e6cd4d242b
Functionality wise nothing changed, except that the first misspellings caused SBOM_BIOS_ACM_PATH and SBOM_SINIT_ACM_PATH to not work before. - Fix misspelling of CONFIG_BIOS_ACM_PATH -> CONFIG_SBOM_BIOS_ACM_PATH - Fix misspelling of CONFIG_SINIT_ACM_PATH -> CONFIG_SBOM_SINIT_ACM_PATH - Put SBOM_COMPILER_ handling into Kconfig instead of Makefile - Reorder CONFIG_ paths (for readablity) - Add in code comments (for readablity) Signed-off-by: Maximilian Brune <maximilian.brune@9elements.com> Change-Id: If67bc3bd0d330b9b5f083edc4d1697e92ace1ea0 Reviewed-on: https://review.coreboot.org/c/coreboot/+/72379 Tested-by: build bot (Jenkins) <no-reply@coreboot.org> Reviewed-by: Elyes Haouas <ehaouas@noos.fr>
182 lines
6.1 KiB
Plaintext
182 lines
6.1 KiB
Plaintext
## SPDX-License-Identifier: GPL-2.0-only
|
|
|
|
config SBOM
|
|
bool "Include SBOM data for coreboot"
|
|
default n
|
|
help
|
|
Select this option if you want to include a
|
|
coswid (Concise Software Identification Tag) of coreboot itself
|
|
into the SBOM (Software Bill of Materials) File in your build
|
|
|
|
if SBOM
|
|
|
|
config SBOM_COMPILER
|
|
bool "Include compiler metadata in SBOM"
|
|
default n
|
|
help
|
|
Select this option if you want to include a
|
|
coswid (Concise Software Identification Tag) of the compiler
|
|
used to compile coreboot into the SBOM (Software Bill of Materials)
|
|
File in your build
|
|
Note: if the system toolchain is used to build coreboot
|
|
one should check the final SBOM file for the expected results
|
|
|
|
config SBOM_COMPILER_PATH
|
|
string "Path to SBOM file for the compiler"
|
|
depends on SBOM_COMPILER
|
|
default "build/sbom/compiler-gcc.json" if COMPILER_GCC
|
|
default "build/sbom/compiler-clang.json" if COMPILER_LLVM_CLANG
|
|
default "build/sbom/compiler-generic.json" if ANY_TOOLCHAIN
|
|
help
|
|
The path of the SBOM file describing the Software included in the build
|
|
File can be a .json, .xml, .cbor, .uswid, or .pc
|
|
|
|
config SBOM_PAYLOAD
|
|
bool "Include payload metadata in SBOM"
|
|
default n
|
|
help
|
|
Select this option if you want to include a
|
|
coswid (Concise Software Identification Tag) of the payload into
|
|
the SBOM (Software Bill of Materials) File in your build
|
|
|
|
config SBOM_PAYLOAD_GENERATE
|
|
bool "Auto-generate generic SBOM info for payload"
|
|
depends on SBOM_PAYLOAD && (PAYLOAD_BOOTBOOT || PAYLOAD_DEPTHCHARGE || PAYLOAD_FILO || PAYLOAD_GRUB2 || PAYLOAD_LINUXBOOT || PAYLOAD_SEABIOS || PAYLOAD_SKIBOOT || PAYLOAD_UBOOT || PAYLOAD_YABITS)
|
|
default y
|
|
help
|
|
Select this option if you want coreboot to generate and include
|
|
the coswid (Concise Software Identification Tag) instead of supplying
|
|
it manually. Be aware that this option is only meant to be a
|
|
transition and suppliers of Software should always prefer to include
|
|
their own Software descriptions, since ours may be incomplete or
|
|
straight up wrong.
|
|
|
|
config SBOM_PAYLOAD_PATH
|
|
string "Path to SBOM file for the payload"
|
|
depends on SBOM_PAYLOAD && !SBOM_PAYLOAD_GENERATE
|
|
help
|
|
The path of the SBOM file describing the Software included in the build
|
|
File can be a .json, .xml, .cbor, .uswid, or .pc
|
|
|
|
config SBOM_ME
|
|
bool "Include ME metadata in SBOM"
|
|
depends on HAVE_ME_BIN
|
|
default n
|
|
help
|
|
Select this option if you want to include a
|
|
coswid (Concise Software Identification Tag) of the
|
|
ME firmware into the SBOM (Software Bill of Materials)
|
|
File in your build
|
|
|
|
config SBOM_ME_GENERATE
|
|
bool "Auto-generate generic SBOM info for ME firmware"
|
|
depends on SBOM_ME
|
|
default y
|
|
help
|
|
Select this option if you want coreboot to generate and include
|
|
the coswid (Concise Software Identification Tag) instead of
|
|
supplying it manually. Be aware that this option is only meant
|
|
to be a transition and suppliers of Software should always prefer
|
|
to include their own Software descriptions, since ours may be
|
|
incomplete or straight up wrong.
