Merge 4bc8d25cec into 684b34ca8d

Define security extension configs before portable.h (#1294 )
Define configENABLE_PAC and configENABLE_BTI before including portable.h to prevent "used before definition" warnings when these macros are not set in FreeRTOSConfig.h. Fixes: https://github.com/FreeRTOS/FreeRTOS-Kernel/issues/1293 Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
2025-09-10 16:17:44 -04:00 · 2025-07-14 14:34:26 +03:00 · 2025-07-14 16:20:18 +05:30 · 2025-06-06 10:49:37 +08:00 · 2025-06-05 15:40:00 +03:00
2 changed files with 22 additions and 10 deletions
--- a/.github/workflows/auto-release.yml
+++ b/.github/workflows/auto-release.yml
@ -96,6 +96,18 @@ jobs:
          repo_path: ./local_kernel
          source_path: ./

+      # 1. Install cosign tool
+      - name: Install Cosign
+        uses: sigstore/cosign-installer@v3.8.1
+        
+      # 2. Sign the sbom.spdx file using cosign. Two files are produced: sbom.sig and sbom.crt, stored in the same directory as sbom.spdx
+      - name: Attest SBOM
+        working-directory: ./local_kernel
+        run: |
+          cosign sign-blob sbom.spdx --output-certificate='sbom.crt' --output-signature='sbom.sig' -y
+          # The following is a sanity check. After signing, we verify the image to check that everything is OK
+          cosign verify-blob --signature='sbom.sig' --certificate='sbom.crt' --certificate-identity-regexp=.* --certificate-oidc-issuer-regexp='https://github.com' ./sbom.spdx
+
      - name: commit SBOM file
        env:
          VERSION_NUMBER: ${{ github.event.inputs.version_number }}
--- a/include/FreeRTOS.h
+++ b/include/FreeRTOS.h
@ -101,6 +101,16 @@
    #define configASSERT_DEFINED    1
 #endif

+/* Set configENABLE_PAC and/or configENABLE_BTI to 1 to enable PAC and/or BTI
+ * support and 0 to disable them. These are currently used in ARMv8.1-M ports. */
+#ifndef configENABLE_PAC
+    #define configENABLE_PAC    0
+#endif
+
+#ifndef configENABLE_BTI
+    #define configENABLE_BTI    0
+#endif
+
 /* Basic FreeRTOS definitions. */
 #include "projdefs.h"

@ -3040,16 +3050,6 @@
    #define configCONTROL_INFINITE_LOOP()
 #endif

-/* Set configENABLE_PAC and/or configENABLE_BTI to 1 to enable PAC and/or BTI
- * support and 0 to disable them. These are currently used in ARMv8.1-M ports. */
-#ifndef configENABLE_PAC
-    #define configENABLE_PAC    0
-#endif
-
-#ifndef configENABLE_BTI
-    #define configENABLE_BTI    0
-#endif
-
 /* Sometimes the FreeRTOSConfig.h settings only allow a task to be created using
 * dynamically allocated RAM, in which case when any task is deleted it is known
 * that both the task's stack and TCB need to be freed.  Sometimes the
Author	SHA1	Message	Date
Lefteris Georgiadis	f06338498a	Merge `4bc8d25cec` into `684b34ca8d`	2025-07-14 14:34:26 +03:00
Gaurav-Aggarwal-AWS	684b34ca8d	Define security extension configs before portable.h (#1294 ) Define configENABLE_PAC and configENABLE_BTI before including portable.h to prevent "used before definition" warnings when these macros are not set in FreeRTOSConfig.h. Fixes: https://github.com/FreeRTOS/FreeRTOS-Kernel/issues/1293 Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>	2025-07-14 16:20:18 +05:30
ActoryOu	4bc8d25cec	Merge branch 'main' into main	2025-06-06 10:49:37 +08:00
lefosg	1f23756ed3	sign sbom	2025-06-05 15:40:00 +03:00