From 6ff92a69662a23794732113be7f761b8d5fb9a65 Mon Sep 17 00:00:00 2001 From: Scott Rifenbark Date: Wed, 2 Apr 2014 12:41:02 -0600 Subject: dev-manual, ref-manual: Additions for making an image more secure. Fixes [YOCTO #3686] In the dev-manual, I created a new section called "Making Images More Secure." The section explains in general how to enable the security flags. In the ref-manual, I updated the CFLAGS variable to point to the new section. (From yocto-docs rev: 3ed91a46eaf5c1fdf84369ea69951775d87a42da) Signed-off-by: Scott Rifenbark Signed-off-by: Richard Purdie --- .../dev-manual/dev-manual-common-tasks.xml | 32 ++++++++++++++++++++++ 1 file changed, 32 insertions(+) (limited to 'documentation/dev-manual') diff --git a/documentation/dev-manual/dev-manual-common-tasks.xml b/documentation/dev-manual/dev-manual-common-tasks.xml index 3d5a9b6cad..c6e4efd6d9 100644 --- a/documentation/dev-manual/dev-manual-common-tasks.xml +++ b/documentation/dev-manual/dev-manual-common-tasks.xml @@ -3534,6 +3534,38 @@ +
+ Making Images More Secure + + + The Yocto Project has security flags that you can enable that + help make your build output more secure. + The security flags are in the + meta/conf/distro/include/security_flags.inc + file in your + Source Directory + (e.g. poky). + + + + These GCC/LD flags enable more secure code generation. + By including the security_flags.inc + file, you enable flags to the compiler and linker that cause + them to generate more secure code. + + These flags are enabled by default in the + poky-lsb distribution. + + Use the following line in your + local.conf file + to enable the security compiler and + linker flags to your build: + + require conf/distro/include/security_flags.inc + + +
+
Creating Your Own Distribution -- cgit v1.2.3-54-g00ecf