In this part of the Yocto hardening we talk about how to verify the integrity of a file system with dm-verity in embedded systems.
Continue reading...hardening
Yocto Hardening: Read-Only Rootfs
Let’s continue the always-so-fun task of hardening the Yocto systems. This time, we will consider the file system integrity.
Continue reading...Sandboxing Systemd Services
Systemd has security features that tend to go underutilised. Especially, the service files have sandboxing features that can be used to isolate the service.
Continue reading...Protecting U-Boot Command Line
This text should help you harden U-Boot by fixing the lowest-hanging fruit: unfettered access to the bootloader control interface.
Continue reading...Yocto Hardening: Kernel Module Signing
This time we have a relatively simple and effective hardening measure that may prevent big headaches: kernel module signing.
Continue reading...Yocto Hardening: Multi-Factor Authentication
In this blog post, I’ll show how to integrate Google Authenticator into a Yocto system to enhance the security of remote login flows.
Continue reading...Introducing Sulka, the Hardened Yocto Distro
For years I have been telling myself that it’s a bit too much for a single person to try and manage a distro, but now I think it’s time to give it a go.
Continue reading...Yocto Hardening: File System Encryption with fscrypt
Let’s continue encryption with the second part and move on to file system encryption.
Continue reading...Yocto Hardening: Block Device Encryption with dm-crypt
Data safety is crucial in the embedded systems. The devices can store information that should be kept secret. Encryption can be used to achieve exactly that.
Continue reading...Yocto Hardening: IMA and EVM
Let’s continue measuring where we left off, move from the bootloader side to the kernel world, and try out the IMA, integrity measurement subsystem in Linux.
Continue reading...
