summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--documentation/dev-manual/dev-manual-common-tasks.xml120
1 files changed, 92 insertions, 28 deletions
diff --git a/documentation/dev-manual/dev-manual-common-tasks.xml b/documentation/dev-manual/dev-manual-common-tasks.xml
index 89437f7764..dffba96e7d 100644
--- a/documentation/dev-manual/dev-manual-common-tasks.xml
+++ b/documentation/dev-manual/dev-manual-common-tasks.xml
@@ -3841,14 +3841,46 @@
3841 <title>Making Images More Secure</title> 3841 <title>Making Images More Secure</title>
3842 3842
3843 <para> 3843 <para>
3844 If securing your image is of concern, there are steps, tools, 3844 Security for a device is always a concern.
3845 Consider the issues and problems discussed in just this
3846 sampling of work found across the Internet:
3847 <itemizedlist>
3848 <listitem><para><emphasis>
3849 "<ulink url='https://www.schneier.com/blog/archives/2014/01/security_risks_9.html'>Security Risks of Embedded Systems</ulink>"</emphasis>
3850 by Bruce Schneier
3851 </para></listitem>
3852 <listitem><para><emphasis>
3853 "<ulink url='http://internetcensus2012.bitbucket.org/paper.html'>Internet Census 2012</ulink>"</emphasis>
3854 by Carna Botnet</para></listitem>
3855 <listitem><para><emphasis>
3856 "<ulink url='http://elinux.org/images/6/6f/Security-issues.pdf'>Security Issues for Embedded Devices</ulink>"</emphasis>
3857 by Jake Edge
3858 </para></listitem>
3859 <listitem><para><emphasis>
3860 "<ulink url='https://www.nccgroup.com/media/18475/exploiting_security_gateways_via_their_web_interfaces.pdf'>They ought to know better: Exploiting Security
3861Gateways via their Web Interfaces</ulink>"</emphasis>
3862 by Ben Williams
3863 </para></listitem>
3864 </itemizedlist>
3865 </para>
3866
3867 <para>
3868 When securing your image is of concern, there are steps, tools,
3845 and variables that you can consider to help you reach the 3869 and variables that you can consider to help you reach the
3846 security goals you need for your particular device. 3870 security goals you need for your particular device.
3847 Not all situations are identical when it comes to making an 3871 Not all situations are identical when it comes to making an
3848 image secure. 3872 image secure.
3849 Consequently, this section provides some guidance and suggestions 3873 Consequently, this section provides some guidance and suggestions
3850 for consideration when you want to make your image more secure. 3874 for consideration when you want to make your image more secure.
3851 The section does not offer a complete solution. 3875 </para>
3876
3877 <para>
3878 Because the security requirements and risks are
3879 different for every type of device, this section cannot
3880 provide a complete reference on securing your custom OS.
3881 It is strongly recommended that you also consult other sources
3882 of information on embedded Linux system hardening and on
3883 security.
3852 </para> 3884 </para>
3853 3885
3854 <section id='general-considerations'> 3886 <section id='general-considerations'>
@@ -3895,7 +3927,10 @@
3895 <listitem><para> 3927 <listitem><para>
3896 Ensure you remove or disable debugging functionality 3928 Ensure you remove or disable debugging functionality
3897 before producing the final image. 3929 before producing the final image.
3898 </para></listitem> 3930 For information on how to do this, see the
3931 "<link linkend='considerations-specific-to-the-openembedded-build-system'>Considerations Specific to the OpenEmbedded Build System</link>
3932 section.
3933 </para></listitem>
3899 <listitem><para> 3934 <listitem><para>
3900 Ensure you have no network services listening that 3935 Ensure you have no network services listening that
3901 are not needed. 3936 are not needed.
@@ -3929,6 +3964,7 @@
3929 </para> 3964 </para>
3930 3965
3931 <para> 3966 <para>
3967<!--
3932 The GCC/LD flags in <filename>security_flags.inc</filename> 3968 The GCC/LD flags in <filename>security_flags.inc</filename>
3933 enable more secure code generation. 3969 enable more secure code generation.
3934 By including the <filename>security_flags.inc</filename> 3970 By including the <filename>security_flags.inc</filename>
@@ -3938,10 +3974,11 @@
3938 The GCC/LD flags are enabled by default in the 3974 The GCC/LD flags are enabled by default in the
3939 <filename>poky-lsb</filename> distribution. 3975 <filename>poky-lsb</filename> distribution.
