Re: [isar-cip-core][PATCH] security-testing.yml: Add kas option for IEC layer testing

Jan Kiszka

On 05.07.22 13:14, Venkata.Pyla@... wrote:

-----Original Message-----
From: Jan Kiszka <jan.kiszka@...>
Sent: 05 July 2022 14:24
To: pyla venkata(TSIP TMIEC ODG Porting) <Venkata.Pyla@toshiba->; cip-dev@...
Cc: dinesh kumar(TSIP) <dinesh.kumar@...>; hayashi
kazuhiro(林 和宏 □SWC◯ACT) <kazuhiro3.hayashi@...>
Subject: Re: [isar-cip-core][PATCH] security-testing.yml: Add kas option for IEC
layer testing

On 04.07.22 19:21, venkata.pyla@... wrote:
From: venkata pyla <venkata.pyla@...>

This kas option file adds additonal packages required only while
testing using cip-security-tests[1].

Also it provides additional rootfs size required for testing.


Signed-off-by: venkata pyla <venkata.pyla@...>
kas/opt/security-testing.yml | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
create mode 100644 kas/opt/security-testing.yml

diff --git a/kas/opt/security-testing.yml
b/kas/opt/security-testing.yml new file mode 100644 index
--- /dev/null
+++ b/kas/opt/security-testing.yml
@@ -0,0 +1,20 @@
+# CIP Core, generic profile
+# Copyright (c) Toshiba Corporation, 2022 # # Authors:
+# Venkata Pyla <venkata.pyla@...> # #
+SPDX-License-Identifier: MIT #
+ version: 10
+ includes:
+ - kas/opt/security.yml
+ security_testing: |
+ IMAGE_PREINSTALL_append = " sshpass"
+ ROOTFS_EXTRA = "8192"
There is already kas/opt/test.yml. Can't we piggy-back on that one?
Would also already come with kconfig support.
Yes I thin so, we can also add security testing requirements in to test.yml,
but does it not create any side effect to the original test image?
security testing requirements adds additional package `sshpass` and increases
the rootfs size.

Or, can we select the local_conf_header fragment ('testing' or 'security_testing')
from the kconfig based on image is selected?
Adding Nobuhiro, he once wrote that. But I strongly suspect the impact
is not relevant, in both directions. If there should be, we can look
into image-specific additions, but via the same option file.

My goal here is to keep the number of kas option files low whenever
possible. From a user perspective, it does not matter if a regular or a
security image is augmented with testing features.


Siemens AG, Technology
Competence Center Embedded Linux

Join to automatically receive all group messages.