coreboot™: fast, flexible and reproducible Open Source firmware!

Reproducible Coreboot

Reproducible builds enable anyone to reproduce bit by bit identical binary packages from a given source, so that anyone can verify that a given binary derived from the source it was said to be derived. There is more information about reproducible builds on the Debian wiki and on https://reproducible-builds.org. These pages explain in more depth why this is useful, what common issues exist and which workarounds and solutions are known.

Reproducible Coreboot is an effort to apply this to coreboot. Thus each coreboot.rom is build twice (without payloads), with a few variations added and then those two ROMs are compared using diffoscope. Please note that the toolchain is not varied at all as the rebuild happens on exactly the same system. More variations are expected to be seen in the wild.

There is a weekly run jenkins job to test the master branch of coreboot.git. The jenkins job is running reproducible_coreboot.sh in a Debian environment and this script is solely responsible for creating this page. Feel invited to join #reproducible-builds (on irc.oftc.net) to request job runs whenever sensible. Patches and other feedback are very much appreciated - if you want to help, please start by looking at the ToDo list for coreboot, you might find something easy to contribute.
Thanks to IONOS for donating the virtual machines this is running on!

160 (100.0%) out of 160 built coreboot images were reproducible in our test setup ! These tests were last run on 2025-11-14 for version 25.09-370-gd62653749c using diffoscope 308.

variation	first build	second build
hostname	osuosl1-amd64 or osuosl2-amd64	the other one
domainname	is not yet varied between rebuilds of coreboot.
env CAPTURE_ENVIRONMENT	not set	CAPTURE_ENVIRONMENT="I capture the environment"
env TZ	TZ="/usr/share/zoneinfo/Etc/GMT+12"	TZ="/usr/share/zoneinfo/Etc/GMT-14"
env LANG	LANG="en_GB.UTF-8"	LANG="et_EE.UTF-8"
env LC_ALL	not set	LC_ALL="et_EE.UTF-8"
env PATH	PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:"	PATH="/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/i/capture/the/path"
env USER	is not yet varied between rebuilds of coreboot.
uid	is not yet varied between rebuilds of coreboot.
gid	is not yet varied between rebuilds of coreboot.
UTS namespace	is not yet varied between rebuilds of coreboot.
kernel version, modified using /usr/bin/linux64 --uname-2.6	Linux 6.12.48+deb13-amd64	Linux 2.6.72+deb13-amd64
umask	0022	0002
CPU type	Intel Core Processor (Haswell, no TSX, IBRS)	same for both builds
/bin/sh	is not yet varied between rebuilds of coreboot.
year, month, date	today (2025-11-14)	same for both builds (currently, work in progress)
hour, minute	hour and minute will probably vary between two builds...	the future system actually runs 398 days, 6 hours and 23 minutes ahead...
Filesystem	tmpfs	same for both builds (currently, this could be varied using disorderfs)
everything else...	is likely the same. There will be more variations in the wild.

