Author: Michael Opdenacker
-
Yocto security: Kernel Hardening
This is another blog post about securing your Yocto built systems: Introduction The Linux kernel is the cornerstone and stronghold of a Linux based system. Unlike user-space applications which run with limited privileges, if it’s compromised, there is almost no limit to what an attacker can do. While nothing is unbreakable, there are two types…
-
Yocto bookmark and new training dates
Bookmark After a brief announcement two weeks ago, here is the new Yocto command reference bookmark, in a format you can print and modify, according to the terms of the Creative Commons Attribution-ShareAlike license. In particular, the PDF version is ready to be printed. This way you will get 5 bookmarks on double-sided A4 paper.…
-
Linux 6.17 is out and already running at Root Commit
Linux 6.17 has just been released, and it’s already running here at Root Commit. The first system it’s been running on is this Toradex Verdin iMX8M Mini SOM (below the heat sink!) on the Dahlia Carrier board. I’m using this board for a medical device project at the moment. Here are my notes for building…
-
Digital hygiene: use USB tethering to connect your laptop
When you are on the go, have you thought about connecting your GNU/Linux PC to the Internet through a USB connection to your phone? A better and safer solution is USB tethering. Your PC uses the Internet connection of your phone through a USB data cable. This is much better in terms of security (nothing…
-
Yocto Security: Production and Development Images
This blog post is part of a series about securing your Yocto built systems: What to avoid So, you use Yocto to build an image for your embedded device. You tweak the image and distribution settings to get the features you need, and other developers use the SDK built by Yocto to create and build…
-
“Securing Yocto Built Systems” presentation slides
Last week, I gave a “Making Yocto Built Images More Secure” presentation at the Embedded Linux Conference in Amsterdam. The main goal was to share the research I’ve done so far for a customer project, and gather feedback from the audience. Here are a few highlights: Check out the slides at https://rootcommit.com/pub/conferences/2025/elce/yocto-security/yocto-security.pdf. In the next…
-
See how U-Boot modifies your board device tree
If you compare the device tree as loaded by Linux, available in /sys/firmware/fdt, you will see that it differs from the one that you loaded in U-Boot. Taking the time to make the comparison is quite instructive. Let’s do this on my Toradex Verdin iMX8M Mini SoM on the Dahlia carrier board. Decompiling the DTB…
-
Seven steps to grow your embedded Linux skills
Do you already have a job in embedded Linux but wish to be given more challenging goals? Or are you in IT, already using Linux on your own laptop, and dreaming about landing an embedded Linux job, possibly starting as your own boss? Follow my advice in a patient and consistent way, and you will…
-
Yocto: variable overrides tricks
I discovered a intriguing phenomenon while preparing my How to test the latest mainline Linux kernel or bootloader presentation at OpenEmbedded Workshop 2025. It turned out there was something incomplete in my understanding of BitBake variable overrides. Let’s take the example of a meta-mainline recipe from my Kernel Recipes: SRC_URI = “git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git;branch=linux-6.13.y;protocol=https” Then, depending on…
-
Google-stored passwords insufficiently protected
Have you checked the passwords.google.com page? If you have a Google account, it’s the passwords that you’ve supposedly allowed Google to remember for you. In my case, I have a very limited list, and it’s so old that I don’t even remember letting Google remember them. I most probably accepted this on an Android phone,…