From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailgw02.zimbra-vnc.de (mailgw02.zimbra-vnc.de [148.251.102.236])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id CD74C44B663;
	Thu,  7 May 2026 17:39:02 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=148.251.102.236
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1778175544; cv=none; b=QWLDcj1wVRz5pR/H/SK3A8o0e5wr2ED73r76RN8MMVaj2o8Bj3DY7y1vETUT76RXZvCqneLpNnVTPWMOJ9wqrkesSUfa+52/+vbzxAB88zXRaBViGNBcjFW4Gs43cGd0Rzw0cEi8PXwE15cbkoPQ2gZxNujVEAp1w2e/DNNnIYE=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1778175544; c=relaxed/simple;
	bh=kQsNRrJf28E6KtNRje58wwPGUPof6BJutvNvCihBV60=;
	h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:
	 MIME-Version; b=ofFAbqZCdY1dhsxtxFXS69j0l4lHF4CCnOfHV/NzXi96zCC8dLBkrponn4y3O8EQ7kl7HniYBhIY42kNFfYs9zYVCWJh9SeHTU1GkVfHswkDiU3XBbS702SQxb36kUPWl+7q2jKfkKnhDcLBwog62Ge32/yGTklPBh4xLciIbw0=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=tngtech.com; spf=pass smtp.mailfrom=tngtech.com; dkim=pass (2048-bit key) header.d=tngtech.com header.i=@tngtech.com header.b=XuHCLdpV; arc=none smtp.client-ip=148.251.102.236
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=tngtech.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=tngtech.com
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=tngtech.com header.i=@tngtech.com header.b="XuHCLdpV"
Received: from zmproxy.tng.vnc.biz (zimbra-vnc.tngtech.com [35.234.71.156])
	by mailgw02.zimbra-vnc.de (Postfix) with ESMTPS id 03BBB200CD;
	Thu,  7 May 2026 19:39:01 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by zmproxy.tng.vnc.biz (Postfix) with ESMTP id CE88A1FB106;
	Thu,  7 May 2026 19:39:00 +0200 (CEST)
Received: from zmproxy.tng.vnc.biz ([127.0.0.1])
 by localhost (zmproxy.tng.vnc.biz [127.0.0.1]) (amavis, port 10032)
 with ESMTP id bdsHCv3ifai9; Thu,  7 May 2026 19:38:59 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by zmproxy.tng.vnc.biz (Postfix) with ESMTP id 413111FB1AB;
	Thu,  7 May 2026 19:38:59 +0200 (CEST)
DKIM-Filter: OpenDKIM Filter v2.10.3 zmproxy.tng.vnc.biz 413111FB1AB
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tngtech.com;
	s=B14491C6-869D-11EB-BB6C-8DD33D883B31; t=1778175539;
	bh=ewTLlgH3wjgbmawmgxSH5jKLCQxtbiTK2yElmdV8jCc=;
	h=From:To:Subject:Date:Message-ID:MIME-Version;
	b=XuHCLdpV0Bs9cyZdtlAq/Rro/NNlPecjBJaLPst36/CZsi479cdhLII8hKV0JLjjy
	 IDwFOpzkJL/bL3r3yH7f5XaPf8q4kQvYILNHEBtvKSW3NZoGJXXR3sYsk2rRm0Q7ps
	 Y/vNZrZJxSvyYvSsow+CXRhQBMfKXRMnTwKJGc9J+lbzm1k89VNfRlLliEg0JkqpVO
	 +zKHhmAuuzPdUEi4Q/Jfq+QZ3ytBYIdIIa+qPyEFMh0oY4PTHnhu07BUapnF9EyCaW
	 D8Xcqu/X01gslzaCiEf8kO6TwCKv1eID2BNT/4XLT/gQdHIb7AbvktSD0N2htZeQuW
	 RDS+yeLChmn5Q==
X-Virus-Scanned: amavis at zmproxy.tng.vnc.biz
Received: from zmproxy.tng.vnc.biz ([127.0.0.1])
 by localhost (zmproxy.tng.vnc.biz [127.0.0.1]) (amavis, port 10026)
 with ESMTP id mn90zOpFHqN2; Thu,  7 May 2026 19:38:59 +0200 (CEST)
Received: from luis-Precision-5480.. (ipservice-092-209-239-167.092.209.pools.vodafone-ip.de [92.209.239.167])
	by zmproxy.tng.vnc.biz (Postfix) with ESMTPSA id DDF651FB106;
	Thu,  7 May 2026 19:38:58 +0200 (CEST)
From: Luis <luis.augenstein@tngtech.com>
To: nathan@kernel.org,
	nsc@kernel.org
Cc: linux-kbuild@vger.kernel.org,
	linux-kernel@vger.kernel.org,
	akpm@linux-foundation.org,
	gregkh@linuxfoundation.org,
	kstewart@linuxfoundation.org,
	maximilian.huber@tngtech.com,
	Luis Augenstein <luis.augenstein@tngtech.com>
Subject: [PATCH v6 02/15] scripts/sbom: integrate script in make process
Date: Thu,  7 May 2026 19:38:14 +0200
Message-ID: <20260507173827.70949-3-luis.augenstein@tngtech.com>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20260507173827.70949-1-luis.augenstein@tngtech.com>
References: <20260507173827.70949-1-luis.augenstein@tngtech.com>
Precedence: bulk
X-Mailing-List: linux-kbuild@vger.kernel.org
List-Id: <linux-kbuild.vger.kernel.org>
List-Subscribe: <mailto:linux-kbuild+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kbuild+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

From: Luis Augenstein <luis.augenstein@tngtech.com>

integrate SBOM script into the kernel build process.

