10-11, 12:15–12:45 (US/Pacific), Main Track
bit-for-bit identical binaries at the lowest levels
Reproducible Builds enables bit-for-bit identical comparison,
providing a strong link that the binaries used are the result of
building the source code.
Reproducible Builds enables bit-for-bit identical comparison,
providing a strong link that the binaries used are the result of
building the source code, enabling simple verification with
cryptographically strong checksums.
Having a reproducible build provides additional security properties
as well as benefits to software development processes.
This talk will explore some of the historic and recurring issues of
reproducible builds in various Open Source Firmware projects, as well
as tooling used to seek out, diagnose and troubleshoot reproducibility issues.
While much of the Reproducible Builds work to date has been on Free and Open
Source Software distributions, there has also been Reproducible Builds work
on several firmware projects including u-boot, trustedfirmware, opensbi and others!
Because firmware projects tend to be limited in scope, Open Source
Firmware projects make a great showcase for the viability of 100%
reproducibility!
We can do so much better than inscrutable black boxes!
Vagrant Cascadian works on the Reproducible Builds project and
maintains packages of several Open Source Firmwares in the Debian
project, including u-boot, trustedfirmware and opensbi. Vagrant spends
other free time fiddling with an open hardware based solar
photovoltaic system and getting thrown around as an aikidoist.