TL;DR: KernelCI is used by CIP to test long-term support Linux kernels, and this guide explains how to register a new board, extract compatible strings, and add scheduler and platform entries so automated boot testing can run against the right device profile. The operational issue is governance of test infrastructure as much as board enablement, because misalignment between platform metadata and lab setup breaks coverage and weakens release confidence.
At a glance
What this is: This is a how-to guide for wiring a new board into KernelCI for CIP SLTS testing, with a focus on platform metadata, compatible strings, and scheduler configuration.
Why it matters: It matters to practitioners because automated kernel testing only works when device identity, board definitions, and lab execution are kept in sync across the build and test pipeline.
👉 Read Cybertrust Japan's guide to KernelCI configuration for CIP SLTS board onboarding
Context
KernelCI is a continuous test system for Linux kernels, and this guide shows how a board becomes testable inside a CIP SLTS workflow. The core problem is not kernel compilation alone, but the governance of test infrastructure: platform metadata, compatible strings, and scheduler rules all have to agree before automated validation can begin.
For identity and access practitioners, the interesting intersection is workload and system identity rather than human IAM. A board definition in this context functions like an operational identity for the test target, because the pipeline depends on exact matching between declared platform attributes and the device the lab actually exposes.
Key questions
Q: How should teams prevent configuration drift when adding new boards to KernelCI?
A: Use one authoritative platform record for names, compatible strings, device tree references, and scheduler bindings. Then compare the registered board, the lab inventory, and the source tree before the first run. Drift is most likely when these values are edited in separate places, so governance needs to focus on consistency checks, not just successful job submission.
Q: Why do metadata mismatches break automated hardware testing?
A: Automated testing depends on exact matching between the declared platform and the real device. If the scheduler sees one label and the lab exposes another, jobs can be routed incorrectly or excluded entirely. That leads to coverage gaps that look like normal operations unless teams actively reconcile configuration and inventory data.
Q: What do teams get wrong about inherited CI configuration?
A: They often treat inherited YAML fragments as harmless reuse, when they are actually shared control logic. A change in a base template can affect multiple boards, job types, and execution paths. Teams should review inheritance with the same care they apply to shared policy files, because hidden defaults can create broad operational impact.
Q: How can practitioners tell if KernelCI coverage is actually working?
A: Coverage is working when a board can be added, scheduled, and boot-tested repeatedly without manual correction. The signal is not just that a job exists, but that the correct device type receives the intended job and returns stable results across runs. If onboarding requires repeated fixes, the configuration model is not yet reliable.
Technical breakdown
How KernelCI maps a board to a testable platform
KernelCI uses platform metadata to decide whether a board can participate in a scheduled test run. The key inputs are a platform name, machine family, device tree blob, and compatible strings extracted from the kernel tree or configuration tooling. If those identifiers do not align, the scheduler cannot reliably bind a job to the correct hardware target. In practice, this is configuration governance, not just automation. The value of the pipeline depends on exact naming consistency across the platform file, the lab inventory, and the kernel source tree.
Practical implication: Keep board identifiers, compatible strings, and lab records under the same change-control process so test targets do not drift.
Why LAVA lab setup is the execution layer for KernelCI
KernelCI does not test hardware directly. It triggers jobs that run in a LAVA lab, which provides the device access, boot orchestration, and result collection layer. The article’s use of lava-docker shows that the lab environment can be simplified for setup, but simplification does not remove the need for trustworthy execution boundaries. In security terms, the lab is the controlled runtime environment, and the scheduler is the policy layer deciding what runs where. If the lab is misconfigured, the test result may reflect environment failure rather than kernel behaviour.
Practical implication: Treat the LAVA lab as a governed execution boundary and validate each device pool before relying on test results.
How scheduler rules control which jobs run on which boards
KernelCI uses scheduler configuration to bind jobs to platform groups and boot-test sequences. That means the board is not only registered as hardware, it is also assigned to a workflow with build, boot, and follow-on test stages. This is a policy decision expressed in YAML. The scheduler logic is important because a board can appear present but still be excluded from a job if rules, events, or platform labels do not match. For practitioners, the technical risk is false confidence from incomplete coverage, not just a failed test.
Practical implication: Review scheduler rules alongside platform entries whenever a board is added or retargeted, because coverage gaps can be invisible until release time.
NHI Mgmt Group analysis
Board enablement in CI is an identity problem as much as an automation problem. A KernelCI platform entry is effectively a machine identity for the test target, because the pipeline trusts exact metadata to decide where workloads execute. When compatible strings, scheduler rules, and lab inventory drift apart, the result is broken validation rather than a clean exception. Practitioners should treat test-target identity as governed configuration, not loose infrastructure data.
Pipeline confidence collapses when execution identity and declared identity diverge. The article shows that adding a board is not just a hardware task, it is a consistency task across source, scheduler, and lab. That pattern mirrors broader workload governance failures in cloud and CI systems, where systems act on stale labels or mismatched attributes. The practical conclusion is that identity accuracy in automation paths is a control requirement, not an administrative convenience.