Assisted-by: Cursor:claude-sonnet-4-5
Assisted-by: OpenCode:GLM-4-7
Co-developed-by: Maximilian Huber <maximilian.huber@tngtech.com>
Signed-off-by: Maximilian Huber <maximilian.huber@tngtech.com>
Signed-off-by: Luis Augenstein <luis.augenstein@tngtech.com>
---
 .gitignore           |  1 +
 MAINTAINERS          |  6 ++++++
 Makefile             | 20 ++++++++++++++++++--
 scripts/sbom/sbom.py | 16 ++++++++++++++++
 4 files changed, 41 insertions(+), 2 deletions(-)
 create mode 100644 scripts/sbom/sbom.py

diff --git a/.gitignore b/.gitignore
index 3a7241c941f..f3372f15eb1 100644
--- a/.gitignore
+++ b/.gitignore
@@ -48,6 +48,7 @@
 *.s
 *.so
 *.so.dbg
+*.spdx.json
 *.su
 *.symtypes
 *.tab.[ch]
diff --git a/MAINTAINERS b/MAINTAINERS
index c3fe46d7c4b..419a1f70a3a 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -23657,6 +23657,12 @@ R:	Marc Murphy <marc.murphy@sancloud.com>
 S:	Supported
 F:	arch/arm/boot/dts/ti/omap/am335x-sancloud*
=20
+SBOM
+M:	Luis Augenstein <luis.augenstein@tngtech.com>
+M:	Maximilian Huber <maximilian.huber@tngtech.com>
+S:	Maintained
+F:	scripts/sbom/
+
 SC1200 WDT DRIVER
 M:	Zwane Mwaikambo <zwanem@gmail.com>
 S:	Maintained
diff --git a/Makefile b/Makefile
index 4f54c568563..06d1ccd9b96 100644
--- a/Makefile
+++ b/Makefile
@@ -777,7 +777,7 @@ endif
 # in addition to whatever we do anyway.
 # Just "make" or "make all" shall build modules as well
=20
-ifneq ($(filter all modules nsdeps compile_commands.json clang-%,$(MAKEC=
MDGOALS)),)
+ifneq ($(filter all modules nsdeps compile_commands.json clang-% sbom,$(=
MAKECMDGOALS)),)
   KBUILD_MODULES :=3D y
 endif
=20
@@ -1654,7 +1654,7 @@ CLEAN_FILES +=3D vmlinux.symvers modules-only.symve=
rs \
 	       modules.builtin.ranges vmlinux.o.map vmlinux.unstripped \
 	       compile_commands.json rust/test \
 	       rust-project.json .vmlinux.objs .vmlinux.export.c \
-               .builtin-dtbs-list .builtin-dtbs.S
+	       .builtin-dtbs-list .builtin-dtbs.S sbom-*.spdx.json
=20
 # Directories & files removed with 'make mrproper'
 MRPROPER_FILES +=3D include/config include/generated          \
@@ -1773,6 +1773,7 @@ help:
 	@echo  ''
 	@echo  'Tools:'
 	@echo  '  nsdeps          - Generate missing symbol namespace dependenc=
ies'
+	@echo  '  sbom            - Generate Software Bill of Materials'
 	@echo  ''
 	@echo  'Kernel selftest:'
 	@echo  '  kselftest         - Build and run kernel selftest'
@@ -2159,6 +2160,21 @@ nsdeps: export KBUILD_NSDEPS=3D1
 nsdeps: modules
 	$(Q)$(CONFIG_SHELL) $(srctree)/scripts/nsdeps
=20
+# Script to generate .spdx.json SBOM documents describing the build
+# ----------------------------------------------------------------------=
-----
+
+ifdef building_out_of_srctree
+sbom_targets :=3D sbom-source.spdx.json
+endif
+sbom_targets +=3D sbom-build.spdx.json sbom-output.spdx.json
+quiet_cmd_sbom =3D GEN     $(sbom_targets)
+      cmd_sbom =3D printf "%s\n" "$(KBUILD_IMAGE)" >"$(tmp-target)"; \
+                 $(if $(CONFIG_MODULES),sed 's/\.o$$/.ko/' $(objtree)/mo=
dules.order >> "$(tmp-target)";) \
+                 $(PYTHON3) $(srctree)/scripts/sbom/sbom.py;
+PHONY +=3D sbom
+sbom: $(notdir $(KBUILD_IMAGE)) include/generated/autoconf.h $(if $(CONF=
IG_MODULES),modules modules.order)
+	$(call cmd,sbom)
+
 # Clang Tooling
 # ----------------------------------------------------------------------=
-----
=20
diff --git a/scripts/sbom/sbom.py b/scripts/sbom/sbom.py
new file mode 100644
index 00000000000..9c2e4c7f17c
--- /dev/null
+++ b/scripts/sbom/sbom.py
@@ -0,0 +1,16 @@
+#!/usr/bin/env python3
+# SPDX-License-Identifier: GPL-2.0-only OR MIT
+# Copyright (C) 2025 TNG Technology Consulting GmbH
+
+"""
+Compute software bill of materials in SPDX format describing a kernel bu=
ild.
+"""
+
+
+def main():
+    pass
+
+
+# Call main method
+if __name__ =3D=3D "__main__":
+    main()
--=20
2.43.0