summaryrefslogtreecommitdiffstats
path: root/src/sbom/Kconfig
blob: 43fde4c72c4d370621bcfcb0fee634b1ebe50b25 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
## SPDX-License-Identifier: GPL-2.0-only

config SBOM
	bool "Include SBOM data for coreboot"
	default n
	help
	  Select this option if you want to include a
	  coswid (Concise Software Identification Tag) of coreboot itself
	  into the SBOM (Software Bill of Materials) File in your build

if SBOM

config SBOM_COMPILER
	bool "Include compiler metadata in SBOM"
	default n
	help
	  Select this option if you want to include a
	  coswid (Concise Software Identification Tag) of the compiler
	  used to compile coreboot into the SBOM (Software Bill of Materials)
	  File in your build
	  Note: if the system toolchain is used to build coreboot
	  one should check the final SBOM file for the expected results

config SBOM_COMPILER_PATH
	string "Path to SBOM file for the compiler"
	depends on SBOM_COMPILER
	default "build/sbom/compiler-gcc.json" if COMPILER_GCC
	default "build/sbom/compiler-clang.json" if COMPILER_LLVM_CLANG
	default "build/sbom/compiler-generic.json" if ANY_TOOLCHAIN
	help
	  The path of the SBOM file describing the Software included in the build
	  File can be a .json, .xml, .cbor, .uswid, or .pc

config SBOM_PAYLOAD
	bool "Include payload metadata in SBOM"
	default n
	help
	  Select this option if you want to include a
	  coswid (Concise Software Identification Tag) of the payload into
	  the SBOM (Software Bill of Materials) File in your build

config SBOM_PAYLOAD_GENERATE
	bool "Auto-generate generic SBOM info for payload"
	depends on SBOM_PAYLOAD && (PAYLOAD_BOOTBOOT || PAYLOAD_DEPTHCHARGE || PAYLOAD_FILO || PAYLOAD_GRUB2 || PAYLOAD_LINUXBOOT || PAYLOAD_SEABIOS || PAYLOAD_SKIBOOT || PAYLOAD_UBOOT)
	default y
	help
	  Select this option if you want coreboot to generate and include
	  the coswid (Concise Software Identification Tag) instead of supplying
	  it manually. Be aware that this option is only meant to be a
	  transition and suppliers of Software should always prefer to include
	  their own Software descriptions, since ours may be incomplete or
	  straight up wrong.

config SBOM_PAYLOAD_PATH
	string "Path to SBOM file for the payload"
	depends on SBOM_PAYLOAD && !SBOM_PAYLOAD_GENERATE
	help
	  The path of the SBOM file describing the Software included in the build
	  File can be a .json, .xml, .cbor, .uswid, or .pc

config SBOM_ME
	bool "Include ME metadata in SBOM"
	depends on HAVE_ME_BIN
	default n
	help
	  Select this option if you want to include a
	  coswid (Concise Software Identification Tag) of the
	  ME firmware into the SBOM (Software Bill of Materials)
	  File in your build

config SBOM_ME_GENERATE
	bool "Auto-generate generic SBOM info for ME firmware"
	depends on SBOM_ME
	default y
	help
	  Select this option if you want coreboot to generate and include
	  the coswid (Concise Software Identification Tag) instead of
	  supplying it manually. Be aware that this option is only meant
	  to be a transition and suppliers of Software should always prefer
	  to include their own Software descriptions, since ours may be
	  incomplete or straight up wrong.

config SBOM_ME_PATH
	string "Path to sbom.json for the ME firmware"
	depends on SBOM_ME && !SBOM_ME_GENERATE
	help
	  The path of the SBOM file describing the Software included in the build
	  File can be a .json, .xml, .cbor, .uswid, or .pc

config SBOM_EC
	bool "Include EC metadata in SBOM"
	depends on HAVE_EC_BIN
	default n
	help
	  Select this option if you want to include a
	  coswid (Concise Software Identification Tag) of the
	  EC (Embedded Controller) firmware into the
	  SBOM (Software Bill of Materials) File in your build

config SBOM_EC_PATH
	string "Path to SBOM file for the EC firmware"
	depends on SBOM_EC
	default "src/sbom/generic-ec.json"
	help
	  The path of the SBOM file describing the Software included in the build
	  File can be a .json, .xml, .cbor, .uswid, or .pc

config SBOM_SINIT_ACM
	bool "Include SINIT ACM metadata in SBOM"
	depends on INTEL_TXT_SINITACM_FILE != ""
	default n
	help
	  Select this option if you want to include a
	  coswid (Concise Software Identification Tag) of the
	  SINIT ACM (Authenticated Code Module) firmware into the
	  SBOM (Software Bill of Materials) File in your build

config SBOM_SINIT_ACM_PATH
	string "Path to SBOM file for the SINIT AMC firmware"
	depends on SBOM_SINIT_ACM
	default "src/sbom/intel-sinit-acm.json"
	help
	  The path of the SBOM file describing the Software included in the build
	  File can be a .json, .xml, .cbor, .uswid, or .pc

config SBOM_BIOS_ACM
	bool "Include BIOS ACM metadata in SBOM"
	depends on INTEL_TXT_BIOSACM_FILE != ""
	default n
	help
	  Select this option if you want to include a
	  coswid (Concise Software Identification Tag) of the
	  BIOS ACM (Authenticated Code Module) firmware into the
	  SBOM (Software Bill of Materials) File in your build

config SBOM_BIOS_ACM_PATH
	string "Path to SBOM file for the BIOS AMC firmware"
	depends on SBOM_SINIT_ACM
	default "src/sbom/intel-bios-acm.json"
	help
	  The path of the SBOM file describing the Software included in the build
	  File can be a .json, .xml, .cbor, .uswid, or .pc

config SBOM_MICROCODE
	bool "Include microcode metadata in SBOM"
	default n
	help
	  Select this option if you want to include a
	  coswid (Concise Software Identification Tag) of the
	  microcode firmware into the SBOM (Software Bill of Materials)
	  File in your build

config SBOM_FSP
	bool "Include Intel FSP metadata in SBOM"
	default n
	depends on (FSP_S_FILE != "" || FSP_M_FILE != "" || FSP_T_FILE != "")
	help
	  Select this option if you want to include a
	  coswid (Concise Software Identification Tag) of the
	  FSP firmware into the SBOM (Software Bill of Materials)
	  File in your build

config SBOM_FSP_PATH
	string "Path to SBOM file for the FSP firmware"
	depends on SBOM_FSP
	default "build/sbom/generic-fsp.json"
	help
	  The path of the SBOM file describing the Software included in the build
	  File can be a .json, .xml, .cbor, .uswid, or .pc

config SBOM_VBOOT
	bool "Include VBOOT metadata in SBOM"
	default n
	depends on VBOOT_LIB
	help
	  Select this option if you want to include a
	  coswid (Concise Software Identification Tag) of the
	  VBOOT Software into the SBOM (Software Bill of Materials)
	  File in your build

endif