From patchwork Tue Jan 6 15:34:31 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonin Godard X-Patchwork-Id: 78090 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1F02CCE9D65 for ; Tue, 6 Jan 2026 15:34:51 +0000 (UTC) Received: from smtpout-04.galae.net (smtpout-04.galae.net [185.171.202.116]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.92536.1767713682754160576 for ; Tue, 06 Jan 2026 07:34:43 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@bootlin.com header.s=dkim header.b=E2n5xewa; spf=pass (domain: bootlin.com, ip: 185.171.202.116, mailfrom: antonin.godard@bootlin.com) Received: from smtpout-01.galae.net (smtpout-01.galae.net [212.83.139.233]) by smtpout-04.galae.net (Postfix) with ESMTPS id 192AFC1E4B6 for ; Tue, 6 Jan 2026 15:34:15 +0000 (UTC) Received: from mail.galae.net (mail.galae.net [212.83.136.155]) by smtpout-01.galae.net (Postfix) with ESMTPS id 272E760739 for ; Tue, 6 Jan 2026 15:34:41 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) by localhost (Mailerdaemon) with ESMTPSA id 9180C103C84A4; Tue, 6 Jan 2026 16:34:40 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bootlin.com; s=dkim; t=1767713680; h=from:subject:date:message-id:to:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:references; bh=tUr1BgkDHNEjHInusSWasFsqcm4sY47hVWkkbdzza10=; b=E2n5xewag/O7tjdOicHmPOZhJHV7JOtPj+x8TtMs5VZa37YXIQ23wAPL6e2HTMEyCJrbq5 eqjkXLO93mIpovwgTSh/6CT5Tto5s7A1D+uEj8s9PWWtrG9XKz+1Q66+jRmu3aYJEwhYN6 zy9TK/c1mJmuhFmzeKYjswlJ7Tfv+rBK8yFCilEeIon6VjtgY19+455SGY6iJWPadEqa2G eVXYh1sy+Jtqzhh9uAQSDCfkyGl9uQaCWkwMQl9I7mUIBDiRm3En+Oz1UWzzQ+U7WpIhS9 ey8qeF+avM4IUxvT2BpuEP4sywgNdeTE3g6GWcpnylyIYfo7jqaFTpPhja7sFw== From: Antonin Godard Date: Tue, 06 Jan 2026 16:34:31 +0100 Subject: [PATCH 1/3] Add a security manual MIME-Version: 1.0 Message-Id: <20260106-security-manual-v1-1-500fe611a4d0@bootlin.com> References: <20260106-security-manual-v1-0-500fe611a4d0@bootlin.com> In-Reply-To: <20260106-security-manual-v1-0-500fe611a4d0@bootlin.com> To: docs@lists.yoctoproject.org Cc: Thomas Petazzoni , Antonin Godard X-Mailer: b4 0.15-dev X-Developer-Signature: v=1; a=openpgp-sha256; l=3183; i=antonin.godard@bootlin.com; h=from:subject:message-id; bh=48yxQHadZNtM9hg43eFG62xzEUvOLV/nPnR5NZIaSmQ=; b=owEBbQKS/ZANAwAKAdGAQUApo6g2AcsmYgBpXSuOC4ey/Lsddil+Rjn3jbuWIY1pHlBhsytfF 7uIwU+KKDqJAjMEAAEKAB0WIQSGSHJRiN1AG7mg0//RgEFAKaOoNgUCaV0rjgAKCRDRgEFAKaOo NsYMEACBqJvSflKazzoxJcPu+uSxGi61Tad0P1OWVd7hIiWffyptVRoX7n/FdvOAyZMKEOMkunn R1OcMgwvzB8OuEG399E57JcMEJZwCKrwpo5Nax8E3kgSIkSN/xKqqDR7QUeo2D4FVY0NSA0fsvZ rMf8faVFx1t/y1P3PM6YcM45SAIkXjVg2j+v3xkZtqOMT7Jeg3Zx1ybYOQu+9z9SvGTUy4JMcEf 43qxQNpXm6DfK+GyJ3Xi9+GdavmOb3RWlNBvk8fXcVn3WgmWTuDjNdvl9DnWvbtFRjz71Ml0j72 ya68WGuy7yekJnxKUbJtxBUfvep2x69uVqu5CmC9RqC6pUh2bz0eKZXkUn2Z+flSK6J8JLKjtkL 4/wqrnNEm0Nq1RT4tyhB8RwDuAO/Y0l61UBO1g0Cx9p2gdsAIrX/uKKsl+lLJ0/pWrntE3knkiy zcp47L2M1ymjbyF34tJkpTcgga5Cj6aiNFaH1YiNLA21JeifgTq/NWpjG8oumpi2gRnnc3ku1Cg 5Jd+QFTpIL3HVRCI9I6496Kmjfg+nM8zrFKv3t/zQT1yIyA/MXVMPt1+5HvnZNXfaZiRKDiXs0s x42wUEtQbZZo1lYE7q9wy6Uff9gXRGiD3eH4FJODdtBoVCKeqIqbsBYId1cmrO3hrrWfNUq4qgf 9zpbqq+VxJH+F2Q== X-Developer-Key: i=antonin.godard@bootlin.com; a=openpgp; fpr=8648725188DD401BB9A0D3FFD180414029A3A836 X-Last-TLS-Session-Version: