Speaker
Maximilian Huber
Description
This talk presents KernelSBOM, a tool that reconstructs the complete
Linux kernel build graph by analyzing .cmd files to recover the exact
commands, inputs, and outputs used during compilation. KernelSBOM
generates three interlinked SPDX 3.0 documents—source, build, and
output—that comprehensively encode all build metadata and dependencies.
We demonstrate our approach, discuss its benefits for supply chain
security and compliance, and examine current limitations. Our ultimate
goal: make kernel SBOMs practical and integrate SBOM generation directly
into the kernel build process.