Yocto Project Security Manual

Table of Contents

• 1 Introduction
• 2 Making Images More Secure
  • 2.1 General Considerations
  • 2.2 Security Flags
  • 2.3 Considerations Specific to the OpenEmbedded Build System
  • 2.4 Tools for Hardening Your Image
• 3 Checking for Vulnerabilities
  • 3.1 Vulnerabilities in Poky and OE-Core
  • 3.2 Vulnerability check at build time
  • 3.3 Fixing CVE product name and version mappings
  • 3.4 Fixing vulnerabilities in recipes
  • 3.5 Implementation details
  • 3.6 Linux kernel vulnerabilities
    • 3.6.1 generate-cve-exclusions.py
    • 3.6.2 improve_kernel_cve_report.py
• 4 Creating a Read-Only Root Filesystem
  • 4.1 Creating the Root Filesystem
  • 4.2 Post-Installation Scripts and Read-Only Root Filesystem
  • 4.3 Areas With Write Access

---

The Yocto Project ®

<docs@lists.yoctoproject.org>

Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-Share Alike 2.0 UK: England & Wales as published by Creative Commons.

To report any inaccuracies or problems with this (or any other Yocto Project) manual, or to send additions or changes, please send email/patches to the Yocto Project documentation mailing list at docs@lists.yoctoproject.org or log into the Libera Chat #yocto channel.