Skip to content

Commit 5ab5518

Browse files
abhilash-mannaabhilash-manna
committed
meta-qcom: include "hardened" distro feature by default
- Enabled the hardened feature as part of the default build configuration. - Improves baseline security without requiring manual opt-in. - Aligns with best practices for secure and robust builds. Signed-off-by: Abhilasha Manna <[email protected]>
1 parent 81d6358 commit 5ab5518

File tree

2 files changed

+2
-2
lines changed

2 files changed

+2
-2
lines changed

ci/base.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -39,7 +39,7 @@ local_conf_header:
3939
IMAGE_CLASSES += "image_types_qcom"
4040
IMAGE_FSTYPES += "qcomflash"
4141
extra: |
42-
DISTRO_FEATURES:append = " efi pni-names"
42+
DISTRO_FEATURES:append = " efi pni-names hardened"
4343
EXTRA_IMAGE_FEATURES = "allow-empty-password empty-root-password allow-root-login"
4444
IMAGE_ROOTFS_EXTRA_SPACE = "307200"
4545
WATCHDOG_RUNTIME_SEC:pn-systemd = "30"

recipes-kernel/linux/linux-qcom-next_git.bb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,7 @@ S = "${UNPACKDIR}/${BP}"
3636
KBUILD_DEFCONFIG ?= "defconfig"
3737
KBUILD_DEFCONFIG:qcom-armv7a = "qcom_defconfig"
3838

39-
CONFIG_LIST = "${@" ".join(find_cfgs(d))}"
39+
CONFIG_LIST = "${@" ".join(find_cfgs(d))}"
4040
CONFIG_LIST += "${@bb.utils.contains('DISTRO_FEATURES', 'hardened', '${S}/kernel/configs/hardening.config', '', d)}"
4141

4242
do_configure:prepend() {

0 commit comments

Comments
 (0)