From 0a84a3dd00543adffdef4fcf5381faab2984541e Mon Sep 17 00:00:00 2001 From: Bruce Ashfield Date: Wed, 6 Nov 2024 21:29:08 -0500 Subject: [PATCH] kernel-yocto: allow cfg fragments to be specified as required When .scc files are used, a configuration fragment can be declared as "hardware" (required) or "non-hardware" (optional). By default the configuration audit only warns about hardware options. We can extend that default level of auditing to configuration fragments that are on the SRC_URI or in KERNEL_FEATURES by adding the ability to put a specifier after the fragment. i.e. KERNEL_FEATURES:append = 'hardening.config:required' This is particular useful for fragments that are outside of the kernel-cache (in a layer, in a kernel tree, etc) Signed-off-by: Bruce Ashfield Signed-off-by: Richard Purdie --- meta/classes-recipe/kernel-yocto.bbclass | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/meta/classes-recipe/kernel-yocto.bbclass b/meta/classes-recipe/kernel-yocto.bbclass index 66602d35940..e73adcc725b 100644 --- a/meta/classes-recipe/kernel-yocto.bbclass +++ b/meta/classes-recipe/kernel-yocto.bbclass @@ -271,6 +271,9 @@ do_kernel_metadata() { KERNEL_FEATURES_FINAL="" if [ -n "${KERNEL_FEATURES}" ]; then for feature in ${KERNEL_FEATURES}; do + feature_as_specified="$feature" + feature="$(echo $feature_as_specified | cut -d: -f1)" + feature_specifier="$(echo $feature_as_specified | cut -d: -f2)" feature_found=f for d in $includes; do path_to_check=$(echo $d | sed 's/^-I//') @@ -288,7 +291,7 @@ do_kernel_metadata() { bbfatal_log "Set KERNEL_DANGLING_FEATURES_WARN_ONLY to ignore this issue" fi else - KERNEL_FEATURES_FINAL="$KERNEL_FEATURES_FINAL $feature" + KERNEL_FEATURES_FINAL="$KERNEL_FEATURES_FINAL $feature_as_specified" fi done fi -- 2.47.3