From 28d5925bdf60da538ecf0cb4a95df5282bb1cf18 Mon Sep 17 00:00:00 2001 From: Scott Rifenbark Date: Wed, 28 May 2014 15:23:04 +0300 Subject: dev-manual: Updated the "Making Images More Secure" section. Fixes [YOCTO #5482] I did some significant re-writing and re-organization of this section. It now includes a bit about securing an image in general, provides general considerations, considerations specific to the OpenEmbedded build system, pointers to some tools in meta-security layer, and some other items. (From yocto-docs rev: a900286992e781f451b3c180726965f5c7172bb9) Signed-off-by: Scott Rifenbark Signed-off-by: Richard Purdie --- .../dev-manual/dev-manual-common-tasks.xml | 180 ++++++++++++++++++--- 1 file changed, 157 insertions(+), 23 deletions(-) (limited to 'documentation/dev-manual/dev-manual-common-tasks.xml') diff --git a/documentation/dev-manual/dev-manual-common-tasks.xml b/documentation/dev-manual/dev-manual-common-tasks.xml index aad8fb7787..d9fb9e2f4a 100644 --- a/documentation/dev-manual/dev-manual-common-tasks.xml +++ b/documentation/dev-manual/dev-manual-common-tasks.xml @@ -3841,32 +3841,166 @@ Making Images More Secure - The Yocto Project has security flags that you can enable that - help make your build output more secure. - The security flags are in the - meta/conf/distro/include/security_flags.inc - file in your - Source Directory - (e.g. poky). + If securing your image is of concern, there are steps, tools, + and variables that you can consider to help you reach the + security goals you need for your particular device. + Not all situations are identical when it comes to making an + image secure. + Consequently, this section provides some guidance and suggestions + for consideration when you want to make your image more secure. + The section does not offer a complete solution. - - These GCC/LD flags enable more secure code generation. - By including the security_flags.inc - file, you enable flags to the compiler and linker that cause - them to generate more secure code. - - These flags are enabled by default in the - poky-lsb distribution. - - Use the following line in your - local.conf file - to enable the security compiler and - linker flags to your build: - +
+ General Considerations + + + General considerations exist that help you create more + secure images. + You should consider the following suggestions to help + make your device more secure: + + + Scan additional code you are adding to the system + (e.g. application code) by using static analysis + tools. + Look for buffer overflows and other potential + security problems. + + + Pay particular attention to to the security for + any web-based administration interface. + + Web interfaces typically need to perform + administrative functions and tend to need to run with + elevated privileges. + Thus, the consequences resulting from the interface's + security becoming compromised can be serious. + Look for common web vulnerabilities such as + cross-site-scripting (XSS), unvalidated inputs, + and so forth. + As with system passwords, the default credentials + for accessing a web-based interface should not be the + same across all devices. + This is particularly true if the interface is enabled + by default as it can be assumed that many end-users + will not change the credentials. + + + Ensure you can update the software on the device to + mitigate vulnerabilities discovered in the future. + This consideration especially applies when your + device is network-enabled. + + + Ensure you remove or disable debugging functionality + before producing the final image. + + + Ensure you have no network services listening that + are not needed. + + + Remove any software from the image that is not needed. + + + Enable hardware support for secure boot functionality + when your device supports this functionality. + + + +
+ +
+ Security Flags + + + The Yocto Project has security flags that you can enable that + help make your build output more secure. + The security flags are in the + meta/conf/distro/include/security_flags.inc + file in your + Source Directory + (e.g. poky). + + Depending on the recipe, certain security flags are enabled + and disabled by default. + + + + + The GCC/LD flags in security_flags.inc + enable more secure code generation. + By including the security_flags.inc + file, you enable flags to the compiler and linker that cause + them to generate more secure code. + + The GCC/LD flags are enabled by default in the + poky-lsb distribution. + + Use the following line in your + local.conf file + to enable the security compiler and + linker flags to your build: + require conf/distro/include/security_flags.inc - - + + +
+ +
+ Considerations Specific to the OpenEmbedded Build System + + + You can take some steps that are specific to the + OpenEmbedded build system to make your images more secure: + + + Ensure "debug-tweaks" is not listed with + IMAGE_FEATURES. + The default is to enable "debug-tweaks" by adding it + to + EXTRA_IMAGE_FEATURES + in local.conf. + However, you should comment out the variable or be + sure that it does not have "debug-tweaks" before + producing your final image. + Among other things, leaving this in place sets the + root password as blank. + + + It is possible to set a root password or to add + some additional user account for later administrative + or service access using the + extrausers + class or the + ROOTFS_POSTPROCESS_COMMAND + variable. + If you do this, be cautious about setting + the same password for every device. + If you want the device to remain secure + from unauthorized access, and the password set on + all devices becomes compromised, then every device + becomes compromised. + If you need this access but want to ensure security, + consider setting a different, random password for each + device. + + + +
+ +
+ Tools for Hardening Your Image + + + The Yocto Project provides tools for making your image + more secure. + You can find these tools in the + meta-security layer of the + Yocto Project Source Repositories. + +
-- cgit v1.2.3-54-g00ecf