[coreboot] Coreboot reproducible builds

Vadim Bendebury vbendeb at chromium.org
Thu Feb 26 17:48:56 CET 2015 

On Thu, Feb 26, 2015 at 8:10 AM, Patrick Georgi via coreboot
<coreboot at coreboot.org> wrote:
> 2015-02-26 16:23 GMT+01:00 Emilian Bold <emilian.bold at gmail.com>:
>> It seems that Coreboot doesn't have reproducible builds yet.
> You're right, it doesn't. One of the major items is probably to
> replace the current build time stamps with something more reasonable.
> For example, the current commit's time stamp (unless the tree is
> dirty, in which reproducability is impossible).
>

There are two facets to this issue:

- when an image needs to built from source, we want the binary to be
the same. In case the tree is dirty we might include a hash of the
tree diffs against the top SHA1, just a thought.

- build always recompiles some files and relinks the image, even if
there is not source code changes. Is this really necessary, shouldn't
make just do nothing in case the source did not change?

--vb

>> I think Coreboot should adopt this concept.
> Patches accepted.
>
>>
>> It seems like we are halfway there with INCLUDE_CONFIG_FILE but what I've
>> noticed is that even if I extract the CONFIG_ values the build still needs
>> some manual tweaking.
>>
>> Ideally we should record the tools used (crossgcc version, etc), the
> We do.
>
>> coreboot git revision id,
> We do.
>
>> the CONFIG_ values and the build info for the
> We optionally do.
>
>> payloads (for the auto-downloaded SeaBIOS I think just the git revision id
>> would be enough).
> Payloads are more intricate. I'd stick with the coreboot parts, that
> is, a coreboot build without adding a payload is bit-identical. Then
> do the same for the payload (we can add meta-data to cbfs files or
> store payload information in a separate cbfs file).
>
>> Is there anyone willing to help me with this (or already working on this)?
> Like Peter I'm happy to review changesets on gerrit.
>
>
> Patrick
> --
> Google Germany GmbH
> ABC-Str. 19
> 20354 Hamburg
>
> Registergericht und -nummer: Hamburg, HRB 86891
> Sitz der Gesellschaft: Hamburg
> Geschäftsführer: Graham Law, Christine Elizabeth Flores
>
> --
> coreboot mailing list: coreboot at coreboot.org
> http://www.coreboot.org/mailman/listinfo/coreboot

More information about the coreboot mailing list