1# This is an example for Security hardening an OE or Poky image 2 3 4Meta-hardening 5============= 6 7This layer provides examples for hardening OE/Yocto images. 8This layer does not provide 100% security protection. This is only 9a framework from which a user can build from and can possible contribute to. 10The goal here is to capture use cases and examples the community decided shares for 11everyones benefit. 12 13Building the meta-hardening layer 14------------------------------- 15In order to add hardening support to the poky/OE build this layer should be added 16to your projects bblayers.conf file. 17 18By default the hardening components are disabled. This conforms to the 19Yocto Project compatible guideline that indicate that simply including a 20layer should not change the system behavior. 21 22In order to use the components in this layer to take affect the 'harden' keyword must 23set the DISTRO as in "DISTRO = harden". This enables the "NO ROOT access" idea or framework. 24 25If one wants the a more complete example of a hardened image, one must also build the image: 26harden-image-minimal 27 28There are default example userid and passwards: 29These can be over written in your local.conf via: 30ROOT_DEFAULT_PASSWORD ?= "1SimplePw!" 31DEFAULT_ADMIN_ACCOUNT ?= "myadmin" 32 33example: 34local.conf 35DISTRO = "harden" 36 37The default user and password are: 38User: "myadmin" 39Password: "1SimplePw!" 40 41bitbake {qemu machine} harden-image-minimal 42 43Dependencies 44============ 45 46Branch: master 47 48This layer depends on: 49 50URI: git://git.yoctoproject.org/poky 51 52or this normal combo: 53 54URI: git://git.openembedded.org/meta-openembedded/meta-oe 55 56URI: git://git.openembedded.org/bitbake 57 58plus: 59 60URI: git://git.openembedded.org/meta-openembedded 61layers: meta-oe 62 63 64Maintenance 65----------- 66 67Send pull requests, patches, comments or questions to yocto-patches@lists.yoctoproject.org 68 69When sending single patches, please using something like: 70'git send-email -1 --to yocto-patches@lists.yoctoproject.org --subject-prefix=meta-hardening][PATCH' 71 72These values can be set as defaults for this repository: 73 74$ git config sendemail.to yocto-patches@lists.yoctoproject.org 75$ git config format.subjectPrefix meta-hardening][PATCH 76 77Now you can just do 'git send-email origin/master' to send all local patches. 78 79Maintainers: Armin Kuster <akuster808@gmail.com> 80 81License 82======= 83 84All metadata is MIT licensed unless otherwise stated. Source code included 85in tree for individual recipes is under the LICENSE stated in each recipe 86(.bb file) unless otherwise stated. 87