Hardening on Rootcommit WIP

U-Boot: protect sensitive environment variables

Wed, 15 Apr 2026 00:00:00 +0000

This is a follow-up from our Accessing the U-Boot environment from a C program blog post.

🌳Need to protect the environment

When you’re trying to harden an embedded Linux device to make it more resistant to attacks, one key part to secure is the bootloader, because that’s the part that boots the operating system. Even you implement a secure boot chain, if an attacker manages to interrupt the boot process and get access to the bootloader shell, this attacker would be able to load and run her/his own payload on the device.

Yocto security: Kernel Hardening

Tue, 07 Oct 2025 00:00:00 +0000

This is another blog post about securing your Yocto built systems:

Introduction

The Linux kernel is the cornerstone and stronghold of a Linux based system. Unlike user-space applications which run with limited privileges, if it’s compromised, there is almost no limit to what an attacker can do.

While nothing is unbreakable, there are two types of settings you can change to make your kernel harder to compromise: