[coreboot] coreboot reproducible builds almost there

Emilian Bold emilian.bold at gmail.com
Sat Jun 13 08:30:31 CEST 2015 

Great! So there were no coreboot patches necessary for this? Is it just a
matter of preparing the right build environment? Because when I tried to do
it manually (with SeaBios) it didn't produce the same bytes.

Since SeaBios is reproducible it would be great to make the coreboot +
SeaBios bundle reproducible too.

And if the bundle is reproducible then it is easy to have a script that
*verifies* some external build. Assuming it included the CONFIG values, one
could extract the .config file from the rom (something like grep -a CONFIG_
rom > .config), do a local build and compare the bytes. I guess one new
CONFIG value would be the SeaBios version.

--emi

On Thu, Jun 11, 2015 at 8:58 AM, Paul Menzel <
paulepanter at users.sourceforge.net> wrote:

> Dear coreboot folks,
>
>
> Am Donnerstag, den 26.02.2015, 17:23 +0200 schrieb Emilian Bold:
>
> > I was trying to duplicate a coreboot build back in November and I
> noticed I
> > couldn't get my ROM file to be identical to the one I found online.
> >
> > It seems that coreboot doesn't have reproducible builds yet.
> >
> > Debian has been looking into this for a while
> > https://wiki.debian.org/ReproducibleBuilds and I think coreboot should
> > adopt this concept.
>
> […]
>
> Holger Levsen joined #coreboot at irc.freenode.net yesterday to report that
> he integrated coreboot into the reproducible builds infrastructure [1].
>
> After configuring the used build script [2] to build without a payload,
>
>         nice ionice -c 3 \
>                 bash util/abuild/abuild --payloads none || true # don't
> fail the full job just because some targets fail
>
> it looks like most boards are passing the test now [1]. Big thanks to
> Alexander (lynxis) for submitting the necessary patches!
>
> The only exceptions are the six boards below.
>
>       * a-trend_atc-6220 (256K) is unreproducible.
>       * a-trend_atc-6240 (256K) is unreproducible.
>       * google_nyan (4096K) is unreproducible.
>       * google_nyan_big (4096K) is unreproducible.
>       * google_rush (4096K) is unreproducible.
>       * google_rush_ryu (8192K) is unreproducible.
>
> Also, as a side node, SeaBIOS also supports to be built reproducible
> since commit 624e8127 (build: Support "make VERSION=xyz" to override the
> default build version) [3], though not by default.
>
> So the coreboot build system, building the SeaBIOS payload, would need
> to be adapted, if a reproducible build with the SeaBIOS payload is
> required.
>
>
> Thanks,
>
> Paul
>
>
> [1] https://reproducible.debian.net/coreboot/coreboot.html
> [2]
> http://anonscm.debian.org/cgit/qa/jenkins.debian.net.git/tree/bin/reproducible_coreboot.sh
> [3] http://seabios.org/pipermail/seabios/2015-June/009253.html
>
> --
> coreboot mailing list: coreboot at coreboot.org
> http://www.coreboot.org/mailman/listinfo/coreboot
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.coreboot.org/pipermail/coreboot/attachments/20150613/3c93f472/attachment.html>

More information about the coreboot mailing list