In this blog post we will talk about module signing keys in a situation where the entity developing and signing kernel modules cannot build in their keys.
Continue reading...security
Yocto Hardening: Kernel Module Signing
This time we have a relatively simple and effective hardening measure that may prevent big headaches: kernel module signing.
Continue reading...Thinking Outside the (Linux) Box: Security Considerations From Human Actors
This text is a short summary of my presentation at the embedded Linux conference, and talks about humans and cybersecurity.
Continue reading...Yocto Hardening: Multi-Factor Authentication
In this blog post, I’ll show how to integrate Google Authenticator into a Yocto system to enhance the security of remote login flows.
Continue reading...Introducing Sulka, the Hardened Yocto Distro
For years I have been telling myself that it’s a bit too much for a single person to try and manage a distro, but now I think it’s time to give it a go.
Continue reading...Encrypting In Yocto With fscryptctl
In this blog text I’ll briefly cover how to use fscryptctl to encrypt and decrypt directories in an embedded Linux system.
Continue reading...Yocto Hardening: File System Encryption with fscrypt
Let’s continue encryption with the second part and move on to file system encryption.
Continue reading...Yocto Hardening: Block Device Encryption with dm-crypt
Data safety is crucial in the embedded systems. The devices can store information that should be kept secret. Encryption can be used to achieve exactly that.
Continue reading...Yocto Hardening: IMA and EVM
Let’s continue measuring where we left off, move from the bootloader side to the kernel world, and try out the IMA, integrity measurement subsystem in Linux.
Continue reading...Yocto Hardening: Measured Boot
So far we have mostly been focusing on hardening the kernel and userspace, but this time we will zoom out a bit and take a look at securing the entire system.
Continue reading...