ARM_RDN2 (eb500f1ca7076c656698f5c0f3bf54d4d07dd8fd5cb019aae730689421cc83e9, 64MiB) is reproducible.
EMULATION_QEMU_AARCH64 (665c41c2e7076d9dad21852fdb290f55381d31ebea9005c318f60fb8655f0841, 16MiB) is reproducible.
EMULATION_QEMU_AARCH64_FIT_SUPPORT_TIMESTAMPS (b5b3601ebb5ca63fd44a42783641f746d4eff83c0417903c3d45f2addcefac2b, 16MiB) is reproducible.
EMULATION_QEMU_ARMV7 (f9f2aed8b756b5368bc8a8c4cbcf70de32c5b2f9b10207529620d15b71f00aaa, 4MiB) is reproducible.
EMULATION_QEMU_RISCV_RV32 (650af1453da2d842b272c37fd8b6335931d0154f47cbcafde0e30e75fd2249e0, 32MiB) is reproducible.
EMULATION_QEMU_RISCV_RV64 (7e395aecbb718b5de0161ce5e2b8b37325ceed459d8985bcc80e02718fe3fd71, 32MiB) is reproducible.
EMULATION_QEMU_RISCV_RV64_ (b5807f9d00dfcd8e9a6f281bd3ec7233ce2961f887cb835605eb736b375890e2, 32MiB) is reproducible.
EMULATION_QEMU_SBSA (93fdc1c592698e20953c9679a31c2f925a94a8b5f8f5f6084e4e2c3a15b01dc5, 256MiB) is reproducible.
EMULATION_QEMU_X86_I440FX (8af8c240ccd18458ed42c14c4417362f4b344ded29e71f803eee935ad6c0fbfe, 4MiB) is reproducible.
EMULATION_QEMU_X86_I440FX_ (8af8c240ccd18458ed42c14c4417362f4b344ded29e71f803eee935ad6c0fbfe, 4MiB) is reproducible.
EMULATION_QEMU_X86_I440FX_ASAN (288f180a3b413705498a2cd60dd10f3468f63eb059732f07c11c6c75f477f67e, 4MiB) is reproducible.
EMULATION_QEMU_X86_I440FX_DEBUG (4a66386d95857bee85a3d255b9e523ff687411415edec312bdd9e2305d271c2b, 4MiB) is reproducible.
EMULATION_QEMU_X86_I440FX_NOSERIAL (19b845bec398d45e98c9d2b2b0c0b4ed8823d7be900e3aa93353dbefeed67405, 4MiB) is reproducible.
EMULATION_QEMU_X86_I440FX_X86_64 (f1b0a9e4b04bcc5804a00b8db93f902575ab20637b04d21278316c73bb1f7423, 4MiB) is reproducible.
EMULATION_QEMU_X86_Q35 (4f5f102168b9eeba32ea7eb9b8faf98e1afdb02524a22003c61cbc6d6c2d6218, 8MiB) is reproducible.
EMULATION_QEMU_X86_Q35_SMM_TSEG (305831b531dc5c7412e494d7a6fe5580f445b553016d35ac652d58885951ea64, 8MiB) is reproducible.
EMULATION_SPIKE_RISCV (f533b1b5a1d8b783ed25a078740286b4aea509a0ec67138469c6787312f67ebf, 4MiB) is reproducible.
EXAMPLE_MIN86 (7ccc5f08ef12d612586643ff5dd58b2ea29e918c7a6d34f613c30e4b7a8b0c21, 256KiB) is reproducible.
GOOGLE_ANAKIN (ac28c281411c71f4a07faef35430180caf0a35206b139dc2160f8a7e624fdbcf, 8MiB) is reproducible.
GOOGLE_ASURADA (a237d84214b82c9baacea5822f6ca16ea7c81ca69259df834a9cc1d1d3013b38, 8MiB) is reproducible.
GOOGLE_BAZE (a61838e6175724bf4a246b838236770b2b1b9dab0f5845e1288647a6ae041d48, 8MiB) is reproducible.
GOOGLE_BLUEY (ada02bd22b68b6e2c9a6534ba713574edb6b8a60e12ae2d056335af105a1bc99, 64MiB) is reproducible.
GOOGLE_BLUEYH (3c89219501c0fa3e9ac7752b5a5192a7a4c3998c25bbd17670f20eb8b950601f, 64MiB) is reproducible.
GOOGLE_BOB (e5ac7206cba098635efbe2d9dab6f881656d5e657763561c633d2aebb1bedfd0, 8MiB) is reproducible.
GOOGLE_BUBS (63389679d1eefaae273bc408cca0c8ac4678a17f425294b3c37eaf3c485f1187, 8MiB) is reproducible.
GOOGLE_BURNET (ee915f5e0802c049f0c0f43e9bc36b57f14d1c6b42a459f620db542b013d8c2f, 8MiB) is reproducible.
GOOGLE_CERISE (57b76190a3560043e2c9fdbd1d143fe049a4a38ab907b70e282b204003ec6152, 8MiB) is reproducible.
GOOGLE_CHERRY (819b5602193653d6b318148a6cd968a2a7c26de57912327d8fec13fc38691bbf, 8MiB) is reproducible.
GOOGLE_CHINCHOU (f4d0547e9680d4318f8632f69d01d2c75f3a3169f8caee496acaebe6ce182b1f, 8MiB) is reproducible.
GOOGLE_CIRI (a2b5f341c89df71b40ba67a9077c2744e149276f2db253a320f9a750350a467c, 8MiB) is reproducible.
GOOGLE_COACHZ (08cd7cf81e213231991634958c0463f412bb7f0d178689094b9db1f02deaf935, 8MiB) is reproducible.
GOOGLE_COZMO (cf89aab12a1fff698879b659e1f526c930031cd38b43e516cd51ff9722fc4004, 8MiB) is reproducible.
GOOGLE_DAISY (b524806e2ecdeb048d13d43a232d2f4237a5dc26017bea0e9880b0f9d076b96f, 4MiB) is reproducible.
GOOGLE_DAMU (9b3d897de60b2774a45b1268e9ba6f373ba2534607b37352acb99325f823ce7f, 8MiB) is reproducible.
GOOGLE_DOJO (ba8530cd5ccf18b3129a4920d52282af330cad467876d5a4b31218dcee9621db, 8MiB) is reproducible.
GOOGLE_DOOKU (168b19f65fcc7bb7e7f5869ab872c8720a1ae5ddb2a7d2906a7fbc2f927829cf, 8MiB) is reproducible.
GOOGLE_ELM (10f8c8b8f97d3d4cc3b6cdfab4682162fcbf49b18e0d91aef6eb83a6f29832b8, 4MiB) is reproducible.
GOOGLE_ESCHE (63c8f7e40958048ca4502fc768ad8a438011cab589cfadd10a63f3b9d271b159, 8MiB) is reproducible.
GOOGLE_FATCAT (23af47860ed4ffeea676f75c318c764aabf3f19ed769d5ef4a04ff28bb0a5a99, 32MiB) is reproducible.
GOOGLE_FATCAT4ES (04b0a3608f7081e0bcf22dd621891165f237dbe77ef8b1ab6929aa60e05b65c0, 32MiB) is reproducible.
GOOGLE_FATCATISH (784ffa68223a486275ae560ecd7b59486e5bff2ac913c2e0c7b54c762c563721, 32MiB) is reproducible.
GOOGLE_FATCATITE (4186e8a211413532823954e0142d6337d456e49f2e1d7ffbe0145ca5731d648d, 32MiB) is reproducible.
GOOGLE_FATCATITE4ES (790fcc065138db3bd5e85808d750790dd79015e49e217aa02f92d3cc0f5e1d08, 32MiB) is reproducible.
GOOGLE_FATCATNUVO (435b1d83e72747b42dea3472e21032b7d3d7f52f19b943b4e2b71323b1fb3524, 32MiB) is reproducible.
GOOGLE_FATCATNUVO4ES (4ab90726213aa26241e784ce51995caac5ccbb072f3e7dfd457c21a1fa35163d, 32MiB) is reproducible.
GOOGLE_FELINO (19e8ee64839eaa703a0d8335f88f136386715400bf06f7adde94b6505f654507, 32MiB) is reproducible.
GOOGLE_FELINO4ES (ab9bbeabb9cd6a616f1b744382dce9d9d35df347ed59d585c366b15d1af5912f, 32MiB) is reproducible.
GOOGLE_FENNEL (0b4badb94544e4a93d6140ef47340b1c2c6971c44462d002de43b72649d16635, 8MiB) is reproducible.
GOOGLE_FLAPJACK (7f2ca3d55bfc237aaa853e46aac34601d84d403359ab508c8a18dc4521739368, 8MiB) is reproducible.
GOOGLE_FOSTER (e88806e8ee5c65684da90cff579eae6a1288d0ba111e969d3ef2ac8b74227e2f, 4MiB) is reproducible.
GOOGLE_FRANCKA (78af1c53cb27b5dd6fc07d8b4a265aa6560b005e5517c0179e08c8df33f0b2ac, 32MiB) is reproducible.
GOOGLE_GALE (97ce035d31e6c9f6e7e7025438515bea31ecb32453da5eb0b03708e44ed5dde6, 8MiB) is reproducible.
