From b63e07e0b15f73a044ebf03cee8e9899800f831a Mon Sep 17 00:00:00 2001
From: Abhilasha Manna <amanna@qti.qualcomm.com>
Date: Wed, 19 Nov 2025 11:04:39 +0530
Subject: [PATCH] linux-qcom-next: Add hardening.config to kernel configuration

Kernel builds currently lack default security hardening options.
Add support to merge `hardening.config` during configuration using
merge_config.sh.

Introduce `KBUILD_CONFIG_EXTRA` (following KBUILD naming conventions)
for internal kernel configs like hardening.config, keeping them
separate from external fragments managed via SRC_URI.

This ensures consistent hardening across builds.

Signed-off-by: Abhilasha Manna <amanna@qti.qualcomm.com>
---
 recipes-kernel/linux/linux-qcom-next_git.bb | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/recipes-kernel/linux/linux-qcom-next_git.bb b/recipes-kernel/linux/linux-qcom-next_git.bb
index 8fa0118f6..580faa564 100644
--- a/recipes-kernel/linux/linux-qcom-next_git.bb
+++ b/recipes-kernel/linux/linux-qcom-next_git.bb
@@ -36,13 +36,12 @@ S = "${UNPACKDIR}/${BP}"
 KBUILD_DEFCONFIG ?= "defconfig"
 KBUILD_DEFCONFIG:qcom-armv7a = "qcom_defconfig"
 
-CONFIG_LIST =  "${@" ".join(find_cfgs(d))}"
-CONFIG_LIST += "${@bb.utils.contains('DISTRO_FEATURES', 'hardened', '${S}/kernel/configs/hardening.config', '', d)}"
+KBUILD_CONFIG_EXTRA = "${S}/kernel/configs/hardening.config"
 
 do_configure:prepend() {
     # Use a copy of the 'defconfig' from the actual repo to merge fragments
     cp ${S}/arch/${ARCH}/configs/${KBUILD_DEFCONFIG} ${B}/.config
 
     # Merge fragment for QCOM value add features
-    ${S}/scripts/kconfig/merge_config.sh -m -O ${B} ${B}/.config ${CONFIG_LIST}
+    ${S}/scripts/kconfig/merge_config.sh -m -O ${B} ${B}/.config ${@" ".join(find_cfgs(d))} ${KBUILD_CONFIG_EXTRA}
 }