“Yocto Hardening” is a series of blog texts where I share general security advice for Linux systems and practical examples on how to get that advice applied to Yocto builds. The advice has usually been tested on the latest LTS release at the time of writing. The advice itself may be quite obvious (don’t do everything as root-user, have a firewall) but getting those into Yocto can sometimes be a bit tricky. The texts here are in the order they have been published. Hopefully, these writings will help you to secure your system!
Non-root users, sudo configuration & disabling root
Finding & Fixing CVEs
Firewalls, Part 1: nftables
Firewalls, Part 2: firewalld
Kernel and GCC Configuration
Measured Boot
IMA and EVM