GOOGLE_GELARSHIE (15d77f7f22c0b1f0634ff7f356f60ec024bcab0372f595c84f3562f493f178ec, 8MiB) is reproducible.
GOOGLE_GERALT (a99f86ec8b23085cf5e23f559f99e31c1235bdf5eef0e15459f836c81305677f, 8MiB) is reproducible.
GOOGLE_GROGU (20862dc8022649631604f245a652b8ccdc0827fac42eba82804ba658b6bcb76e, 8MiB) is reproducible.
GOOGLE_GRU (00ca7397de99cda3da2b23ab75b944cc7d95120bb14350bba61e9ac8294213b6, 8MiB) is reproducible.
GOOGLE_HANA (5f132c509a1742cd9165f2a85b00012acc3d982548755df300199ff62e9e7c0e, 4MiB) is reproducible.
GOOGLE_HAYATO (cdf0e9ec2066686ea98e590585f042dd4ec95364fd5f32a467b60843bdfabd0c, 8MiB) is reproducible.
GOOGLE_HOMESTAR (8f37ed263790df54e49cc3fedb4d72ac770245ea55cbff07faeea37c4264b7ec, 8MiB) is reproducible.
GOOGLE_HYLIA (5834e7dbe48f3823b2604c8e45b6e83477f88234a2b0be2579637e8ba2e4b94c, 8MiB) is reproducible.
GOOGLE_JACUZZI (977157f55a0896a15bcbf5d9330fad68a462d719b469534a2a8d973cdd963d5c, 8MiB) is reproducible.
GOOGLE_JUNIPER (5da08ed660950e98cc3a0015e4baea8eba934db6af9d845605b4a0eadbecdd5b, 8MiB) is reproducible.
GOOGLE_KAKADU (3663dc8279dcd1f7e4c4d5d47c2d148055a7a0b4dc3b570b6cde38144efa8b41, 8MiB) is reproducible.
GOOGLE_KAPPA (7b2707cf3ac22d8f05ed17949d93b74ec0ee5741ddb75daf89bf73cef3b99f18, 8MiB) is reproducible.
GOOGLE_KATSU (f9fc9c4251d3ab5fb1b42d9569d73eca5ab5f879069e7d6a63edbfc2c0c5f720, 8MiB) is reproducible.
GOOGLE_KEVIN (7006a563e3844727b19385b7f086176bd0bb7d602770da8e281481dd5b6e0162, 8MiB) is reproducible.
GOOGLE_KEVIN_SECDATA_MOCK (65c59b2ca8400f413e1dd796b143466bcefd28d88d8fda542ebe1ca0c1639f54, 8MiB) is reproducible.
GOOGLE_KINGLER (13301628367b28bb4758e9b3f2f4c78aadad45988deb1ada1d25f3c31332a410, 8MiB) is reproducible.
GOOGLE_KINGOFTOWN (50fe4f2c118a76eca5a0581a73e8bdf9f37bc68c4a9ec4dbea6739db4daa4444, 8MiB) is reproducible.
GOOGLE_KINMEN (ccde42055e679eef8476e574d1e825435879b114582bf243e590c913ef7c4234, 32MiB) is reproducible.
GOOGLE_KINMEN4ES (6aa5ddd4cbd6e582954bea71a6d7f5273f5d4dc77a1460500ce2ea275f24ed23, 32MiB) is reproducible.
GOOGLE_KODAMA (45e1765266c7162a658bfbc7a7d4129cff319e7f731b2cc4869f0eddbd70b34e, 8MiB) is reproducible.
GOOGLE_KODKOD (28f585521714180a8147c31404039687a115b84bfe4c693e01e3763b6d0cf370, 32MiB) is reproducible.
GOOGLE_KRABBY (62dcac5bfd10322fe731d4db765dd40f4fec4e7297f8e6e69ee75c12cb5a8302, 8MiB) is reproducible.
GOOGLE_KRANE (fc69df927989226a59c9ba548279f0aacf3ea0cedd6c63f4e6195dd0cc4eb541, 8MiB) is reproducible.
GOOGLE_KUKUI (c80c1831eb3612f5cd9cda8cc5bbc47cbcd3a5bebacefd22175de00558bd3833, 8MiB) is reproducible.
GOOGLE_KYOGRE (c27174adaf5814d2fc54d9c614dfc9e69831cc15681c83067655e2232727c0e5, 8MiB) is reproducible.
GOOGLE_LAPIS (a938a7cab2327144b33de7b67f179a09e59f7519e7e0d0771215e8986b1765f4, 32MiB) is reproducible.
GOOGLE_LAZOR (f54258f95ff8a56ee958b8a596388816cf0fadd6e2607532e18b18418ebd7342, 8MiB) is reproducible.
