diff --git a/meta-ohos-core/recipes-core/busybox/busybox_%.bbappend b/meta-ohos-core/recipes-core/busybox/busybox_%.bbappend
index c3b3e351e07e9fdb6e690388e96a43f157c2c9a6..b6ff047cb855a8516c688077ae85d2138bd5fb5f 100644
--- a/meta-ohos-core/recipes-core/busybox/busybox_%.bbappend
+++ b/meta-ohos-core/recipes-core/busybox/busybox_%.bbappend
@@ -5,3 +5,14 @@
 FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
 SRC_URI += "file://busybox-1.31.1-Wformat-security.patch \
 	file://allscenarios.cfg"
+
+# busybox implements some of its own string handling that triggers
+# warnings with -Wformat-nonliteral.
+# This has been verified to be harmless in 1.31.1.
+#
+# Removing -Werror=format-nonliteral here allows us to use
+# -Werror=format-nonliteral globally in OPTIMIZE_FOR=security mode
+# while keeping busybox building.
+
+TARGET_CFLAGS_remove = "-Wformat-nonliteral -Werror=format-nonliteral"
+