Securing a Yocto-based Distribution - The Case of AllScenariosOS

Explore the intricacies of securing a Yocto-based distribution through the case study of AllScenariosOS in this 40-minute conference talk by Marta Rybczynska. Delve into Yocto security basics, learn about out-of-the-box security features, and understand the importance of CVE management for developers. Discover how to implement cve-check in Yocto projects, including console output analysis and potential extensions. Examine security-related layers in Yocto, with a focus on meta-security and the special case of meta-hardening. Gain insights into Linux kernel hardening techniques applied in AllScenariosOS, and explore next steps and lessons learned in distribution security. Acquire valuable knowledge to enhance your understanding of security practices in Yocto-based systems.

Intro
Marta Rybczynska: about me
Scary? Examples of issues from...
What will we talk about?
Yocto security basics - a subjective view (2/2)
What can you have out of the box? (and easily)
What a developer should know about CVES
Cve-check in Yocto: HOWTO
Cve-check console output (fragment)
Research on cve-check
Proposed cve-check extension (fragment)
Security-related layers in Yocto
Adding meta-security or sublayers
Special case: meta-hardening
Using meta-hardening
Linux kernel hardening in AllScenariosos
Next steps
Lessons learnt
If you want to learn more about security