TLSv1.3 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 06 Jan 2026 15:34:51 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/docs/message/8398 A new manual in the documentation, to separate out security-oriented tasks from other ones. The end-goal of this manual is to be a place where users can add security tutorials/tips to harden images, or document ways to deal with vulnerabilities, as long as it's supported by the Yocto Project. Add an intro document stating what this manual is for and what it's not for. [YOCTO #14509] Signed-off-by: Antonin Godard --- documentation/index.rst | 1 + documentation/security-manual/index.rst | 16 ++++++++++++++++ documentation/security-manual/intro.rst | 28 ++++++++++++++++++++++++++++ 3 files changed, 45 insertions(+) diff --git a/documentation/index.rst b/documentation/index.rst index 037edcee6..7d933acc0 100644 --- a/documentation/index.rst +++ b/documentation/index.rst @@ -30,6 +30,7 @@ Welcome to the Yocto Project Documentation Board Support Package (BSP) Developer's guide Development Tasks Manual Linux Kernel Development Manual + Security Manual Profile and Tracing Manual Application Development and the Extensible SDK (eSDK) Toaster Manual diff --git a/documentation/security-manual/index.rst b/documentation/security-manual/index.rst new file mode 100644 index 000000000..92a883f00 --- /dev/null +++ b/documentation/security-manual/index.rst @@ -0,0 +1,16 @@ +.. SPDX-License-Identifier: CC-BY-SA-2.0-UK + +============================= +Yocto Project Security Manual +============================= + +| + +.. toctree:: + :caption: Table of Contents + :numbered: + + intro + +.. include:: /boilerplate.rst + diff --git a/documentation/security-manual/intro.rst b/documentation/security-manual/intro.rst new file mode 100644 index 000000000..03a8ed1ca --- /dev/null +++ b/documentation/security-manual/intro.rst @@ -0,0 +1,28 @@ +.. SPDX-License-Identifier: CC-BY-SA-2.0-UK + +************ +Introduction +************ + +Welcome to the Yocto Project Security Manual. This manual provides relevant +procedures necessary for dealing with security-related tasks supported in the +Yocto Project environment. This manual groups related procedures into +higher-level sections. Procedures can consist of high-level steps or low-level +steps depending on the topic. + +This manual provides the following: + +- Procedures that help you securing an image with features supported by the + Yocto Project; for example making a root filesystem read-only. + +- Procedures related to processes outside of the target images; for example how + to deal with vulnerabilities. + +This manual does not provide the following: + +- Procedures on security features implemented outside of + :term:`OpenEmbedded-Core (OE-Core)`. + +- Documentation on the security mechanisms themselves, which can often be found + in the documentation of the feature itself. This manual focuses on how to + integrate the security mechanism within the Yocto Project. From patchwork Tue Jan 6 15:34:32 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonin Godard X-Patchwork-Id: 78089 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 19A2ECE9D63 for ; Tue, 6 Jan 2026 15:34:51 +0000 (UTC) Received: