirements
- make
- gcc / g++
Because Linux distribution compilers tend to use lots of patches. coreboot
does lots of "unusual" things in its build system, some of which break due
to those patches, sometimes by gcc aborting, sometimes - and that's worse -
by generating broken object code.
Two options: use our toolchain (eg. make crosstools-i386) or enable the
ANY_TOOLCHAINKconfig option if you're feeling lucky (no support in this case). - iasl (for targets with ACPI support)
- pkg-config
- libssl-dev (openssl)
Optional:
- gdb (for better debugging facilities on some targets)
- ncurses (for
make menuconfigandmake nconfig) - flex and bison (for regenerating parsers)
Building coreboot
Please consult https://www.coreboot.org/Build_HOWTO for details.
Testing coreboot Without Modifying Your Hardware
If you want to test coreboot without any risks before you really decide to use it on your hardware, you can use the QEMU system emulator to run coreboot virtually in QEMU.
Please see https://www.coreboot.org/QEMU for details.
Website and Mailing List
Further details on the project, a FAQ, many HOWTOs, news, development guidelines and more can be found on the coreboot website:
You can contact us directly on the coreboot mailing list:
https://www.coreboot.org/Mailinglist
Copyright and License
The copyright on coreboot is owned by quite a large number of individual developers and companies. Please check the individual source files for details.
coreboot is licensed under the terms of the GNU General Public License (GPL). Some files are licensed under the "GPL (version 2, or any later version)", and some files are licensed under the "GPL, version 2". For some parts, which were derived from other projects, other (GPL-compatible) licenses may apply. Please check the individual source files for details.
This makes the resulting coreboot images licensed under the GPL, version 2.