In this part of the Yocto hardening we talk about how to verify the integrity of a file system with dm-verity in embedded systems.
Continue reading...Yocto Hardening: Read-Only Rootfs
Let’s continue the always-so-fun task of hardening the Yocto systems. This time, we will consider the file system integrity.
Continue reading...Sandboxing Systemd Services
Systemd has security features that tend to go underutilised. Especially, the service files have sandboxing features that can be used to isolate the service.
Continue reading...Building Sulka: Six Months of Embedded Linux Development
Half a year ago, I started a little hobby project of building a hardened Yocto distro, Sulka. I thought that I’d share what’s happened over the past months.
Continue reading...“Fun” with SELinux
A few weeks ago, I had some (mis)adventures with SELinux, and after spending almost a whole week debugging weird issues, I felt like I needed to vent a bit.
Continue reading...Protecting U-Boot Command Line
This text should help you harden U-Boot by fixing the lowest-hanging fruit: unfettered access to the bootloader control interface.
Continue reading...Module Signing Keys (Without Building Kernel)
In this blog post we will talk about module signing keys in a situation where the entity developing and signing kernel modules cannot build in their keys.
Continue reading...Yocto Hardening: Kernel Module Signing
This time we have a relatively simple and effective hardening measure that may prevent big headaches: kernel module signing.
Continue reading...Thinking Outside the (Linux) Box: Security Considerations From Human Actors
This text is a short summary of my presentation at the embedded Linux conference, and talks about humans and cybersecurity.
Continue reading...Yocto Hardening: Multi-Factor Authentication
In this blog post, I’ll show how to integrate Google Authenticator into a Yocto system to enhance the security of remote login flows.
Continue reading...
