blob: 191253c66a5394b1df2f0346ea0502dec3e87719 [file] [log] [blame]
Andrew Geisslercc589282020-09-18 13:34:40 -05001# This is an example for Security hardening an OE or Poky image
2
3
4Meta-hardening
5=============
6
7This layer provides examples for hardening OE/Yocto images.
8This layer does not provide 100% security protection. This is only
9a framework from which a user can build from and can possible contribute to.
10The goal here is to capture use cases and examples the community decided shares for
11everyones benefit.
12
13Building the meta-hardening layer
14-------------------------------
15In order to add hardening support to the poky/OE build this layer should be added
16to your projects bblayers.conf file.
17
18By default the hardening components are disabled. This conforms to the
19Yocto Project compatible guideline that indicate that simply including a
20layer should not change the system behavior.
21
22In order to use the components in this layer to take affect the 'harden' keyword must
23set the DISTRO as in "DISTRO = harden". This enables the "NO ROOT access" idea or framework.
24
25If one wants the a more complete example of a hardened image, one must also build the image:
26harden-image-minimal
27
28There are default example userid and passwards:
29These can be over written in your local.conf via:
30ROOT_DEFAULT_PASSWORD ?= "1SimplePw!"
31DEFAULT_ADMIN_ACCOUNT ?= "myadmin"
32
33example:
34local.conf
35DISTRO = "harden"
36
37The default user and password are:
38User: "myadmin"
39Password: "1SimplePw!"
40
41bitbake {qemu machine} harden-image-minimal
42
43Dependencies
44============
45
46Branch: master
47
48This layer depends on:
49
50URI: git://git.yoctoproject.org/poky
51
52or this normal combo:
53
54URI: git://git.openembedded.org/meta-openembedded/meta-oe
55
56URI: git://git.openembedded.org/bitbake
57
58plus:
59
60URI: git://git.openembedded.org/meta-openembedded
61layers: meta-oe
62
63
64Maintenance
65-----------
66
Andrew Geisslerd159c7f2021-09-02 21:05:58 -050067Send pull requests, patches, comments or questions to yocto@lists.yoctoproject.org
Andrew Geisslercc589282020-09-18 13:34:40 -050068
69When sending single patches, please using something like:
Andrew Geisslerd159c7f2021-09-02 21:05:58 -050070'git send-email -1 --to yocto@lists.yoctoproject.org --subject-prefix=meta-hardening][PATCH'
Andrew Geisslercc589282020-09-18 13:34:40 -050071
72These values can be set as defaults for this repository:
73
Andrew Geisslerd159c7f2021-09-02 21:05:58 -050074$ git config sendemail.to yocto@lists.yoctoproject.org
Andrew Geisslercc589282020-09-18 13:34:40 -050075$ git config format.subjectPrefix meta-hardening][PATCH
76
77Now you can just do 'git send-email origin/master' to send all local patches.
78
79Maintainers: Armin Kuster <akuster808@gmail.com>
80
81License
82=======
83
84All metadata is MIT licensed unless otherwise stated. Source code included
85in tree for individual recipes is under the LICENSE stated in each recipe
86(.bb file) unless otherwise stated.