GOOGLE_MAGIKARP (972253aba572f2cb1ca3234944f727476a83ee8fb71bc5a5239b18d482571d29, 8MiB) is reproducible.
GOOGLE_MAKOMO (b144454ae7495cc275be20b0ee690f7670147ad5505c6b69e1f1a0e767d2e486, 8MiB) is reproducible.
GOOGLE_MARZIPAN (46668296fa9455ed569e54022ca995d1acc7b646597046845bb5b6d32d3620a0, 8MiB) is reproducible.
GOOGLE_MATSU (02035ba81d868b523a3e76368ddbe9b30879b2a315fc7326249c8935725f27da, 32MiB) is reproducible.
GOOGLE_MISTRAL (2ce6cf7019d94a5ea66cc3a54a54583f0f6864a8743dfcf5ae54af742bc10194, 8MiB) is reproducible.
GOOGLE_MOONSTONE (ef645b1fcc0e5ce246f44c41370cb2d30b994b47e78c5d5264a99aa42f9c52f2, 32MiB) is reproducible.
GOOGLE_MRBLAND (433bc56cc06c33fdb3cd85c3caea01863264d6ff8e63383935c4fe52b6d77c7f, 8MiB) is reproducible.
GOOGLE_MUNNA (aa3a1fdf0dbaf03c7ebffb48325ef60aeb6be34a91bf8a3f8a18ff10b481a7f4, 8MiB) is reproducible.
GOOGLE_NAVI (ad4e5df2452b915d9dda7c853cff6a10a37b0798523493418a0e34cc77e7fbb7, 8MiB) is reproducible.
GOOGLE_NEFARIO (72dcbecf23785921d4c41460a8ca124093d9c42f001c26f748102c298e7a940a, 8MiB) is reproducible.
GOOGLE_NYAN (b617fb4fcf55b40c954a7f8a3af4d27125edb947084ba26bd39148dca9c4883f, 4MiB) is reproducible.
GOOGLE_NYAN_BIG (42fea9538a39cc11e7f306ed6610e3f947068404e02c6aacb010840f6932e29b, 4MiB) is reproducible.
GOOGLE_NYAN_BLAZE (e425c03199e55841e09061a7eade4826c120a061828476813bee40d13f2de0c8, 4MiB) is reproducible.
GOOGLE_OAK (1528bdaf788d7d22e36bf4e199ad4da1de0ea612c2d77a8248ab7ad330533b31, 4MiB) is reproducible.
GOOGLE_OBIWAN (e0d52e75c5ad9bfba962bc09f6cd212eeba3be75d6aa18ff060e0a6ab66305c4, 8MiB) is reproducible.
GOOGLE_OCELOT (36541c8ebf4b8ec5388311fe28302bbad6edc521010263588b098f455454125a, 32MiB) is reproducible.
GOOGLE_OCELOT4ES (9fff8b3746e842116e073a33cadb9ee72d1c7ca6171a8c4fd19b0b6c29ddea77, 32MiB) is reproducible.
GOOGLE_OCELOTITE (5835d5fd00e3048acaf31f870b456293956645cd4fe64fbfc4087c1b3a63dc1e, 32MiB) is reproducible.
GOOGLE_OCELOTITE4ES (c81cc78a81f52a25aa849172b19a09d86bf22ff55422ba62e3bb368cb0ba32b9, 32MiB) is reproducible.
GOOGLE_OCELOTMCHP (a4a4c394386e94427783a1853102595a80e2eb0c42194ea7b9748f9098f41ef5, 32MiB) is reproducible.
GOOGLE_OCELOTMCHP4ES (f5b9a3a6a58ae1e81c0e13634bd2b822816a18c2974909187ce9dd9fff5dd601, 32MiB) is reproducible.
GOOGLE_OJAL (d776710d199f1ffa2449ed097afc35ca9fcec8a165a456b01788c31e453067de, 32MiB) is reproducible.
GOOGLE_PADME (4fd60cecf63ccab029a3d67b21b0d411cb8c03003b2b0dea02c784d270ab35f8, 8MiB) is reproducible.
GOOGLE_PAZQUEL (516ad8446f09932b294be39d6455b5a0906d8d564945a6cf74dbf113734e8465, 8MiB) is reproducible.
GOOGLE_PEACH_PIT (8915d9f3c7829900f874d5eb78f27fb49998fb0d5259e4d9b6842093275aff40, 4MiB) is reproducible.
GOOGLE_PICO (c0f1f7752492b71600f41d85f7617d243547b5e2ed740c718eda28a88abd955d, 8MiB) is reproducible.
GOOGLE_POMPOM (ed447e36b8842274ca2e8e4f1edc0118db00fa2d9b68f98f9e581c9aa20c663a, 8MiB) is reproducible.
