Tag: security

  • U-Boot: protect sensitive environment variables

    U-Boot: protect sensitive environment variables

    This is a follow-up from our Accessing the U-Boot environment from a C program blog post. 🌳Need to protect the environment When you’re trying to harden an embedded Linux device to make it more resistant to attacks, one key part to secure is the bootloader, because that’s the part that boots the operating system. Even…

  • Accessing the U-Boot environment from a C program

    Accessing the U-Boot environment from a C program

    Need to modify the U-Boot environment from Linux There are multiple reasons for wanting to modify U-Boot variables from Linux, one of them being to implement A/B update mechanisms. Typically, after you’ve flashed a device with a new version, you’ll set the upgrade_available U-Boot variable to 1, reboot, and let U-Boot try to boot the…

  • Yocto security: Kernel Hardening

    Yocto security: Kernel Hardening

    This is another blog post about securing your Yocto built systems: Introduction The Linux kernel is the cornerstone and stronghold of a Linux based system. Unlike user-space applications which run with limited privileges, if it’s compromised, there is almost no limit to what an attacker can do. While nothing is unbreakable, there are two types…

  • Digital hygiene: use USB tethering to connect your laptop

    Digital hygiene: use USB tethering to connect your laptop

    When you are on the go, have you thought about connecting your GNU/Linux PC to the Internet through a USB connection to your phone? A better and safer solution is USB tethering. Your PC uses the Internet connection of your phone through a USB data cable. This is much better in terms of security (nothing…

  • Yocto Security: Production and Development Images

    Yocto Security: Production and Development Images

    This blog post is part of a series about securing your Yocto built systems: What to avoid So, you use Yocto to build an image for your embedded device. You tweak the image and distribution settings to get the features you need, and other developers use the SDK built by Yocto to create and build…

  • “Securing Yocto Built Systems” presentation slides

    “Securing Yocto Built Systems” presentation slides

    Last week, I gave a “Making Yocto Built Images More Secure” presentation at the Embedded Linux Conference in Amsterdam. The main goal was to share the research I’ve done so far for a customer project, and gather feedback from the audience. Here are a few highlights: Check out the slides at https://rootcommit.com/pub/conferences/2025/elce/yocto-security/yocto-security.pdf. In the next…

  • Google-stored passwords insufficiently protected

    Google-stored passwords insufficiently protected

    Have you checked the passwords.google.com page? If you have a Google account, it’s the passwords that you’ve supposedly allowed Google to remember for you. In my case, I have a very limited list, and it’s so old that I don’t even remember letting Google remember them. I most probably accepted this on an Android phone,…

  • Digital Hygiene presentation

    Digital Hygiene presentation

    Here’s a presentation I prepared for high school students in my area, but which actually targets any computer and smartphone user. Here are the main topics: The presentation is available in English and in French.