security-manual: warn about "root-login-with-empty-password" fragment

Mention that the development-related features that make an image less
secure might have also been added via a configuration fragment.

Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>

---

Hi,

On Thu Jun 18, 2026 at 3:09 PM CEST, Robert P. J. Day wrote:
>
> Mention that the development-related features that make an image less
> secure might have also been added via a configuration fragment.
>
> Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
>
> ---
>
> diff --git a/documentation/security-manual/securing-images.rst b/documentation/security-manual/securing-images.rst
> index 952808f3b..5493b32aa 100644
> --- a/documentation/security-manual/securing-images.rst
> +++ b/documentation/security-manual/securing-images.rst
> @@ -108,6 +108,13 @@ system to make your images more secure:
>     logging in for debugging or inspection easy during development but
>     also means anyone can easily log in during production.
>
> +   .. note::
> +
> +      It is also possible to set those same image features by including the
> +      :term:`OpenEmbedded-Core (OE-Core)` configuration fragment
> +      ``root-login-with-empty-password.conf``, so make sure that that
> +      fragment has not been activated for your build configuration.
> +
>  -  It is possible to set a root password for the image and also to set
>     passwords for any extra users you might add (e.g. administrative or
>     service type users). When you set up passwords for multiple images or

I'd rather replace the paragraph with an instruction on how to enable this
fragment, instead of an additional note. What do you think?

Antonin

On Thu, 18 Jun 2026, Antonin Godard via lists.yoctoproject.org wrote:

> Hi,
>
> On Thu Jun 18, 2026 at 3:09 PM CEST, Robert P. J. Day wrote:
> >
> > Mention that the development-related features that make an image less
> > secure might have also been added via a configuration fragment.
> >
> > Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
> >
> > ---
> >
> > diff --git a/documentation/security-manual/securing-images.rst b/documentation/security-manual/securing-images.rst
> > index 952808f3b..5493b32aa 100644
> > --- a/documentation/security-manual/securing-images.rst
> > +++ b/documentation/security-manual/securing-images.rst
> > @@ -108,6 +108,13 @@ system to make your images more secure:
> >     logging in for debugging or inspection easy during development but
> >     also means anyone can easily log in during production.
> >
> > +   .. note::
> > +
> > +      It is also possible to set those same image features by including the
> > +      :term:`OpenEmbedded-Core (OE-Core)` configuration fragment
> > +      ``root-login-with-empty-password.conf``, so make sure that that
> > +      fragment has not been activated for your build configuration.
> > +
> >  -  It is possible to set a root password for the image and also to set
> >     passwords for any extra users you might add (e.g. administrative or
> >     service type users). When you set up passwords for multiple images or
>
> I'd rather replace the paragraph with an instruction on how to enable this
> fragment, instead of an additional note. What do you think?

  except that the point of that section is to caution the developer as
to how to *not* have those image features selected. i can rewrite it
to explain the two ways that those features can be selected, then
caution against them. does that sound reasonable? or did you mean
something else?

rday