GOOGLE_PONYTA (de80feb4cf3e69e8ec6733e37b3e7bcc5e207664d7897b875a0f47637a12acd1, 8MiB) is reproducible.
GOOGLE_QUACKINGSTICK (22ea8150798e6455c18de235eaaa8207e40cadac7630130487a517e0ac4d4340, 8MiB) is reproducible.
GOOGLE_QUARTZ (62e37678ee23f00acc85b800ca9f955a9669351e509a8f31310fd1e6d2d27348, 32MiB) is reproducible.
GOOGLE_QUENBI (ea499fb3e310fe8e4c380011610b99cd1e26f1c89701ab20d8d71112d890159f, 32MiB) is reproducible.
GOOGLE_QUENBIH (0464b05661230842417f839c34af3185a32b8f649695a0209e8aba88e8b68fc9, 32MiB) is reproducible.
GOOGLE_RAINIER (f05d1e10efde4fecf3aea076726b2271a8d82f6b7f56d09ec05370e4fd365d26, 8MiB) is reproducible.
GOOGLE_RAURU (6a114a846efcc16cb78bc167a5d7a4ec3433598c253620231e554542cbc9dc4f, 8MiB) is reproducible.
GOOGLE_RUBY (c3c56773fa8d30bf8fa636548ee1db1b384b82e68ebd284be87f3e18e78770df, 32MiB) is reproducible.
GOOGLE_SAPPHIRE (0949fc8aa11e633a5fc372da6a2a52582b0d0261957f6165be0764ed8bf33d6f, 8MiB) is reproducible.
GOOGLE_SCARLET (f1538b4bc3e498e63f0f4f8282915b6fdc11a308c2ff2378c9fdbd3dc067532f, 8MiB) is reproducible.
GOOGLE_SKITTY (67d14774eb76e68d4474682494fe817e3d248fc569c0f48be959414ad98f99b4, 8MiB) is reproducible.
GOOGLE_SKYWALKER (aab83afada9a7985bd4926090a797f004990e844fbcc115631a2e6f3e4fc5db0, 8MiB) is reproducible.
GOOGLE_SMAUG (dd79a39be8a380d327b719efaa14103c2d06b16e48144106669890955c589965, 16MiB) is reproducible.
GOOGLE_SPHERION (702b22de9d08fa110c941f0ce3080366716c7099c3fa2f494311aaea88144740, 8MiB) is reproducible.
GOOGLE_SQUIRTLE (a8acd3db27565822e2192579907dd32ab8513a6e9e07e7ac70cfe01c6d829e0e, 8MiB) is reproducible.
GOOGLE_STARMIE (85bcc73da5701c932e66863dd079cb9b252581e2cd84bdd7aa67e0d454b6f0cc, 8MiB) is reproducible.
GOOGLE_STEELIX (1671b4551561cfdb4f74a6619a85f5160d93e412ece25175b06fca2aacef8592, 8MiB) is reproducible.
GOOGLE_STERN (c39cdc1c1ebe7f627598f33004b8c9aca5e2ac3369ff247d7ac4d089034a0490, 8MiB) is reproducible.
GOOGLE_STORM (8b31e4f3df95cbfda15482c8adba068d7b07a7db266499a968aa53257ba38990, 8MiB) is reproducible.
GOOGLE_TARKIN (277ec9fc08c81fb6b909b199b1819098ab0128a7d152565c2ad028b505389dfb, 8MiB) is reproducible.
GOOGLE_TENTACRUEL (b62c68092ea10aa4fe56b118b2250f9ff36cca2ac450cb1bf256bc805a31a2af, 8MiB) is reproducible.
GOOGLE_TOMATO (2897996cd03f48b36f9752ab13745e58025f999b139eedc790ec96b8027be2fe, 8MiB) is reproducible.
GOOGLE_TROGDOR (7c9af9ded3b797b6304d670dd1f994969de581e477a6be33c17cb9b729f84111, 8MiB) is reproducible.
GOOGLE_VELUZA (45e19020b9a5b654938eb6a2ce41dc5f91a6c33aa05aae83c0cd9dab9801fb87, 8MiB) is reproducible.
GOOGLE_VEYRON_JAQ (f4205e283a6b4b61540ef2bd168790534454f87ab4eabab7bc360f17ce89585a, 4MiB) is reproducible.
GOOGLE_VEYRON_JERRY (9f5474241495c5c5cef230eacb4aac8a9113037d4b26254ebbbbad20a3f286c5, 4MiB) is reproducible.
GOOGLE_VEYRON_MICKEY (d88f9918125c4b0561b2751119eb68c375726c50e9d90b8ecafbbfb646d0a6ce, 4MiB) is reproducible.
