diff mbox series

[meta-security,1/4] dm-verity: ensure people don't ignore the DISTRO_FEATURES warning

Message ID 20230510150442.2427548-2-paul.gortmaker@windriver.com
State New
Headers show
Series dm-verity: add instructions for systemd x86-64 | expand

Commit Message

Paul Gortmaker May 10, 2023, 3:04 p.m. UTC
From: Paul Gortmaker <paul.gortmaker@windriver.com>

Some platform creators tend to list a whole bunch of layers by
default in conf/bblayers.conf.  Without getting into the debate of
whether that is a good idea, it can tend to have the effect of
people seeing the meta-security DISTRO_FEATURES warning time and
time again and becoming essentially numb to it.

After having fallen into this trap myself, I figured it was worth
the extra mention in the dm-verity doc so there is a better chance
of users realizing "hey - this applies to me!".

Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
 docs/dm-verity.txt | 2 ++
 1 file changed, 2 insertions(+)
diff mbox series


diff --git a/docs/dm-verity.txt b/docs/dm-verity.txt
index 602a82693930..ce1839520982 100644
--- a/docs/dm-verity.txt
+++ b/docs/dm-verity.txt
@@ -31,6 +31,8 @@  Kernel Configuration
 Kernel configuration for dm-verity happens automatically via IMAGE_CLASSES
 which will source features/device-mapper/dm-verity.scc when dm-verity-img
 is used. [See commit d9feafe991c]
+IMPORTANT: As per the top level README, you *must* put security in the
+DISTRO_FEATURES, or else you won't get the dm-verity kernel settings.
 Supported Platforms