diff --git a/documentation/security-manual/securing-images.rst b/documentation/security-manual/securing-images.rst
index 952808f3b..5493b32aa 100644
--- a/documentation/security-manual/securing-images.rst
+++ b/documentation/security-manual/securing-images.rst
@@ -108,6 +108,13 @@ system to make your images more secure:
    logging in for debugging or inspection easy during development but
    also means anyone can easily log in during production.

+   .. note::
+
+      It is also possible to set those same image features by including the
+      :term:`OpenEmbedded-Core (OE-Core)` configuration fragment
+      ``root-login-with-empty-password.conf``, so make sure that that
+      fragment has not been activated for your build configuration.
+
 -  It is possible to set a root password for the image and also to set
    passwords for any extra users you might add (e.g. administrative or
    service type users). When you set up passwords for multiple images or