NIOS SDK SBOM/FOSS info

Question

Hi,Regarding CRA, more and more customers are approaching us with inquiries about FOSS (Free/Libre Open Source Software).Do we have FOSS information or a SBOM (Software Bill of Materials) for the NIOS SDK that we can share with customers?Br,Korbinian

liangyug_altera · Answer

Hi Korbinian,May I ask if the customers are referring to:Nios II Software Build Tools, orAshling RiscFree IDE for Altera FPGA?Nios II Software Build Tools is for the EOL-ed Nios II processor only. Since the Nios II processor is EOL-ed, the same goes with the tools. Thus, this request is likely not doable.Ashling RiscFree IDE for Altera FPGA is for Nios V processor only. We can request the FOSS / SBOM information from Ashling.Regards,Liang Yu

kw_arrow · Answer

Hi Liang Yu,Whether the processor is EOL (End of Life) or not does not matter in my understanding.The obligation to provide information arises from the use of the respective license. The customer has been using the FPGA unchanged with the Nios II for 10 years. The FPGA is also not EOL. Therefore, with every FPGA purchased, they bring the binaries generated with the tooling to the market.Now their customers are interested in actually demanding FOSS (Free and Open Source Software) information due to the CRA (Cyber Resilience Act). If this cannot be clarified technically (i.e., via the RD), it will likely come back to them through Legal in another area. At least I have noticed: Previously, customers did not care. Now, their Product Management is being confronted with corresponding inquiries.What can we do to get them the answers they need?Br,Korbinian

suec_altera · Answer

Hi Korbinian,The Altera security team recognizes that we need to provide CRAs for all of our IP, included EOL'd IP.&nbsp; They are working on a plan and will be sharing more with you and the community as the plan develops.Sue

liangyug_altera · Answer

Hi Korbinian,Ashling have replied to our request, and confirmed that the link below contains the requested SBOM for the Ashling RiscFree IDE.https://docs.altera.com/r/docs/730783/25.3.1/ashling-riscfree-integrated-development-environment-ide-for-altera-fpgas-user-guide/open-source-components-in-riscfree-ide&nbsp;As for Nios II SBT, it is still work in progress.Regards,Liang Yu

kw_arrow · Answer

Hi Liang Yu,Thanks! That will already be very useful for future requests.For this customer we need to wait for the Nios II Information. He is informed that Altera is working on this&nbsp;Br,Korbinian

Forum Discussion

NIOS SDK SBOM/FOSS info

5 Replies

Recent Discussions

licensing.altera.com never worked

NiosV and juart-terminal

NIOS V/m dbg_reset_out signal (Q25.1 Std, MAX10)

JTAG_UART stuck in printf

Ashling IDE scripted project creation