GOOGLE_VEYRON_MIGHTY (7abde8bbb3e609600cdd530c1655a1f125d6aafcd07fd35aa13d17f748ed4333, 4MiB) is reproducible.
GOOGLE_VEYRON_MINNIE (77b237e0a8a83331ee0a3e2f62a1172f1b401e49af87e6da7ea770b5495eb3ff, 4MiB) is reproducible.
GOOGLE_VEYRON_RIALTO (ad872e39f91b55d9477defeb70e79e68734bced8e289fbc8fce3d2c19090a0af, 4MiB) is reproducible.
GOOGLE_VEYRON_SPEEDY (3c57a4d0f0ae560632db5f4fcbd9352ac2a75d545c6f619d10f896bf258c4376, 4MiB) is reproducible.
GOOGLE_VOLTORB (783dddd9ca58982cb9d03e281899c86cefbac5c824d8cb220286b004103ad1f0, 8MiB) is reproducible.
GOOGLE_WILLOW (32f44d881daab6cf6e5cd4fb8e05e50367156279f17a1f73093e694de67cef38, 8MiB) is reproducible.
GOOGLE_WORMDINGLER (80957cb92eb511454387cbcae9787d5f19fe491e64ba95ae0af2aa71bdad6740, 8MiB) is reproducible.
GOOGLE_WUGTRIO (96e8ffcdbb8f8a7083364976125f7385757b753b9ca3a957aaa23383f0e87bc9, 8MiB) is reproducible.
GOOGLE_WYRDEER (2319e7cc9e0501c4ec60610c5cfb71c4661fe47683a70b6d769a1d869625b5b6, 8MiB) is reproducible.
GOOGLE_YODA (cb1f27012060a197305dc4a6fe34cc7370f2fe22c65491684b4adea119f4e15c, 8MiB) is reproducible.
INTEL_FROST_CREEK (33a3f16bf13153abfed3684389dffc6c20585fdbe0e397b2b31eb0f0d388a3ef, 32MiB) is reproducible.
INTEL_PTLRVP (207e9790531073aa55b3a3191a6a1cab15bd8d58e72ddbe7ea0f603a2ec8cace, 32MiB) is reproducible.
INTEL_PTLRVP4ES (0bddce274c4f1ee77792e669a83a5f5a17350e84f627e6f06d5e19c483744d31, 32MiB) is reproducible.
INTEL_PTLRVP_CHROMEEC (5d50a0ec87d1b8124325e7a6da1014e15373fbf833ab8bdbbe61120a67fcef93, 32MiB) is reproducible.
INTEL_PTLRVP_CHROMEEC4ES (8c119f91abaef4be9f5d356a7ff8d6d36da1b5c5632aa84f3627232db1dee32f, 32MiB) is reproducible.
OPENCELLULAR_ELGON (8f3880caa3d721e6c8471bc9ae72e7d96e34d721340a86458ede895a02f10356, 16MiB) is reproducible.
PCENGINES_APU2 (6475efe81b188b044f1829ebcb410220f596b405747e50fecb5b9bd2e7c9db13, 8MiB) is reproducible.
PCENGINES_APU2_ (8e3cf443ef08c9b1e66e9724358c8fce1a7cbf2b856c0d7a50e1fb9bd93d3f55, 8MiB) is reproducible.
PCENGINES_APU3 (8eccfb4c3f6aecc341fdebe841418db2fe9f6da89b9dbdc4b238c38708ddc5b9, 8MiB) is reproducible.
PCENGINES_APU3_ (eecde6ea444e23e7ebe560e8110db8095ee842966a96a2c157499049bbcf4831, 8MiB) is reproducible.
PCENGINES_APU4 (9b9cab8741681da4a37e2d41b6fd5fe44eca815cd796d3f0b97fe2d1a4425676, 8MiB) is reproducible.
PCENGINES_APU4_ (79f2f126c98229c60917c37d4e351c57e65ff8c038eda987122a881f32806de8, 8MiB) is reproducible.
PCENGINES_APU5 (666e5a652456dc26df6000ace32f5161345ae788c43710880243b69afeec2eec, 8MiB) is reproducible.
PCENGINES_APU5_ (b510a8b3fe6a0a522a01951cb38ac21105c4f080764227434e02a989d3f36675, 8MiB) is reproducible.
PINE64_ROCKPRO64 (5b168e34a5685d2ebb6e2e14be780c9c77aae429b2d2c53388d5103d8ada4857, 16MiB) is reproducible.
TI_BEAGLEBONE (731090bc880de2d153900be8f7d2f29e7a922ad46b940ad5ae4042d609c6b16c, 32MiB) is reproducible.
VIA_EPIA_EX (fb50d54f0c7f01afd0308b94c4056cadb66eb40722460677e4855ebf687fad97, 512KiB) is reproducible.

