Oct 04, 2023
SBoMs are becoming an important part of software security. That includes the security of firmware that follows the UEFI standard. US Government Executive Order 14028 and documents from the US Department of Commerce NTIA describe why SBoMs are important for security. The UEFI forum has created a SBoM team to develop guidance for the creation and delivery of SBoM data to the firmware ecosystem and end users. A part of this effort is to include SBoM metadata into platform firmware images. This blog contains a proposal for inclusion of such data in those firmware images. It is being posted here to generate discussions and feedback to the SBoM team as it develops its guidance and recommendations.