Half a year ago, I started a little hobby project of building a hardened Yocto distro, Sulka. I thought that I’d share what’s happened over the past months.
Continue reading...security
Protecting U-Boot Command Line
This text should help you harden U-Boot by fixing the lowest-hanging fruit: unfettered access to the bootloader control interface.
Continue reading...Module Signing Keys (Without Building Kernel)
In this blog post we will talk about module signing keys in a situation where the entity developing and signing kernel modules cannot build in their keys.
Continue reading...Yocto Hardening: Kernel Module Signing
This time we have a relatively simple and effective hardening measure that may prevent big headaches: kernel module signing.
Continue reading...Thinking Outside the (Linux) Box: Security Considerations From Human Actors
This text is a short summary of my presentation at the embedded Linux conference, and talks about humans and cybersecurity.
Continue reading...Yocto Hardening: Multi-Factor Authentication
In this blog post, I’ll show how to integrate Google Authenticator into a Yocto system to enhance the security of remote login flows.
Continue reading...Introducing Sulka, the Hardened Yocto Distro
For years I have been telling myself that it’s a bit too much for a single person to try and manage a distro, but now I think it’s time to give it a go.
Continue reading...Encrypting In Yocto With fscryptctl
In this blog text I’ll briefly cover how to use fscryptctl to encrypt and decrypt directories in an embedded Linux system.
Continue reading...Yocto Hardening: File System Encryption with fscrypt
Let’s continue encryption with the second part and move on to file system encryption.
Continue reading...Yocto Hardening: Block Device Encryption with dm-crypt
Data safety is crucial in the embedded systems. The devices can store information that should be kept secret. Encryption can be used to achieve exactly that.
Continue reading...