3940 </note> 3976 </note>
3977-->
3941 Use the following line in your 3978 Use the following line in your
3942 <filename>local.conf</filename> file 3979 <filename>local.conf</filename> file or in your custom
3943 to enable the security compiler and 3980 distribution configuration file to enable the security
3944 linker flags to your build: 3981 compiler and linker flags to your build:
3945 <literallayout class='monospaced'> 3982 <literallayout class='monospaced'>
3946 require conf/distro/include/security_flags.inc 3983 require conf/distro/include/security_flags.inc
3947 </literallayout> 3984 </literallayout>
@@ -3966,38 +4003,65 @@
3966 sure that it does not have "debug-tweaks" before 4003 sure that it does not have "debug-tweaks" before
3967 producing your final image. 4004 producing your final image.
3968 Among other things, leaving this in place sets the 4005 Among other things, leaving this in place sets the
3969 root password as blank. 4006 root password as blank, which makes logging in for
4007 debugging or inspection easy during
4008 development but also means anyone can easily log in
4009 during production.
3970 </para></listitem> 4010 </para></listitem>
3971 <listitem><para> 4011 <listitem><para>
3972 It is possible to set a root password for the image. 4012 It is possible to set a root password for the image.
3973 For information on how to do that, see the 4013 When you set up root passwords for multiple images,
3974 <ulink url='https://wiki.yoctoproject.org/wiki/FAQ:How_do_I_set_or_change_the_root_password'>How do I set or change the root password</ulink> 4014 you should not duplicate them.
3975 Wiki page. 4015 See the note on passwords at the end of this list.
4016 </para>
4017 <para>
4018 To set up a root password,
4019 use the <filename>extrausers</filename>
4020 class, which is the preferred method.
4021 For an example on how to set up the root password,
4022 see the
4023 "<ulink url='&YOCTO_DOCS_REF_URL;#ref-classes-extrausers'><filename>extrausers.bbclass</filename></ulink>"
4024 section.
4025 <note>
4026 You can also see the the example in the
4027 <ulink url='https://wiki.yoctoproject.org/wiki/FAQ:How_do_I_set_or_change_the_root_password'>How do I set or change the root password Wiki</ulink>
4028 page as an alternative method.
4029 </note>
3976 </para></listitem> 4030 </para></listitem>
3977 <listitem><para> 4031 <listitem><para>
3978 It is possible to add an additional user account 4032 It is possible to add an additional user account
3979 for later administrative or service access using the 4033 for later administrative or service access.
3980 <ulink url='&YOCTO_DOCS_REF_URL;#ref-classes-extrausers'><filename>extrausers</filename></ulink> 4034 As with root passwords, be sure to not duplicate
3981 class or the 4035 passwords for generic users (e.g. tester, qa, and
3982 <ulink url='&YOCTO_DOCS_REF_URL;#var-ROOTFS_POSTPROCESS_COMMAND'><filename>ROOTFS_POSTPROCESS_COMMAND</filename></ulink> 4036 so forth) across multiple devices.
3983 variable. 4037 See the note on passwords following this list.
3984 For an example on how to add users, see the
3985 "<ulink url='&YOCTO_DOCS_REF_URL;#ref-classes-extrausers'><filename>extrausers.bbclass</filename></ulink>"
3986 section.
3987 </para> 4038 </para>
3988 <para>If you do add extra user accounts, 4039 <para>
3989 be cautious about setting 4040 As with the root password, you also use the
3990 the same password for every device. 4041 <ulink url='&YOCTO_DOCS_REF_URL;#ref-classes-extrausers'><filename>extrausers</filename></ulink>
3991 If you want the device to remain secure 4042 class.
3992 from unauthorized access, and the password set on 4043 </para></listitem>
3993 all devices becomes compromised, then every device 4044 <listitem><para>
3994 becomes compromised. 4045 Consider enabling a Mandatory Access Control (MAC)
3995 If you need this access but want to ensure security, 4046 framework (such as SMACK or SELinux) and tuning it
3996 consider setting a different, random password for each 4047 appropriately for your device's usage.
3997 device.
3998 </para></listitem> 4048 </para></listitem>
3999 </itemizedlist> 4049 </itemizedlist>
4000 </para> 4050 </para>
4051
4052 <para>
4053 <note><title>A Note about Passwords</title>
4054 When adding extra user accounts or deciding on root
4055 passwords for multiple devices, be cautious about setting
4056 the same passwords for multiple users or devices.
4057 If you want the device to remain secure from unauthorized
4058 access, and the password set on all devices becomes
4059 compromised, then every device becomes compromised.
4060 If you need this access but want to ensure security,
4061 consider setting a different, random passwords for each
4062 user or device.
4063 </note>
4064 </para>
4001 </section> 4065 </section>
4002 4066
4003 <section id='tools-for-hardening-your-image'> 4067 <section id='tools-for-hardening-your-image'>