SBOM on EDK2 builds


Martin Fernandez
 

Hello,

With Richard Hughes from LVFS we were trying to push adding SBOM in the
coswid format to the efi binaries directly.

We did a patch some time ago, mostly a POC, but we need help from
people more involved in the project to get it merged. We've been
trying to set up a meeting to at least coordinate the kickoff, but no
luck. Once on the weekly monday meetings, Michael Kubacki told me to
arrange a meeting with Sean Brogan; after some time he proposed a date but
it wasn't available for us, so we tried to reschedule and got no more
responses.

We think that this is very important and it would be awesome for EDK to
offer the generation of SBOM so the vendors also adopt it instead of
doing it each in their own proprietary way.

This is the POC patch https://edk2.groups.io/g/rfc/topic/91525213 and
here a talk where we discuss some high level aspects of SBOM and how
we integrated it to EDK https://www.youtube.com/watch?v=QZZgXLqaqkE

Thank you,
Martin.

Join discuss@edk2.groups.io to automatically receive all group messages.