scripts/sbom: integrate script in make process

integrate SBOM script into the kernel build process.

Assisted-by: Cursor:claude-sonnet-4-5
Assisted-by: OpenCode:GLM-4-7
Co-developed-by: Maximilian Huber <maximilian.huber@tngtech.com>
Signed-off-by: Maximilian Huber <maximilian.huber@tngtech.com>
Signed-off-by: Luis Augenstein <luis.augenstein@tngtech.com>
Acked-by: Nathan Chancellor <nathan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/.gitignore b/.gitignore
index 3044b9590f058f94fb5334d75765444066488b8f..f0d35a9d591dbddcfa598f93d04fa3943198e5d8 100644 (file)
--- a/.gitignore
+++ b/.gitignore
@@ -49,6 +49,7 @@
 *.s
 *.so
 *.so.dbg
+*.spdx.json
 *.su
 *.symtypes
 *.tab.[ch]

diff --git a/MAINTAINERS b/MAINTAINERS
index c2c6d79275c6ebe7ab427c61a8381958cc88859d..36dac854a21dae62866ef2284195736705b9f520 100644 (file)
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -23903,6 +23903,12 @@ R:     Marc Murphy <marc.murphy@sancloud.com>
 S:     Supported
 F:     arch/arm/boot/dts/ti/omap/am335x-sancloud*
 
+SBOM
+M:     Luis Augenstein <luis.augenstein@tngtech.com>
+M:     Maximilian Huber <maximilian.huber@tngtech.com>
+S:     Maintained
+F:     scripts/sbom/
+
 SC1200 WDT DRIVER
 M:     Zwane Mwaikambo <zwanem@gmail.com>
 S:     Maintained

diff --git a/Makefile b/Makefile
index 9f59598d3a085ac0b6ebb73ab63b06160e6045ee..ec54f7d51cf43d6096f684326be3b8a759bb4f38 100644 (file)
--- a/Makefile
+++ b/Makefile
@@ -787,7 +787,7 @@ endif
 # in addition to whatever we do anyway.
 # Just "make" or "make all" shall build modules as well
 
-ifneq ($(filter all modules nsdeps compile_commands.json clang-%,$(MAKECMDGOALS)),)
+ifneq ($(filter all modules nsdeps compile_commands.json clang-% sbom,$(MAKECMDGOALS)),)
   KBUILD_MODULES := y
 endif
 
@@ -1692,7 +1692,7 @@ CLEAN_FILES += vmlinux.symvers modules-only.symvers \
               modules.builtin.ranges vmlinux.o.map vmlinux.unstripped \
               compile_commands.json rust/test \
               rust-project.json .vmlinux.objs .vmlinux.export.c \
-               .builtin-dtbs-list .builtin-dtbs.S
+              .builtin-dtbs-list .builtin-dtbs.S sbom-*.spdx.json
 
 # Directories & files removed with 'make mrproper'
 MRPROPER_FILES += include/config include/generated          \
@@ -1811,6 +1811,7 @@ help:
        @echo  ''
        @echo  'Tools:'
        @echo  '  nsdeps          - Generate missing symbol namespace dependencies'
+       @echo  '  sbom            - Generate Software Bill of Materials'
        @echo  ''
        @echo  'Kernel selftest:'
        @echo  '  kselftest         - Build and run kernel selftest'
@@ -2197,6 +2198,21 @@ nsdeps: export KBUILD_NSDEPS=1
 nsdeps: modules
        $(Q)$(CONFIG_SHELL) $(srctree)/scripts/nsdeps
 
+# Script to generate .spdx.json SBOM documents describing the build
+# ---------------------------------------------------------------------------
+
+ifdef building_out_of_srctree
+sbom_targets := sbom-source.spdx.json
+endif
+sbom_targets += sbom-build.spdx.json sbom-output.spdx.json
+quiet_cmd_sbom = GEN     $(sbom_targets)
+      cmd_sbom = printf "%s\n" "$(KBUILD_IMAGE)" >"$(tmp-target)"; \
+                 $(if $(CONFIG_MODULES),sed 's/\.o$$/.ko/' $(objtree)/modules.order >> "$(tmp-target)";) \
+                 $(PYTHON3) $(srctree)/scripts/sbom/sbom.py;
+PHONY += sbom
+sbom: $(notdir $(KBUILD_IMAGE)) include/generated/autoconf.h $(if $(CONFIG_MODULES),modules modules.order)
+       $(call cmd,sbom)
+
 # Clang Tooling
 # ---------------------------------------------------------------------------
 

diff --git a/scripts/sbom/sbom.py b/scripts/sbom/sbom.py
new file mode 100644 (file)
index 0000000..9c2e4c7
--- /dev/null
+++ b/scripts/sbom/sbom.py
@@ -0,0 +1,16 @@
+#!/usr/bin/env python3
+# SPDX-License-Identifier: GPL-2.0-only OR MIT
+# Copyright (C) 2025 TNG Technology Consulting GmbH
+
+"""
+Compute software bill of materials in SPDX format describing a kernel build.
+"""
+
+
+def main():
+    pass
+
+
+# Call main method
+if __name__ == "__main__":
+    main()