what about more current security links for section 3.18 in dev manual?

what about more current security links for section 3.18 in dev manual?

[rpjday]

  currently perusing dev manual, 3.18, "Making Images More Secure",
https://www.yoctoproject.org/docs/current/dev-manual/dev-manual.html#making-images-more-secure
and the newest link there is from 2014 (even older ones are from 2012
and 2009.

  if people want to recommend newer online resources, i'll update the
links in that section.

rday

Re: [docs] what about more current security links for section 3.18 in dev manual?

[akuster]

[-- Attachment #1: Type: text/plain, Size: 681 bytes --]

Robert,



On 2/17/20 1:11 AM, rpjday@crashcourse.ca wrote:
>   currently perusing dev manual, 3.18, "Making Images More Secure",
> https://www.yoctoproject.org/docs/current/dev-manual/dev-manual.html#making-images-more-secure
> and the newest link there is from 2014 (even older ones are from 2012
> and 2009.
>
>   if people want to recommend newer online resources, i'll update the
> links in that section.
I found this doc on-line an plan on adding a link in the meta-security
layer.

https://www.nccgroup.trust/us/our-research/improving-your-embedded-linux-security-posture-with-yocto/

maybe its applicable for the YP docs?

- armin

>
> rday
>
> 


[-- Attachment #2: Type: text/html, Size: 1801 bytes --]

Re: [docs] what about more current security links for section 3.18 in dev manual?

[rpjday]

On Fri, 21 Feb 2020, akuster808 wrote:

> Robert,
>
>
>
> On 2/17/20 1:11 AM, rpjday@crashcourse.ca wrote:
>
>   currently perusing dev manual, 3.18, "Making Images More Secure",
> https://www.yoctoproject.org/docs/current/dev-manual/dev-manual.html#making-images-more-sec
> ure
> and the newest link there is from 2014 (even older ones are from 2012
> and 2009.
>
>   if people want to recommend newer online resources, i'll update the
> links in that section.
>
> I found this doc on-line an plan on adding a link in the meta-security layer.
>
> https://www.nccgroup.trust/us/our-research/improving-your-embedded-linux-security-posture-
> with-yocto/
>
> maybe its applicable for the YP docs?

  i was unaware of that paper, it looks pretty good, i can add that as
a link. still intersted in a couple more so i can submit them as a set
in one patch. anyone else? maybe online resources that don't
necessarily mention YP, but are embedded specific?

rday

Re: [docs] what about more current security links for section 3.18 in dev manual?

[rpjday]

On Fri, 21 Feb 2020, akuster808 wrote:

> I found this doc on-line an plan on adding a link in the meta-security layer.
>
> https://www.nccgroup.trust/us/our-research/improving-your-embedded-linux-security-posture-
> with-yocto/

  given that that doc is written relative to "sumo", it might be worth
updating it in some way to reflect current code base. i'm betting
enough has changed that it would be worth somehow bringing that doc up
to date. even as is, it clearly has value.

rday