How to check the CVE status in OpenSTLinux

Revision as of 10:49, 21 June 2023 by Registered User
This message will disappear after all relevant tasks have been resolved.
Semantic MediaWiki
There are 1 incomplete or pending task to finish installation of Semantic MediaWiki. An administrator or user with sufficient rights can complete it. This should be done before adding new data to avoid inconsistencies.
Renaming.png This page is a candidate for renaming (move).
The requested new name is: How to check the CVE status in OpenSTLinux .
The supplied reason is: Added the article. .
-- Registered User (-) 10:49, 21 June 2023 (CEST).
Wiki maintainers: remember to update the pages that link this page before renaming (moving) it.
Applicable for STM32MP13x lines, STM32MP15x lines


1. Overview[edit source]

This article explains how to configure an OpenSTLinux Yocto build to check the CVE (Common Vulnerabilities and Exposures) status.

2. OpenEmbedded/Yocto Project®[edit source]

OpenEmbedded/Yocto provides a class that permits to check the CVE status.
To enable a CVE status check, add the following to your configuration (conf/local.conf): 

INHERIT += "cve-check"

For more information about how to configure CVE check exclusions, see the section Vulnerability check at build time

The CVE check generates some CVE status by package in <build directory>/tmp-glibc/deploy/cve/ directory.
Example for tf-a-stm32mp: 

tf-a-stm32mp tf-a-stm32mp_cve.json

The two files contain the same information: as a text in the first one, and as a json in the second one.


Common Vulnerabilities and Exposures

The Linux Foundation® and Yocto Project® are registered trademarks of the Linux Foundation. Linux® is a registered trademark of Linux Torvalds

Retrieved from "https://wiki.st.com/stm32mpu-ecosystem-v4/index.php?title=How_to_check_the_CVE_status_in_OpenSTLinux&oldid=92095"