dev-manual, ref-manual: Additions for making an image more secure.

Fixes [YOCTO #3686]

In the dev-manual, I created a new section called
"Making Images More Secure."  The section explains in general
how to enable the security flags.

In the ref-manual, I updated the CFLAGS variable to point to the
new section.

(From yocto-docs rev: 3ed91a46eaf5c1fdf84369ea69951775d87a42da)

Signed-off-by: Scott Rifenbark <scott.m.rifenbark@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

2 files changed, 39 insertions, 0 deletions

diff --git a/documentation/dev-manual/dev-manual-common-tasks.xml b/documentation/dev-manual/dev-manual-common-tasks.xml
index 3d5a9b6cad..c6e4efd6d9 100644
--- a/documentation/dev-manual/dev-manual-common-tasks.xml
+++ b/documentation/dev-manual/dev-manual-common-tasks.xml
@@ -3534,6 +3534,38 @@
         </section>
     </section>
 
+    <section id='making-images-more-secure'>
+        <title>Making Images More Secure</title>
+
+        <para>
+            The Yocto Project has security flags that you can enable that
+            help make your build output more secure.
+            The security flags are in the
+            <filename>meta/conf/distro/include/security_flags.inc</filename>
+            file in your
+            <link linkend='source-directory'>Source Directory</link>
+            (e.g. <filename>poky</filename>).
+        </para>
+
+        <para>
+            These GCC/LD flags enable more secure code generation.
+            By including the <filename>security_flags.inc</filename>
+            file, you enable flags to the compiler and linker that cause
+            them to generate more secure code.
+            <note>
+                These flags are enabled by default in the
+                <filename>poky-lsb</filename> distribution.
+            </note>
+            Use the following line in your
+            <filename>local.conf</filename> file
+            to enable the security compiler and
+            linker flags to your build:
+            <literallayout class='monospaced'>
+     require conf/distro/include/security_flags.inc
+            </literallayout>
+        </para>
+    </section>
+
     <section id='creating-your-own-distribution'>
         <title>Creating Your Own Distribution</title>
 
diff --git a/documentation/ref-manual/ref-variables.xml b/documentation/ref-manual/ref-variables.xml
index 7539136734..22d7f13a0a 100644
--- a/documentation/ref-manual/ref-variables.xml
+++ b/documentation/ref-manual/ref-variables.xml
@@ -1118,6 +1118,13 @@
                     This variable evaluates to the same as
                     <filename><link linkend='var-TARGET_CFLAGS'>TARGET_CFLAGS</link></filename>.
                 </para>
+
+                <para>
+                    For information on flags that help with creating more
+                    secure code, see the
+                    "<ulink url='&YOCTO_DOCS_DEV_URL;#making-images-more-secure'>Making Images More Secure</ulink>"
+                    section in the Yocto Project Development Manual.
+                </para>
             </glossdef>
         </glossentry>