meta-security-rockwell

This layer does not exist for branch master.

meta-security-rockwell is an OE layer that assists developers in hardening their Yocto-built systems, focusing on the Daisy release. Eventually, meta-security-rockwell should fail the build on security issues, requiring an explicit exemption (similar to accepting licenses). At present, security issues found in a build will be (at least) noisy. We have some work to do before we get this layer to where we want it and help is welcomed. Currently, this layer brings together components from the following open source projects meta-security-isafw -- we enable the security build flags audit (CFA) and make patches to make the isafw layer work in daisy grsec (a small piece thereof) -- we extract the MPROTECT kernel patch and add a bbclass to grant wx exceptions to applications via bitbake variables the security_flags.inc file of yocto/poky -- we 'automatically' enable these within this layer This layer also adds the following: a kernel config checker which we have built around a set of hardening recommendations for Linux

Setup information

Git repository

https://github.com/IrdetoServices/meta-security-rockwell.git web repo

Note: The content of this layer on branch master has not yet been indexed. Indexing should take place within a few hours.