Re: [PATCH] [rfc] Add SBOM (software bill of materials) to the efi binaries

Martin Fernandez

On Tue, Jun 7, 2022 at 5:31 PM Oram, Isaac W <isaac.w.oram@...> wrote:

I am also interested in this capability.

There are (undocumented?) capabilities in the build scripts currently that may be germane. --hash, --binary-destination, --binary-source.
The rough usage is:
build --hash --binary-destination
This creates a tree with binaries and hashes of all the source code and build flags used to generate the binary.

Then you can use
build --hash --binary-source
and the build will only rebuild a driver if source or build options have changed.

The effect is that every build can be roughly an incremental build if you have baseline binaries available. My understanding is that the hash is a combination of all the build inputs for a given INF. And I understand that it is a little blunt, in that if anything in a consumed package changes, it will rebuild the binary.

It may be interesting to understand possible leverage between the two. If the edition use and hash use can or should be well aligned. Anyway, I look forward to the discussion in July.
Nice, didn't know about those flags. I'll take a closer look at those
and see if any other flag could be useful.

One of the challenges of this patch was to check that the edition
calculation was correct for every case. Probably this --hash will help
to validate that.


Join { to automatically receive all group messages.