Kernel test infrastructure benefits from Zero Trust thinking even when the subject is embedded Linux. The scheduler should not assume a board is eligible simply because it is known, and the lab should not assume a job is safe simply because it is internal. That is the same governance logic behind least privilege and task-scoped access in identity programmes. Teams should apply explicit authorization logic to test orchestration, especially where multiple boards and shared labs are involved.
Configuration inheritance becomes a control surface in multi-board CI environments. The YAML examples show how common definitions are extended into board-specific settings, which is efficient but also fragile if inherited values are not reviewed. This creates a small but real governance gap: a bad base template can propagate to many platforms at once. Practitioners should manage inherited CI configuration with the same discipline they apply to shared access policies.
Operational maturity is visible in how quickly a board moves from declared support to repeatable test coverage. The article’s workflow, from compatible extraction to scheduler registration, is a useful model for controlled onboarding of hardware into continuous validation. The field should read this as a reminder that automation only scales when metadata quality, execution environment, and policy rules are all managed together. Teams should measure coverage completeness, not just the number of supported boards.
What this signals
Machine identity governance is becoming a practical concern wherever automation decides what can run, where, and under which labels. Even in embedded Linux test pipelines, the same governance failure appears when declared identity and runtime execution drift apart. That is why the proportion of NHIs with excessive privilege matters here: 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.
Configuration integrity is now a security control, not just an engineering hygiene task. When CI systems rely on shared YAML, inherited defaults, and scheduler rules, the programme needs policy-style review, drift detection, and ownership boundaries. Teams that already struggle to see service accounts clearly should expect the same visibility problem in automation inventories, which is why governance should extend beyond human IAM into machine and pipeline identity.
For practitioners
- Standardise board metadata before scheduler onboarding Validate platform name, machine family, device tree blob, and compatible strings against a single source of truth before adding a board to KernelCI. This reduces silent mismatches between the declared target and the actual lab device.
- Separate lab execution from scheduling policy Keep LAVA lab configuration and scheduler rules under distinct review so changes in boot orchestration do not accidentally alter test eligibility or coverage boundaries.
- Treat inherited YAML as shared control logic Review base fragments, merged defaults, and board-specific overrides together because a change in one inherited template can alter multiple platforms at once.
- Verify coverage after every new board addition Run a post-onboarding check that confirms the board appears in device listings, receives the intended job type, and produces repeatable boot-test results.
Key takeaways
- KernelCI onboarding is governed by metadata accuracy, scheduler policy, and lab execution alignment, not by build steps alone.
- The security lesson is that automation breaks quietly when declared platform identity and real device identity diverge.
- Practitioners should manage board registration, inherited configuration, and test coverage as controlled assets with explicit ownership.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
NIST CSF 2.0, NIST SP 800-53 Rev 5 and CIS Controls v8 set the technical controls, while ISO/IEC 27001:2022 define the regulatory obligations.
| Framework | Control / Reference | Relevance |
|---|---|---|
| NIST CSF 2.0 | PR.AC-4 | The article is about controlling which test targets are eligible for execution. |
| NIST SP 800-53 Rev 5 | AC-6 | Least privilege applies to who or what can trigger jobs and reach shared labs. |
| CIS Controls v8 | CIS-5 , Account Management | CI and lab accounts need lifecycle control even in machine-heavy environments. |
| ISO/IEC 27001:2022 | A.8.1 | The workflow depends on managed assets and configuration records. |
Treat boards, lab hosts, and configuration fragments as controlled assets with ownership.
Key terms
- KernelCI: KernelCI is a continuous integration system for testing Linux kernels on real hardware and emulated environments. It automates build, boot, and result collection so kernel changes can be validated against specific device targets before release.
- LAVA: LAVA is a lab automation system used to deploy images, boot devices, and collect results in hardware test environments. In this workflow it acts as the execution layer that turns a scheduled job into a device-level test run.
- Compatible String: A compatible string is a device descriptor used by the Linux kernel and related tooling to identify hardware support. In KernelCI onboarding, it helps map a board definition to the correct platform entry and test target.
- Scheduler Rule: A scheduler rule is policy logic that decides when a job runs, which platform it targets, and which workflow path it follows. In continuous testing, these rules determine whether a board is eligible for a build or boot test.
What's in the full article
Cybertrust Japan's full post covers the step-by-step configuration details this analysis intentionally leaves aside:
- The exact platform YAML structure used to register a new board in KernelCI.
- The compatible-string extraction workflow for matching a device to the correct kernel source tree.
- The scheduler-cip.yaml job pattern used to trigger boot testing in a CIP SLTS context.
- The LAVA and lava-docker setup notes needed to build a test lab and connect multiple devices.
Deepen your knowledge
NHI Foundation Level course, the industry's only accredited NHI security programme, covers NHI governance, machine identity security, secrets management, and identity lifecycle fundamentals. It helps practitioners apply structured governance to the kinds of automated systems and access paths that underpin modern engineering pipelines.
Published by the NHIMG editorial team on July 11, 2026.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org