<div dir="ltr">Great! So there were no coreboot patches necessary for this? Is it just a matter of preparing the right build environment? Because when I tried to do it manually (with SeaBios) it didn't produce the same bytes.<div><br></div><div>Since SeaBios is reproducible it would be great to make the coreboot + SeaBios bundle reproducible too.</div><div><br></div><div>And if the bundle is reproducible then it is easy to have a script that *verifies* some external build. Assuming it included the CONFIG values, one could extract the<span style="font-size:13px"> </span><span style="font-size:13px">.config file from the rom (something like grep -a CONFIG_ rom > .config), do a local build and compare the bytes. I guess one new CONFIG value would be the SeaBios version.</span></div><div><div><br></div><div>--emi</div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Jun 11, 2015 at 8:58 AM, Paul Menzel <span dir="ltr"><<a href="mailto:paulepanter@users.sourceforge.net" target="_blank">paulepanter@users.sourceforge.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Dear coreboot folks,<br>
<br>
<br>
Am Donnerstag, den 26.02.2015, 17:23 +0200 schrieb Emilian Bold:<br>
<br>
> I was trying to duplicate a coreboot build back in November and I noticed I<br>
> couldn't get my ROM file to be identical to the one I found online.<br>
><br>
> It seems that coreboot doesn't have reproducible builds yet.<br>
><br>
> Debian has been looking into this for a while<br>
> <a href="https://wiki.debian.org/ReproducibleBuilds" rel="noreferrer" target="_blank">https://wiki.debian.org/ReproducibleBuilds</a> and I think coreboot should<br>
> adopt this concept.<br>
<br>
[…]<br>
<br>
Holger Levsen joined #<a href="mailto:coreboot@irc.freenode.net">coreboot@irc.freenode.net</a> yesterday to report that<br>
he integrated coreboot into the reproducible builds infrastructure [1].<br>
<br>
After configuring the used build script [2] to build without a payload,<br>
<br>
nice ionice -c 3 \<br>
bash util/abuild/abuild --payloads none || true # don't fail the full job just because some targets fail<br>
<br>
it looks like most boards are passing the test now [1]. Big thanks to<br>
Alexander (lynxis) for submitting the necessary patches!<br>
<br>
The only exceptions are the six boards below.<br>
<br>
* a-trend_atc-6220 (256K) is unreproducible.<br>
* a-trend_atc-6240 (256K) is unreproducible.<br>
* google_nyan (4096K) is unreproducible.<br>
* google_nyan_big (4096K) is unreproducible.<br>
* google_rush (4096K) is unreproducible.<br>
* google_rush_ryu (8192K) is unreproducible.<br>
<br>
Also, as a side node, SeaBIOS also supports to be built reproducible<br>
since commit 624e8127 (build: Support "make VERSION=xyz" to override the<br>
default build version) [3], though not by default.<br>
<br>
So the coreboot build system, building the SeaBIOS payload, would need<br>
to be adapted, if a reproducible build with the SeaBIOS payload is<br>
required.<br>
<br>
<br>
Thanks,<br>
<br>
Paul<br>
<br>
<br>
[1] <a href="https://reproducible.debian.net/coreboot/coreboot.html" rel="noreferrer" target="_blank">https://reproducible.debian.net/coreboot/coreboot.html</a><br>
[2] <a href="http://anonscm.debian.org/cgit/qa/jenkins.debian.net.git/tree/bin/reproducible_coreboot.sh" rel="noreferrer" target="_blank">http://anonscm.debian.org/cgit/qa/jenkins.debian.net.git/tree/bin/reproducible_coreboot.sh</a><br>
[3] <a href="http://seabios.org/pipermail/seabios/2015-June/009253.html" rel="noreferrer" target="_blank">http://seabios.org/pipermail/seabios/2015-June/009253.html</a><br>
<br>--<br>
coreboot mailing list: <a href="mailto:coreboot@coreboot.org">coreboot@coreboot.org</a><br>
<a href="http://www.coreboot.org/mailman/listinfo/coreboot" rel="noreferrer" target="_blank">http://www.coreboot.org/mailman/listinfo/coreboot</a><br></blockquote></div><br></div>