dev-manual, ref-manual: Additions for making an image more secure.
Fixes [YOCTO #3686] In the dev-manual, I created a new section called "Making Images More Secure." The section explains in general how to enable the security flags. In the ref-manual, I updated the CFLAGS variable to point to the new section. (From yocto-docs rev: 3ed91a46eaf5c1fdf84369ea69951775d87a42da) Signed-off-by: Scott Rifenbark <scott.m.rifenbark@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
parent
ef7f9aba96
commit
6ff92a6966
|
@ -3534,6 +3534,38 @@
|
||||||
</section>
|
</section>
|
||||||
</section>
|
</section>
|
||||||
|
|
||||||
|
<section id='making-images-more-secure'>
|
||||||
|
<title>Making Images More Secure</title>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
The Yocto Project has security flags that you can enable that
|
||||||
|
help make your build output more secure.
|
||||||
|
The security flags are in the
|
||||||
|
<filename>meta/conf/distro/include/security_flags.inc</filename>
|
||||||
|
file in your
|
||||||
|
<link linkend='source-directory'>Source Directory</link>
|
||||||
|
(e.g. <filename>poky</filename>).
|
||||||
|
</para>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
These GCC/LD flags enable more secure code generation.
|
||||||
|
By including the <filename>security_flags.inc</filename>
|
||||||
|
file, you enable flags to the compiler and linker that cause
|
||||||
|
them to generate more secure code.
|
||||||
|
<note>
|
||||||
|
These flags are enabled by default in the
|
||||||
|
<filename>poky-lsb</filename> distribution.
|
||||||
|
</note>
|
||||||
|
Use the following line in your
|
||||||
|
<filename>local.conf</filename> file
|
||||||
|
to enable the security compiler and
|
||||||
|
linker flags to your build:
|
||||||
|
<literallayout class='monospaced'>
|
||||||
|
require conf/distro/include/security_flags.inc
|
||||||
|
</literallayout>
|
||||||
|
</para>
|
||||||
|
</section>
|
||||||
|
|
||||||
<section id='creating-your-own-distribution'>
|
<section id='creating-your-own-distribution'>
|
||||||
<title>Creating Your Own Distribution</title>
|
<title>Creating Your Own Distribution</title>
|
||||||
|
|
||||||
|
|
|
@ -1118,6 +1118,13 @@
|
||||||
This variable evaluates to the same as
|
This variable evaluates to the same as
|
||||||
<filename><link linkend='var-TARGET_CFLAGS'>TARGET_CFLAGS</link></filename>.
|
<filename><link linkend='var-TARGET_CFLAGS'>TARGET_CFLAGS</link></filename>.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
For information on flags that help with creating more
|
||||||
|
secure code, see the
|
||||||
|
"<ulink url='&YOCTO_DOCS_DEV_URL;#making-images-more-secure'>Making Images More Secure</ulink>"
|
||||||
|
section in the Yocto Project Development Manual.
|
||||||
|
</para>
|
||||||
</glossdef>
|
</glossdef>
|
||||||
</glossentry>
|
</glossentry>
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue