coreboot

coreboot™: fast, flexible and reproducible Open Source firmware!

Reproducible Coreboot

Reproducible builds enable anyone to reproduce bit by bit identical binary packages from a given source, so that anyone can verify that a given binary derived from the source it was said to be derived. There is more information about reproducible builds on the Debian wiki and on https://reproducible-builds.org. These pages explain in more depth why this is useful, what common issues exist and which workarounds and solutions are known.

Reproducible Coreboot is an effort to apply this to coreboot. Thus each coreboot.rom is build twice (without payloads), with a few varitations added and then those two ROMs are compared using diffoscope. Please note that the toolchain is not varied at all as the rebuild happens on exactly the same system. More variations are expected to be seen in the wild.

There is a weekly run jenkins job to test the master branch of coreboot.git. The jenkins job is running reproducible_coreboot.sh in a Debian environment and this script is solely responsible for creating this page. Feel invited to join #debian-reproducible (on irc.oftc.net) to request job runs whenever sensible. Patches and other feedback are very much appreciated - if you want to help, please start by looking at the ToDo list for coreboot, you might find something easy to contribute.
Thanks to Profitbricks for donating the virtual machines this is running on!

310 (100.0%) out of 310 built coreboot images were reproducible in our test setup ! These tests were last run on 2017-02-20 for version 4.5-1033-g5360c7e using diffoscope 77.

variationfirst buildsecond build
hostname is not yet varied between rebuilds of coreboot.
domainname is not yet varied between rebuilds of coreboot.
env CAPTURE_ENVIRONMENTnot setCAPTURE_ENVIRONMENT="I capture the environment"
env TZTZ="/usr/share/zoneinfo/Etc/GMT+12"TZ="/usr/share/zoneinfo/Etc/GMT-14"
env LANGLANG="en_GB.UTF-8"LANG="fr_CH.UTF-8"
env LC_ALLnot setLC_ALL="fr_CH.UTF-8"
env PATHPATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:"PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path"
env USER is not yet varied between rebuilds of coreboot.
uid is not yet varied between rebuilds of coreboot.
gid is not yet varied between rebuilds of coreboot.
UTS namespace is not yet varied between rebuilds of coreboot.
kernel version, modified using /usr/bin/linux64 --uname-2.6Linux 3.16.0-4-amd64Linux 2.6.56-4-amd64
umask00220002
CPU type AMD Opteron 62xx class CPUsame for both builds
/bin/sh is not yet varied between rebuilds of coreboot.
year, month, datetoday (2017-02-20)same for both builds (currently, work in progress)
hour, minutehour and minute will probably vary between two builds...but this is not enforced systematically... (currently, work in progress)
Filesystemtmpfssame for both builds (currently, this could be varied using disorderfs)
everything else...is likely the same. There will be more variations in the wild.

commit 5360c7ef94c9415fd0decd99b6a2d243f9c52e4c
Author: Furquan Shaikh 
Date:   Sun Feb 19 01:18:09 2017 -0800

    drivers/i2c: Use I2C HID driver for wacom devices
    
    Wacom I2C driver does the same thing as I2C HID driver, other than
    defining macros for Wacom HID. Instead of maintaining two separate
    drivers providing the same functionality, update all wacom devices to
    use generic I2C HID driver.
    
    BUG=None
    BRANCH=None
    TEST=Verified that ACPI nodes for wacom devices are unchanged.
    
    Change-Id: Ibb3226d1f3934f5c3c5d98b939756775d11b792c
    Signed-off-by: Furquan Shaikh 
    Reviewed-on: https://review.coreboot.org/18401
    Tested-by: build bot (Jenkins)
    Reviewed-by: Paul Menzel 
    Reviewed-by: Duncan Laurie      

cross toolchain sourcesha256sum
acpica-unix2-20160831.tar.gz fea808449aac29442c22419ad9e3eaa6b1a35f02e0db2b2f8802dc3af69e4965
binutils-2.26.1.tar.bz2 39c346c87aa4fb14b2f786560aec1d29411b6ec34dce3fe7309fe3dd56949fd8
gcc-5.3.0.tar.bz2 b84f5592e9218b73dbae612b5253035a7b34a9a1f7688d2e1bfaaf7267d5c4db
gmp-6.1.0.tar.xz 68dadacce515b0f8a54f510edf07c1b636492bcdb8e8d54c56eb216225d16989
libelf-0.8.13.tar.gz 591a9b4ec81c1f2042a97aa60564e0cb79d041c52faa7416acb38bc95bd2c76d
mpc-1.0.3.tar.gz 617decc6ea09889fb08ede330917a00b16809b8db88c29c31bfbb49cbf88ecc3
mpfr-3.1.4.tar.xz 761413b16d749c53e2bfd2b1dfaa3b027b0e793e404b90b5fbaeef60af6517f5
Debian 8.7 package on amd64installed version
gcc 4:4.9.2-2
g++ 4:4.9.2-2
make 4.0-8.1
cmake 3.0.2-1+deb8u1
flex 2.5.39-8+deb8u2
bison 2:3.0.2.dfsg-2
iasl 20140926-1