1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
|
## SPDX-License-Identifier: GPL-2.0-only
config SBOM
bool "Include SBOM data for coreboot"
default n
help
Select this option if you want to include a
coswid (Concise Software Identification Tag) of coreboot itself
into the SBOM (Software Bill of Materials) File in your build
if SBOM
config SBOM_COMPILER
bool "Include compiler metadata in SBOM"
default n
help
Select this option if you want to include a
coswid (Concise Software Identification Tag) of the compiler
used to compile coreboot into the SBOM (Software Bill of Materials)
File in your build
Note: if the system toolchain is used to build coreboot
one should check the final SBOM file for the expected results
config SBOM_COMPILER_PATH
string "Path to SBOM file for the compiler"
depends on SBOM_COMPILER
default "build/sbom/compiler-gcc.json" if COMPILER_GCC
default "build/sbom/compiler-clang.json" if COMPILER_LLVM_CLANG
default "build/sbom/compiler-generic.json" if ANY_TOOLCHAIN
help
The path of the SBOM file describing the Software included in the build
File can be a .json, .xml, .cbor, .uswid, or .pc
config SBOM_PAYLOAD
bool "Include payload metadata in SBOM"
default n
help
Select this option if you want to include a
coswid (Concise Software Identification Tag) of the payload into
the SBOM (Software Bill of Materials) File in your build
config SBOM_PAYLOAD_GENERATE
bool "Auto-generate generic SBOM info for payload"
depends on SBOM_PAYLOAD && (PAYLOAD_BOOTBOOT || PAYLOAD_DEPTHCHARGE || PAYLOAD_FILO || PAYLOAD_GRUB2 || PAYLOAD_LINUXBOOT || PAYLOAD_SEABIOS || PAYLOAD_SKIBOOT || PAYLOAD_UBOOT)
default y
help
Select this option if you want coreboot to generate and include
the coswid (Concise Software Identification Tag) instead of supplying
it manually. Be aware that this option is only meant to be a
transition and suppliers of Software should always prefer to include
their own Software descriptions, since ours may be incomplete or
straight up wrong.
config SBOM_PAYLOAD_PATH
string "Path to SBOM file for the payload"
depends on SBOM_PAYLOAD && !SBOM_PAYLOAD_GENERATE
help
The path of the SBOM file describing the Software included in the build
File can be a .json, .xml, .cbor, .uswid, or .pc
config SBOM_ME
bool "Include ME metadata in SBOM"
depends on HAVE_ME_BIN
default n
help
Select this option if you want to include a
coswid (Concise Software Identification Tag) of the
ME firmware into the SBOM (Software Bill of Materials)
File in your build
config SBOM_ME_GENERATE
bool "Auto-generate generic SBOM info for ME firmware"
depends on SBOM_ME
default y
help
Select this option if you want coreboot to generate and include
the coswid (Concise Software Identification Tag) instead of
supplying it manually. Be aware that this option is only meant
to be a transition and suppliers of Software should always prefer
to include their own Software descriptions, since ours may be
incomplete or straight up wrong.
config SBOM_ME_PATH
string "Path to sbom.json for the ME firmware"
depends on SBOM_ME && !SBOM_ME_GENERATE
help
The path of the SBOM file describing the Software included in the build
File can be a .json, .xml, .cbor, .uswid, or .pc
config SBOM_EC
bool "Include EC metadata in SBOM"
depends on HAVE_EC_BIN
default n
help
Select this option if you want to include a
coswid (Concise Software Identification Tag) of the
EC (Embedded Controller) firmware into the
SBOM (Software Bill of Materials) File in your build
config SBOM_EC_PATH
string "Path to SBOM file for the EC firmware"
depends on SBOM_EC
default "src/sbom/generic-ec.json"
help
The path of the SBOM file describing the Software included in the build
File can be a .json, .xml, .cbor, .uswid, or .pc
config SBOM_SINIT_ACM
bool "Include SINIT ACM metadata in SBOM"
depends on INTEL_TXT_SINITACM_FILE != ""
default n
help
Select this option if you want to include a
coswid (Concise Software Identification Tag) of the
SINIT ACM (Authenticated Code Module) firmware into the
SBOM (Software Bill of Materials) File in your build
config SBOM_SINIT_ACM_PATH
string "Path to SBOM file for the SINIT AMC firmware"
depends on SBOM_SINIT_ACM
default "src/sbom/intel-sinit-acm.json"
help
The path of the SBOM file describing the Software included in the build
File can be a .json, .xml, .cbor, .uswid, or .pc
config SBOM_BIOS_ACM
bool "Include BIOS ACM metadata in SBOM"
depends on INTEL_TXT_BIOSACM_FILE != ""
default n
help
Select this option if you want to include a
coswid (Concise Software Identification Tag) of the
BIOS ACM (Authenticated Code Module) firmware into the
SBOM (Software Bill of Materials) File in your build
config SBOM_BIOS_ACM_PATH
string "Path to SBOM file for the BIOS AMC firmware"
depends on SBOM_SINIT_ACM
default "src/sbom/intel-bios-acm.json"
help
The path of the SBOM file describing the Software included in the build
File can be a .json, .xml, .cbor, .uswid, or .pc
config SBOM_MICROCODE
bool "Include microcode metadata in SBOM"
default n
help
Select this option if you want to include a
coswid (Concise Software Identification Tag) of the
microcode firmware into the SBOM (Software Bill of Materials)
File in your build
config SBOM_FSP
bool "Include Intel FSP metadata in SBOM"
default n
depends on (FSP_S_FILE != "" || FSP_M_FILE != "" || FSP_T_FILE != "")
help
Select this option if you want to include a
coswid (Concise Software Identification Tag) of the
FSP firmware into the SBOM (Software Bill of Materials)
File in your build
config SBOM_FSP_PATH
string "Path to SBOM file for the FSP firmware"
depends on SBOM_FSP
default "build/sbom/generic-fsp.json"
help
The path of the SBOM file describing the Software included in the build
File can be a .json, .xml, .cbor, .uswid, or .pc
config SBOM_VBOOT
bool "Include VBOOT metadata in SBOM"
default n
depends on VBOOT_LIB
help
Select this option if you want to include a
coswid (Concise Software Identification Tag) of the
VBOOT Software into the SBOM (Software Bill of Materials)
File in your build
endif
|