MIRRORS/poky
1
0
Fork 0
mirror of git://git.yoctoproject.org/poky.git synced 2025-07-19 21:09:03 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
3bef3d2ee1
poky/documentation/dev-manual/securing-images.rst
Antonin Godard abef9b08dc Remove debug-tweaks references 
We no longer provide this feature, so remove documentation for it. In
most cases, we can replace occurrences of "debug-tweaks" by
"allow-empty-password empty-root-password allow-root-login
post-install-logging" to achieve what this feature previously enabled.

Subtle, but the default local.conf does not include
post-install-logging, so in parts where there is mention of the default
local.conf file, adjust the documentation to only mention the first
three above.

In the intro manual, instead of providing instructions that replace
EXTRA_IMAGE_FEATURES entirely, provide ones that append
EXTRA_IMAGE_FEATURES.

(From yocto-docs rev: f0efd4c7df91863304b92514664bdd1fa62b1fbb)

Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2024-12-28 10:57:47 +00:00

157 lines
6.4 KiB
ReStructuredText
Raw Blame History

.. SPDX-License-Identifier: CC-BY-SA-2.0-UK
Making Images More Secure
*************************
Security is of increasing concern for embedded devices. Consider the
issues and problems discussed in just this sampling of work found across
the Internet:
- *"*\ `Security Risks of Embedded
Systems <https://www.schneier.com/blog/archives/2014/01/security_risks_9.html>`__\ *"*
by Bruce Schneier
- *"*\ `Internet Census
2012 <http://census2012.sourceforge.net/paper.html>`__\ *"* by Carna
Botnet
- *"*\ `Security Issues for Embedded
Devices <https://elinux.org/images/6/6f/Security-issues.pdf>`__\ *"*
by Jake Edge
When securing your image is of concern, there are steps, tools, and
variables that you can consider to help you reach the security goals you
need for your particular device. Not all situations are identical when
it comes to making an image secure. Consequently, this section provides
some guidance and suggestions for consideration when you want to make
your image more secure.
.. note::
Because the security requirements and risks are different for every
type of device, this section cannot provide a complete reference on
securing your custom OS. It is strongly recommended that you also
consult other sources of information on embedded Linux system
hardening and on security.
General Considerations
======================
There are general considerations that help you create more secure images.
You should consider the following suggestions to make your device
more secure:
- Scan additional code you are adding to the system (e.g. application
code) by using static analysis tools. Look for buffer overflows and
other potential security problems.
- Pay particular attention to the security for any web-based
administration interface.
Web interfaces typically need to perform administrative functions and
tend to need to run with elevated privileges. Thus, the consequences
resulting from the interface's security becoming compromised can be
serious. Look for common web vulnerabilities such as
cross-site-scripting (XSS), unvalidated inputs, and so forth.
As with system passwords, the default credentials for accessing a
web-based interface should not be the same across all devices. This
is particularly true if the interface is enabled by default as it can
be assumed that many end-users will not change the credentials.
- Ensure you can update the software on the device to mitigate
vulnerabilities discovered in the future. This consideration
especially applies when your device is network-enabled.
- Regularly scan and apply fixes for CVE security issues affecting
all software components in the product, see ":ref:`dev-manual/vulnerabilities:checking for vulnerabilities`".
- Regularly update your version of Poky and OE-Core from their upstream
developers, e.g. to apply updates and security fixes from stable
and :term:`LTS` branches.
- Ensure you remove or disable debugging functionality before producing
the final image. For information on how to do this, see the
":ref:`dev-manual/securing-images:considerations specific to the openembedded build system`"
section.
- Ensure you have no network services listening that are not needed.
- Remove any software from the image that is not needed.
- Enable hardware support for secure boot functionality when your
device supports this functionality.
Security Flags
==============
The Yocto Project has security flags that you can enable that help make
your build output more secure. The security flags are in the
``meta/conf/distro/include/security_flags.inc`` file in your
:term:`Source Directory` (e.g. ``poky``).
.. note::
Depending on the recipe, certain security flags are enabled and
disabled by default.
Use the following line in your ``local.conf`` file or in your custom
distribution configuration file to enable the security compiler and
linker flags for your build::
require conf/distro/include/security_flags.inc
Considerations Specific to the OpenEmbedded Build System
========================================================
You can take some steps that are specific to the OpenEmbedded build
system to make your images more secure:
- Ensure that "allow-empty-password", "allow-root-login", or
"empty-root-password" are not one of your selected :term:`IMAGE_FEATURES`.
When creating a new project, the default is to provide you with an
initial ``local.conf`` file that enables these features using the
:term:`EXTRA_IMAGE_FEATURES`
variable with the line::
EXTRA_IMAGE_FEATURES = "allow-empty-password empty-root-password allow-root-login"
To disable these features, simply comment out that line in your
``local.conf`` file, or make sure :term:`IMAGE_FEATURES` does not contain
any of these features before producing your final image. Among other things,
leaving this in place sets the root password as blank, which makes
logging in for debugging or inspection easy during development but
also means anyone can easily log in during production.
- It is possible to set a root password for the image and also to set
passwords for any extra users you might add (e.g. administrative or
service type users). When you set up passwords for multiple images or
users, you should not duplicate passwords.
To set up passwords, use the :ref:`ref-classes-extrausers` class, which
is the preferred method. For an example on how to set up both root and
user passwords, see the ":ref:`ref-classes-extrausers`" section.
.. note::
When adding extra user accounts or setting a root password, be
cautious about setting the same password on every device. If you
do this, and the password you have set is exposed, then every
device is now potentially compromised. If you need this access but
want to ensure security, consider setting a different, random
password for each device. Typically, you do this as a separate
step after you deploy the image onto the device.
- Consider enabling a Mandatory Access Control (MAC) framework such as
SMACK or SELinux and tuning it appropriately for your device's usage.
You can find more information in the
:yocto_git:`meta-selinux </meta-selinux/>` layer.
Tools for Hardening Your Image
==============================
The Yocto Project provides tools for making your image more secure. You
can find these tools in the ``meta-security`` layer of the
:yocto_git:`Yocto Project Source Repositories <>`.
Reference in New Issue View Git Blame Copy Permalink