commit d62653749cfa2ff4f13d93570363815fa8a3373b
Author: Karthikeyan Ramasubramanian 
Date:   Fri Oct 31 14:06:10 2025 -0600

    payloads/libpayload: Support legacy LZ4 compression format
    
    Linux kernel images from upstream tree are compressed using legacy LZ4
    format and not the modern LZ4 format. Hence support legacy LZ4
    compression format to decompress and boot upstream Linux kernel images.
    Also add unit test case to verify the currently supported LZ4
    compression format as well as legacy LZ4 compression format.
    
    References:
    * https://github.com/lz4/lz4
    
    BUG=None
    TEST=make tests/liblz4/lz4-test
    [==========] tests_liblz4_lz4-test(tests): Running 4 test(s).
    [ RUN      ] test_lz4
    [       OK ] test_lz4
    [ RUN      ] test_lz4_partial_decompression
    [       OK ] test_lz4_partial_decompression
    [ RUN      ] test_legacy_lz4
    [       OK ] test_legacy_lz4
    [ RUN      ] test_legacy_lz4_partial_decompression
    [       OK ] test_legacy_lz4_partial_decompression
    [==========] tests_liblz4_lz4-test(tests): 4 test(s) run.
    [  PASSED  ] 4 test(s).
    
    Change-Id: I7e3d407fc313e0937fd8d327840534de60d8c625
    Signed-off-by: Karthikeyan Ramasubramanian 
    Reviewed-on: https://review.coreboot.org/c/coreboot/+/89854
    Tested-by: build bot (Jenkins) 
    Reviewed-by: Julius Werner

cross toolchain source	sha256sum
acpica-unix-20250807.tar.gz	eaca4c0248db872a055ab38b0deab4f5f577d1a0cada0fcbc0d80955e2a98e33
binutils-2.45.tar.xz	c50c0e7f9cb188980e2cc97e4537626b1672441815587f1eab69d2a1bfbef5d2
gcc-14.2.0.tar.xz	a7b39bc69cbf9e25826c5a60ab26477001f7c08d85cec04bc0e29cabed6f3cc9
gmp-6.3.0.tar.xz	a3c2b80201b89e68616f4ad30bc66aee4927c3ce50e33929ca819d5c43538898
mpc-1.3.1.tar.gz	ab642492f5cf882b74aa0cb730cd410a81edcdbec895183ce930e706c1c759b8
mpfr-4.2.2.tar.xz	b67ba0383ef7e8a8563734e2e889ef5ec3c3b898a01d00fa0a6869ad81c6ce01

Debian 13.1 package on amd64	installed version
gcc	4:14.2.0-1
g++	4:14.2.0-1
make	4.4.1-2
cmake	3.31.6-2
flex	2.6.4-8.2+b4
bison	2:3.8.2+dfsg-1+b2
pkg-config	1.8.1-4