diff options
| author | Scott Rifenbark <scott.m.rifenbark@intel.com> | 2014-04-02 12:41:02 -0600 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2014-04-04 15:20:17 +0100 |
| commit | 6ff92a69662a23794732113be7f761b8d5fb9a65 (patch) | |
| tree | c9578b1da24d424b412f934fc4998b8e6edf0de9 /documentation/dev-manual | |
| parent | ef7f9aba96c508dc5e4deca0f26db784c66298e3 (diff) | |
| download | ast2050-yocto-poky-6ff92a69662a23794732113be7f761b8d5fb9a65.zip ast2050-yocto-poky-6ff92a69662a23794732113be7f761b8d5fb9a65.tar.gz | |
dev-manual, ref-manual: Additions for making an image more secure.
Fixes [YOCTO #3686]
In the dev-manual, I created a new section called
"Making Images More Secure." The section explains in general
how to enable the security flags.
In the ref-manual, I updated the CFLAGS variable to point to the
new section.
(From yocto-docs rev: 3ed91a46eaf5c1fdf84369ea69951775d87a42da)
Signed-off-by: Scott Rifenbark <scott.m.rifenbark@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'documentation/dev-manual')
| -rw-r--r-- | documentation/dev-manual/dev-manual-common-tasks.xml | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/documentation/dev-manual/dev-manual-common-tasks.xml b/documentation/dev-manual/dev-manual-common-tasks.xml index 3d5a9b6..c6e4efd 100644 --- a/documentation/dev-manual/dev-manual-common-tasks.xml +++ b/documentation/dev-manual/dev-manual-common-tasks.xml @@ -3534,6 +3534,38 @@ </section> </section> + <section id='making-images-more-secure'> + <title>Making Images More Secure</title> + + <para> + The Yocto Project has security flags that you can enable that + help make your build output more secure. + The security flags are in the + <filename>meta/conf/distro/include/security_flags.inc</filename> + file in your + <link linkend='source-directory'>Source Directory</link> + (e.g. <filename>poky</filename>). + </para> + + <para> + These GCC/LD flags enable more secure code generation. + By including the <filename>security_flags.inc</filename> + file, you enable flags to the compiler and linker that cause + them to generate more secure code. + <note> + These flags are enabled by default in the + <filename>poky-lsb</filename> distribution. + </note> + Use the following line in your + <filename>local.conf</filename> file + to enable the security compiler and + linker flags to your build: + <literallayout class='monospaced'> + require conf/distro/include/security_flags.inc + </literallayout> + </para> + </section> + <section id='creating-your-own-distribution'> <title>Creating Your Own Distribution</title> |
