commit 17d39bd63aad16344d7358ccf73ab6244afcb9f0
author Bryan Freed <bfreed@chromium.org> Mon Jul 20 14:57:28 2015 -0700
committer ChromeOS Commit Bot <chromeos-commit-bot@chromium.org> Tue Jul 21 07:35:08 2015 +0000
tree abd8424763a8b65f6d7ab33decab49989441084a
parent ee1fcbb8537a972bcea1e936db290eaee41fb80b

Document a kernel command line security requirement.

If we add a kernel command line parameter (commonly done in
modify_kernel_command_line() of a board specific build_kernel.sh script),
the commit queue accepts the change, but the canary build cab break when
the signer test detects an unfamiliar (and possibly insecure) parameter.

BUG=none
TEST=none, inline comment only

Change-Id: I7ea25b73a791a24af7739d7cc5860cd168c964a4
Reviewed-on: https://chromium-review.googlesource.com/286893
Tested-by: Bryan Freed <bfreed@google.com>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Commit-Queue: Bryan Freed <bfreed@google.com>

build_kernel_image.sh

diff --git a/build_kernel_image.sh b/build_kernel_image.sh
index ff43262..5b52039 100755
--- a/build_kernel_image.sh
+++ b/build_kernel_image.sh
@@ -100,6 +100,13 @@
 # Munge the kernel command line.
 # Intended to be overridden by boards that wish to add to the command line.
 # $1 - Configuration file containing boot args.
+#
+# All kernel command line changes must update the security base lines in
+# the signer.  It rejects any settings it does not recognize and breaks the
+# build.  So any modify_kernel_command_line() function change here or in a
+# board specific build_kernel_image.sh needs to be reflected in
+# ensure_secure_kernelparams.config.
+# See https://chrome-internal-review.googlesource.com/#/c/216896 as an example.
 modify_kernel_command_line() {
   :
 }