Half a year ago, I started a little hobby project of building a hardened Yocto distro, Sulka. I thought that I’d share what’s happened over the past months.
Continue reading...ejaaskel
“Fun” with SELinux
A few weeks ago, I had some (mis)adventures with SELinux, and after spending almost a whole week debugging weird issues, I felt like I needed to vent a bit.
Continue reading...Protecting U-Boot Command Line
This text should help you harden U-Boot by fixing the lowest-hanging fruit: unfettered access to the bootloader control interface.
Continue reading...Module Signing Keys (Without Building Kernel)
In this blog post we will talk about module signing keys in a situation where the entity developing and signing kernel modules cannot build in their keys.
Continue reading...Yocto Hardening: Kernel Module Signing
This time we have a relatively simple and effective hardening measure that may prevent big headaches: kernel module signing.
Continue reading...Thinking Outside the (Linux) Box: Security Considerations From Human Actors
This text is a short summary of my presentation at the embedded Linux conference, and talks about humans and cybersecurity.
Continue reading...Yocto Hardening: Multi-Factor Authentication
In this blog post, I’ll show how to integrate Google Authenticator into a Yocto system to enhance the security of remote login flows.
Continue reading...Introducing Sulka, the Hardened Yocto Distro
For years I have been telling myself that it’s a bit too much for a single person to try and manage a distro, but now I think it’s time to give it a go.
Continue reading...Adding SPI & AXI to NEORV32 Design
In the previous part we created an FPGA design that runs NEORV32 and is capable of booting Zephyr. Let’s improve it by adding an SPI block and external memory.
Continue reading...Running Zephyr RTOS on NEORV32 Soft Processor
The last time I was playing with an FPGA I connected Basys 3 and Raspberry Pi. It’s time to increase the difficulty a bit and create our SoC using FPGA.
Continue reading...
