[PATCH 15/24] boards: qemu-virt: add security policies
Ahmad Fatoum
a.fatoum at pengutronix.de
Thu Aug 21 07:22:19 PDT 2025
Hi,
On 8/21/25 16:15, Sascha Hauer wrote:
> On Thu, Aug 21, 2025 at 08:57:10AM +0200, Ahmad Fatoum wrote:
>> Hi,
>>
>> On 8/20/25 15:17, Sascha Hauer wrote:
>>> From: Ahmad Fatoum <a.fatoum at barebox.org>
>>>
>>> To make it easier to experiment with security policies, add four example
>>> configurations, two via the build system and two "externally".
>>
>> The configs need a make security_olddefconfig due to the addition of the
>> new symbols in later commits.
>
> Indeed.
>
> One thing I just noticed is that the qemu-virt board is built for both
> 32bit and 64bit boards. The sconfig files are currently suitable for the
> 32bit variant, but enabling security policies in multi_v8_defconfig
> results in a
>
> Security policy qemu-virt-lockdown.sconfig.tmp was not up to date.
>
> This is not a problem since security policies are only enabled in
> virt32_secure_defconfig, but nevertheless that's something we might want
> to improve somehow.
You can get the same message too in multi_v7_defconfig if we start
configuring things differently to virt32_secure_defconfig..
There's potential for future improvement for sure, yes.
Cheers,
Ahmad
>
> Sascha
>
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
More information about the barebox
mailing list