build_kernel_image: add warning for kernel parameters w.r.t. signing
BUG=None
TEST=Comment Only
Change-Id: I03fd7e875686c2f3ce78919d5f893cb2ecb10525
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosutils/+/2541322
Tested-by: George Engelbrecht <engeg@google.com>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Brian Norris <briannorris@chromium.org>
Commit-Queue: George Engelbrecht <engeg@google.com>
diff --git a/build_kernel_image.sh b/build_kernel_image.sh
index 364524f..8e3b134 100755
--- a/build_kernel_image.sh
+++ b/build_kernel_image.sh
@@ -6,6 +6,12 @@
# Helper script that generates the signed kernel image
+# All kernel command line changes must update the security base lines in
+# the signer. It rejects any settings it does not recognize and breaks the
+# build. So any kernel parameter changes that are made here needs to be
+# reflected in ensure_secure_kernelparams.config and deployed to production
+# signing before landed here.
+
SCRIPT_ROOT=$(dirname $(readlink -f "$0"))
. "${SCRIPT_ROOT}/common.sh" || exit 1