|
|
|
|
config SBOM_ME_PATH
|
|
string "Path to sbom.json for the ME firmware"
|
|
depends on SBOM_ME && !SBOM_ME_GENERATE
|
|
help
|
|
The path of the SBOM file describing the Software included in the build
|
|
File can be a .json, .xml, .cbor, .uswid, or .pc
|
|
|
|
config SBOM_EC
|
|
bool "Include EC metadata in SBOM"
|
|
depends on HAVE_EC_BIN
|
|
default n
|
|
help
|
|
Select this option if you want to include a
|
|
coswid (Concise Software Identification Tag) of the
|
|
EC (Embedded Controller) firmware into the
|
|
SBOM (Software Bill of Materials) File in your build
|
|
|
|
config SBOM_EC_PATH
|
|
string "Path to SBOM file for the EC firmware"
|
|
depends on SBOM_EC
|
|
default "src/sbom/generic-ec.json"
|
|
help
|
|
The path of the SBOM file describing the Software included in the build
|
|
File can be a .json, .xml, .cbor, .uswid, or .pc
|
|
|
|
config SBOM_SINIT_ACM
|
|
bool "Include SINIT ACM metadata in SBOM"
|
|
depends on INTEL_TXT_SINITACM_FILE != ""
|
|
default n
|
|
help
|
|
Select this option if you want to include a
|
|
coswid (Concise Software Identification Tag) of the
|
|
SINIT ACM (Authenticated Code Module) firmware into the
|
|
SBOM (Software Bill of Materials) File in your build
|
|
|
|
config SBOM_SINIT_ACM_PATH
|
|
string "Path to SBOM file for the SINIT AMC firmware"
|
|
depends on SBOM_SINIT_ACM
|
|
default "src/sbom/intel-sinit-acm.json"
|
|
help
|
|
The path of the SBOM file describing the Software included in the build
|
|
File can be a .json, .xml, .cbor, .uswid, or .pc
|
|
|
|
config SBOM_BIOS_ACM
|
|
bool "Include BIOS ACM metadata in SBOM"
|
|
depends on INTEL_TXT_BIOSACM_FILE != ""
|
|
default n
|
|
help
|
|
Select this option if you want to include a
|
|
coswid (Concise Software Identification Tag) of the
|
|
BIOS ACM (Authenticated Code Module) firmware into the
|
|
SBOM (Software Bill of Materials) File in your build
|
|
|
|
config SBOM_BIOS_ACM_PATH
|
|
string "Path to SBOM file for the BIOS AMC firmware"
|
|
depends on SBOM_SINIT_ACM
|
|
default "src/sbom/intel-bios-acm.json"
|
|
help
|
|
The path of the SBOM file describing the Software included in the build
|
|
File can be a .json, .xml, .cbor, .uswid, or .pc
|
|
|
|
config SBOM_MICROCODE
|
|
bool "Include microcode metadata in SBOM"
|
|
default n
|
|
help
|
|
Select this option if you want to include a
|
|
coswid (Concise Software Identification Tag) of the
|
|
microcode firmware into the SBOM (Software Bill of Materials)
|
|
File in your build
|
|
|
|
config SBOM_FSP
|
|
bool "Include Intel FSP metadata in SBOM"
|
|
default n
|
|
depends on (FSP_S_FILE != "" || FSP_M_FILE != "" || FSP_T_FILE != "")
|
|
help
|
|
Select this option if you want to include a
|
|
coswid (Concise Software Identification Tag) of the
|
|
FSP firmware into the SBOM (Software Bill of Materials)
|
|
File in your build
|
|
|
|
config SBOM_FSP_PATH
|
|
string "Path to SBOM file for the FSP firmware"
|
|
depends on SBOM_FSP
|
|
default "build/sbom/generic-fsp.json"
|
|
help
|
|
The path of the SBOM file describing the Software included in the build
|
|
File can be a .json, .xml, .cbor, .uswid, or .pc
|
|
|
|
config SBOM_VBOOT
|
|
bool "Include VBOOT metadata in SBOM"
|
|
default n
|
|
depends on VBOOT_LIB
|
|
help
|
|
Select this option if you want to include a
|
|
coswid (Concise Software Identification Tag) of the
|
|
VBOOT Software into the SBOM (Software Bill of Materials)
|
|
File in your build
|
|
|
|
endif
|