Let’s continue measuring where we left off, move from the bootloader side to the kernel world, and try out the IMA, integrity measurement subsystem in Linux.
Continue reading...Yocto
Adding Key-Based SSH Authentication to Yocto
This text is supposed to be a quick crash course on the different keys used in SSH servers, and how to generate and use them in Yocto.
Continue reading...Yocto Hardening: Measured Boot
So far we have mostly been focusing on hardening the kernel and userspace, but this time we will zoom out a bit and take a look at securing the entire system.
Continue reading...Yocto Emulation: Setting Up QEMU with TPM
Last time we got QEMU to launch u-boot, started kernel, and mounted a virtual drive. This time we are “just” going to add a TPM device to the virtual machine.
Continue reading...Yocto Emulation: Setting Up QEMU with U-Boot
Yocto provides a script for using QEMU in the form of runqemu. However, that script just boots up the kernel using whatever method QEMU considers the best.
Continue reading...Yocto Hardening: Kernel and GCC Configuration
This time we’re going to be doing two things to improve the security: hardening the Linux kernel, and setting hardening flags for GCC.
Continue reading...Yocto Hardening: Firewalls, Part 2: firewalld
Find all of the Yocto hardening texts from here! People often ask me two things. The first question is “Why did you choose to write this...
Continue reading...Yocto Hardening: Firewalls, Part 1: nftables
Find all of the Yocto hardening texts from here! The eternal task of making the Yocto Linux build an impenetrable fortress continues. Next, we’ll look into...
Continue reading...Yocto Hardening: Finding & Fixing CVEs
Find all of the Yocto hardening texts from here! Last time when we were talking about Yocto hardening we focused on setting up extra users to...
Continue reading...How to build Yocto with Apple Silicon
If you’re like me, you have more money than brains and not too much of either really. This can lead to situations where you end up...
Continue reading...
