Shi, Steven via llvm-dev
2019-Sep-27 06:08 UTC
[llvm-dev] Cross os/host reproducible build for uefi firmware
Hi Rui, Just let you know that we finally enabled the “cross os/host reproducible build” for Uefi firmware, which is to generate exactly same firmware release binary across different operating systems(e.g. Linux, Windows). The magic behind it is that we use the clang and llvm linker (lld) as the cross-OS build toolchain: https://github.com/lgao4/edk2/tree/CLANG9#cross-oshost-reproducible-build The “cross os/host reproducible build” is an extension for reproducible build (https://reproducible-builds.org/) and make the firmware binary to be real OS independent, which has several significant benefits for us: ・ Cut the validation/testing effort for different OS built binaries. ・ Harden firmware binary security, guarantee identical build results in different OS. ・ Easily to support customer and reproduce their build or runtime failures。 Thank you again for your help in our enabling work. LLVM is really cool! Thanks Steven -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20190927/538233ad/attachment.html>
Rui Ueyama via llvm-dev
2019-Sep-27 06:51 UTC
[llvm-dev] Cross os/host reproducible build for uefi firmware
Great news! For lld, we've been careful to make output reproducible, and we've been making efforts to make it easy for cross build, so it feels to me that we are rewarded. If you need any help/questions, feel free to ask. On Fri, Sep 27, 2019 at 3:08 PM Shi, Steven <steven.shi at intel.com> wrote:> Hi Rui, > > Just let you know that we finally enabled the “cross os/host reproducible > build” for Uefi firmware, which is to generate exactly same firmware > release binary across different operating systems(e.g. Linux, Windows). The > magic behind it is that we use the clang and llvm linker (lld) as the > cross-OS build toolchain: > https://github.com/lgao4/edk2/tree/CLANG9#cross-oshost-reproducible-build > > > > The “cross os/host reproducible build” is an extension for reproducible > build (https://reproducible-builds.org/) and make the firmware binary to > be real OS independent, which has several significant benefits for us: > > · Cut the validation/testing effort for different OS built > binaries. > > · Harden firmware binary security, guarantee identical build > results in different OS. > > · Easily to support customer and reproduce their build or runtime > failures。 > > > > Thank you again for your help in our enabling work. LLVM is really cool! > > > > > > Thanks > > Steven > > > > >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20190927/c4550b41/attachment.html>