from smtpout-04.galae.net (smtpout-04.galae.net [185.171.202.116]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.92537.1767713683259880884 for ; Tue, 06 Jan 2026 07:34:43 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@bootlin.com header.s=dkim header.b=o92e64XN; spf=pass (domain: bootlin.com, ip: 185.171.202.116, mailfrom: antonin.godard@bootlin.com) Received: from smtpout-01.galae.net (smtpout-01.galae.net [212.83.139.233]) by smtpout-04.galae.net (Postfix) with ESMTPS id 8BA33C1E4B7 for ; Tue, 6 Jan 2026 15:34:15 +0000 (UTC) Received: from mail.galae.net (mail.galae.net [212.83.136.155]) by smtpout-01.galae.net (Postfix) with ESMTPS id 9B87F60739 for ; Tue, 6 Jan 2026 15:34:41 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) by localhost (Mailerdaemon) with ESMTPSA id 0B828103C86DD; Tue, 6 Jan 2026 16:34:40 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bootlin.com; s=dkim; t=1767713681; h=from:subject:date:message-id:to:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:references; bh=JX+206UFF6NSW35yFlUNJni8/aSpxae999sQtyP6Oh4=; b=o92e64XNYSXv35SwNFuWZOSQdJ1TkzsR8veS8jg3aSfinc8s2BSKCP2T7umP7Rg2fS/TC2 UK86h36J2d4DX1rDUgRd3L51qjQt9LCmuOZ2YWKeYo4Q+FRQOhW3A7T8FtjUdACoit4mwT riXryd09aNp5lCO0OmBnlaEMOOX4XYLD4uUEyuD1jz/JCVvbpjffwfc7UzxqzC6geOAx+R aH7xNy6x3vzMOEOra0QEclLBJLL+/HkAeP7nVhQR/RjW0YcyRz4Kuuw3NSSJDkXgujXOt5 f/KdR/0YeXRsHmNlcZiSib8wUjZsU5G2i/lTjuDLVOUQ4kngVx1GzGM8RW7zUA== From: Antonin Godard Date: Tue, 06 Jan 2026 16:34:32 +0100 Subject: [PATCH 2/3] Move security related manuals to the security manual MIME-Version: 1.0 Message-Id: <20260106-security-manual-v1-2-500fe611a4d0@bootlin.com> References: <20260106-security-manual-v1-0-500fe611a4d0@bootlin.com> In-Reply-To: <20260106-security-manual-v1-0-500fe611a4d0@bootlin.com> To: docs@lists.yoctoproject.org Cc: Thomas Petazzoni , Antonin Godard X-Mailer: b4 0.15-dev X-Developer-Signature: v=1; a=openpgp-sha256; l=10776; i=antonin.godard@bootlin.com; h=from:subject:message-id; bh=PtkhsmsC0lJevGIehsihchuiFuIfDp8z7Bfo9t4SCA4=; b=owEBbQKS/ZANAwAKAdGAQUApo6g2AcsmYgBpXSuPxJorVpK2ti0/BAgTg4RAA5tvzduD5UKRL RgIhsnLnk2JAjMEAAEKAB0WIQSGSHJRiN1AG7mg0//RgEFAKaOoNgUCaV0rjwAKCRDRgEFAKaOo NpQ5D/428OlejQ8Ga065qXAF5StEp+gSuyiKOkJOlhBl7a5eGUWL0iYSSltbGWJ8RjDOLkB170G iavTjLEsLpp1iJcPr0J9BVz1sRD6zzckxgLpygCzRBF1BVjs9/QzECZAFbylUWCBjOzIdATViuO eZFYCNxcCH03PkveNVRp1dppmKXtvc8vHHHjZygBlBF+drKdkQSqF3IsddbprXcMuHJx4/NPspu XyhPkSup45mqGQbIeQvR/490VemBpqd8UdstaX0Elv9CbbpIb8IBCH2IJ8oNHBxmwExok5u2owz rmjyulQ2H50oPtB/qGBpZtYHY24eZH5KMuv9Vn4mw/K4Ev9EklKwFvlpWpGHtOTSVo9iIMXpUuL KI69/6LCpBMqnk+wePWaFkfH9rPA2z1e7p+nyI1pCnT/8NSfd/wUQQBKNNRdbKU95DAB+r6aKSL xnAue5kq1wmuiEB86m/ECR25Ul8q2fxNnaIMW9LIwPNeT0hqgOsJ22SpmLEUYJWkKg627CyH/bp uCp7+hrCgypPWSfVMfaBufeFZQFc1Pp3SwVTCaJM6NJfleTiP0tIfDNR0xYvgeZ4BnGZIcd+/58 wPOtvTKsCo7YVOA/YTG8R3k8LnB9jEFS934aDWGDVDYaZ3SgsNnUq2xwSs9svZj0o9bs66pzpfs 36ptBK+my/Lealw== X-Developer-Key: i=antonin.godard@bootlin.com; a=openpgp; fpr=8648725188DD401BB9A0D3FFD180414029A3A836 X-Last-TLS-Session-Version: TLSv1.3 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 06 Jan 2026 15:34:51 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/docs/message/8399 Move the vulnerabilities, read-only-rootfs, and securing-images sections to the security manual. Update references to these documents to fix Sphinx reference errors. Signed-off-by: Antonin Godard --- documentation/contributor-guide/submit-changes.rst | 2 +- documentation/dev-manual/index.rst | 3 --- documentation/dev-manual/sbom.rst | 2 +- documentation/migration-guides/release-notes-4.2.rst | 2 +- documentation/overview-manual/concepts.rst | 2 +- documentation/ref-manual/classes.rst | 2 +- documentation/ref-manual/faq.rst | 2 +- documentation/ref-manual/features.rst | 2 +- documentation/ref-manual/variables.rst | 4 ++-- documentation/security-manual/index.rst | 3 +++ documentation/{dev-manual => security-manual}/read-only-rootfs.rst | 0 documentation/{dev-manual => security-manual}/securing-images.rst | 4 ++-- documentation/{dev-manual => security-manual}/vulnerabilities.rst | 0 13 files changed, 14 insertions(+), 14 deletions(-) diff --git a/documentation/contributor-guide/submit-changes.rst b/documentation/contributor-guide/submit-changes.rst index 6306ed45b0..07989d7b6e 100644 --- a/documentation/contributor-guide/submit-changes.rst +++ b/documentation/contributor-guide/submit-changes.rst @@ -711,7 +711,7 @@ follows: #. *Identify the bug or CVE to be fixed:* This information should be collected so that it can be included in your submission. - See :ref:`dev-manual/vulnerabilities:checking for vulnerabilities` + See :ref:`security-manual/vulnerabilities:checking for vulnerabilities` for details about CVE tracking. #. *Check if the fix is already present in the master branch:* This will diff --git a/documentation/dev-manual/index.rst b/documentation/dev-manual/index.rst index e786ddf8f8..e9bf17bdcc 100644 --- a/documentation/dev-manual/index.rst +++ b/documentation/dev-manual/index.rst @@ -33,7 +33,6 @@ Yocto Project Development Tasks Manual external-toolchain wic bmaptool - securing-images custom-distribution custom-template-configuration-directory disk-space @@ -42,11 +41,9 @@ Yocto Project Development Tasks Manual init-manager device-manager external-scm - read-only-rootfs build-quality debugging licenses - vulnerabilities sbom error-reporting-tool wayland diff --git a/documentation/dev-manual/sbom.rst b/documentation/dev-manual/sbom.rst index d54a33a470..8452fb12bb 100644 --- a/documentation/dev-manual/sbom.rst +++ b/documentation/dev-manual/sbom.rst @@ -6,7 +6,7 @@ Creating a Software Bill of Materials Once you are able to build an image for your project, once the licenses for each software component are all identified (see ":ref:`dev-manual/licenses:working with licenses`") and once vulnerability -fixes are applied (see ":ref:`dev-manual/vulnerabilities:checking +fixes are applied (see ":ref:`security-manual/vulnerabilities:checking for vulnerabilities`"), the OpenEmbedded build system can generate a description of all the components you used, their licenses, their dependencies, their sources, the changes that were applied to them and the known diff --git a/documentation/migration-guides/release-notes-4.2.rst b/documentation/migration-guides/release-notes-4.2.rst index 8da42a4390..529be7da29 100644 --- a/documentation/migration-guides/release-notes-4.2.rst +++ b/documentation/migration-guides/release-notes-4.2.rst @@ -273,7 +273,7 @@ New Features / Enhancements in 4.2 - Prominent documentation updates: - - Substantially expanded the ":doc:`/dev-manual/vulnerabilities`" section. + - Substantially expanded the ":doc:`/security-manual/vulnerabilities`" section. - Added a new ":doc:`/dev-manual/sbom`" section about SPDX SBoM generation. - Expanded ":ref:`init-manager`" documentation. - New section about :ref:`ref-long-term-support-releases`. diff --git a/documentation/overview-manual/concepts.rst b/documentation/overview-manual/concepts.rst index 04a08b7db7..c68a94e75a 100644 --- a/documentation/overview-manual/concepts.rst +++ b/documentation/overview-manual/concepts.rst @@ -1041,7 +1041,7 @@ stage of package installation, post installation scripts that are part of the packages are run. Any scripts that fail to run on the build host are run on the target when the target system is first booted. If you are using a -:ref:`read-only root filesystem `, +:ref:`read-only root filesystem `, all the post installation scripts must succeed on the build host during the package installation phase since the root filesystem on the target is read-only. diff --git a/documentation/ref-manual/classes.rst b/documentation/ref-manual/classes.rst index eae15fd62e..2e219a59c3 100644 --- a/documentation/ref-manual/classes.rst +++ b/documentation/ref-manual/classes.rst @@ -659,7 +659,7 @@ These can only be detected by reviewing the details of the issues and iterating and following what happens in other Linux distributions and in the greater open source community. You will find some more details in the -":ref:`dev-manual/vulnerabilities:checking for vulnerabilities`" +":ref:`security-manual/vulnerabilities:checking for vulnerabilities`" section in the Development Tasks Manual. .. _ref-classes-cython: diff --git a/documentation/ref-manual/faq.rst b/documentation/ref-manual/faq.rst index 406b2c3887..6c5b9d4e7f 100644 --- a/documentation/ref-manual/faq.rst +++ b/documentation/ref-manual/faq.rst @@ -320,7 +320,7 @@ the vulnerabilities using the SPDX document as input. These third-party tools have the responsibility of providing support for integrating with the Yocto Project SBOMs. -Also see the :doc:`/dev-manual/vulnerabilities` section of the Yocto Project +Also see the :doc:`/security-manual/vulnerabilities` section of the Yocto Project Development Tasks Manual for more information on dealing with vulnerabilities. Customizing generated images diff --git a/documentation/ref-manual/features.rst b/documentation/ref-manual/features.rst index 40651a4c91..df37830893 100644 --- a/documentation/ref-manual/features.rst +++ b/documentation/ref-manual/features.rst @@ -333,7 +333,7 @@ The image features available for all images are: - *read-only-rootfs:* Creates an image whose root filesystem is read-only. See the - ":ref:`dev-manual/read-only-rootfs:creating a read-only root filesystem`" + ":ref:`security-manual/read-only-rootfs:creating a read-only root filesystem`" section in the Yocto Project Development Tasks Manual for more information. diff --git a/documentation/ref-manual/variables.rst b/documentation/ref-manual/variables.rst index ee776c1109..b3c3fd0b26 100644 --- a/documentation/ref-manual/variables.rst +++ b/documentation/ref-manual/variables.rst @@ -2070,7 +2070,7 @@ system and gives an overview of their function and contents. It has the format "reason: description" and the description is optional. The Reason is mapped to the final CVE state by mapping via - :term:`CVE_CHECK_STATUSMAP`. See :ref:`dev-manual/vulnerabilities:fixing vulnerabilities in recipes` + :term:`CVE_CHECK_STATUSMAP`. See :ref:`security-manual/vulnerabilities:fixing vulnerabilities in recipes` for details. :term:`CVE_STATUS_GROUPS` @@ -2919,7 +2919,7 @@ system and gives an overview of their function and contents. useful if you want to develop against the libraries in the image. - "read-only-rootfs" --- creates an image whose root filesystem is read-only. See the - ":ref:`dev-manual/read-only-rootfs:creating a read-only root filesystem`" + ":ref:`security-manual/read-only-rootfs:creating a read-only root filesystem`" section in the Yocto Project Development Tasks Manual for more information - "tools-debug" --- adds debugging tools such as gdb and strace. diff --git a/documentation/security-manual/index.rst b/documentation/security-manual/index.rst index 92a883f006..3453940f5d 100644 --- a/documentation/security-manual/index.rst +++ b/documentation/security-manual/index.rst @@ -11,6 +11,9 @@ Yocto Project Security Manual :numbered: intro + securing-images + vulnerabilities + read-only-rootfs .. include:: /boilerplate.rst diff --git a/documentation/dev-manual/read-only-rootfs.rst b/documentation/security-manual/read-only-rootfs.rst similarity index 100% rename from documentation/dev-manual/read-only-rootfs.rst rename to documentation/security-manual/read-only-rootfs.rst diff --git a/documentation/dev-manual/securing-images.rst b/documentation/security-manual/securing-images.rst similarity index 96% rename from documentation/dev-manual/securing-images.rst rename to documentation/security-manual/securing-images.rst index f4b528e559..c66dde7f71 100644 --- a/documentation/dev-manual/securing-images.rst +++ b/documentation/security-manual/securing-images.rst @@ -64,7 +64,7 @@ more secure: especially applies when your device is network-enabled. - Regularly scan and apply fixes for CVE security issues affecting - all software components in the product, see ":ref:`dev-manual/vulnerabilities:checking for vulnerabilities`". + all software components in the product, see ":ref:`security-manual/vulnerabilities:checking for vulnerabilities`". - Regularly update your version of Poky and OE-Core from their upstream developers, e.g. to apply updates and security fixes from stable @@ -72,7 +72,7 @@ more secure: - Ensure you remove or disable debugging functionality before producing the final image. For information on how to do this, see the - ":ref:`dev-manual/securing-images:considerations specific to the openembedded build system`" + ":ref:`security-manual/securing-images:considerations specific to the openembedded build system`" section. - Ensure you have no network services listening that are not needed. diff --git a/documentation/dev-manual/vulnerabilities.rst b/documentation/security-manual/vulnerabilities.rst similarity index 100% rename from documentation/dev-manual/vulnerabilities.rst rename to documentation/security-manual/vulnerabilities.rst From patchwork Tue Jan 6 15:34:33 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonin Godard X-Patchwork-Id: 78091 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1420FCE9D61 for ; Tue, 6 Jan 2026 15:34:51 +0000 (UTC) Received: from smtpout-04.galae.net (smtpout-04.galae.net [185.171.202.116]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.92475.1767713683901183274 for ; Tue, 06 Jan 2026 07:34:44 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@bootlin.com header.s=dkim header.b=l9IgVmLd; spf=pass (domain: bootlin.com, ip: 185.171.202.116, mailfrom: antonin.godard@bootlin.com) Received: from smtpout-01.galae.net (smtpout-01.galae.net [212.83.139.233]) by smtpout-04.galae.net (Postfix) with ESMTPS id 18F49C1E4BA for ; Tue, 6 Jan 2026 15:34:16 +0000 (UTC) Received: from mail.galae.net (mail.galae.net [212.83.136.155]) by smtpout-01.galae.net (Postfix) with ESMTPS id 2C08F60739 for ; Tue, 6 Jan 2026 15:34:42 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) by localhost (Mailerdaemon) with ESMTPSA id 83098103C86E0; Tue, 6 Jan 2026 16:34:41 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bootlin.com; s=dkim; t=1767713681; h=from:subject:date:message-id:to:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:references; bh=9r3MjcAU8tD3c/iKoT9UmsKkLv4yhK23N7UrS707y1k=; b=l9IgVmLdUO3ul/3tvc8tjxyXSjGg+Ya5ftt0ZOBT7/WvtwPcWlH2HINMPH78ptXf9APzZd HjHVk2haHITZK/mW7orVnkDHD1r9xnA6OIH9a3T9yMd0P8SsvZdxhSGVEDhAWOdO/E8k7t 2ltrR292K3s9XllR8LBsVLKEykF2yAWSqSzmzcAfxs4PSxJmGOtcG7SatpnXPgPCK6cqP+ I4SSoC8VsfhIZl6uyNMTCjc9JJK3yNEaX92yXSTaLwa7oa0Me7dIqwTE0PJ8rU9sncwnUf i58P4MIHJP/00E58+20dFwMsdJO7nX+8CAWGFlYXJ2ZhNdUbPCJiyc5c7hoI0A== From: Antonin Godard Date: Tue, 06 Jan 2026 16:34:33 +0100 Subject: [PATCH 3/3] security-manual/securing-images.rst: remove old links MIME-Version: 1.0 Message-Id: <20260106-security-manual-v1-3-500fe611a4d0@bootlin.com> References: <20260106-security-manual-v1-0-500fe611a4d0@bootlin.com> In-Reply-To: <20260106-security-manual-v1-0-500fe611a4d0@bootlin.com> To: docs@lists.yoctoproject.org Cc: Thomas Petazzoni , Antonin Godard X-Mailer: b4 0.15-dev X-Developer-Signature: v=1; a=openpgp-sha256; l=1450; i=antonin.godard@bootlin.com; h=from:subject:message-id; bh=vrKFdNW950+xj9R7rnMaVIBAUjN9C2K2Q2oYQJSzhDo=; b=owEBbQKS/ZANAwAKAdGAQUApo6g2AcsmYgBpXSuPPANYapOAIy2XYLeXmbIOOxE9dR5hnGiv9 fUmQhYWRdOJAjMEAAEKAB0WIQSGSHJRiN1AG7mg0//RgEFAKaOoNgUCaV0rjwAKCRDRgEFAKaOo Nrf6EACS4+cbLq20WTLxZUsjxJOriNndwXX/T9bN69P00mZcKIgv/7osTPJOdZfuv8AY1f0uZ6f z/Ryy+Jkbli9doTW30kGIkaVXyIXilByoH/fnloGMGLdfZJCIMyaFRVuXUlKZHu9vBV6bWdIyiE +FVku+EMcH1rMOlvlNrNdYZLP3q9oo5j+nriQojE5+dsNGQgkeIORWFuE6VFMwTeyKZL0QmKXhx nfE2kOLXzbJglR1rTv8uIilHCBERp4TI5wDPLBcnGOtMo5mxWMsKm92GJeV7EmAB/r2UPq+yk6r n1nd51YbsyKjGl4jI0HLnZIhIPxNccXat4RQe9MC0bOft0/ydfJX2swOV7A5LJLiAGyGqgNL5Xy O9jLa8l6NJdPvkDXDCbHkAehJvzRz0DKfIoWMyAEC6KBx7mT9/uG+3UxbQkNE7QpDZzO6/u2cdW 2A6ir7ZGMKwHAnHiBioc8HEXHP7m6StNuwmNUYgHkH/imQJNuIM13BBfcWuazXSxNA6qZhReEUc EQzcgaHNYdzVIVZwOEJcsJpLk4WXePXoC+6s/SyPU+txbxq+Tw8HmSXxJrlgILjam+zjoPhNHeb VIsW+GcGaBlaqmeXGZX43FC7wqJuc3EeaXk9fV+FMdYoHih2Y0GTb/WxYrtO4EjTxWGiSMXuMJ0 uhU7uR21fayo3tg== X-Developer-Key: i=antonin.godard@bootlin.com; a=openpgp; fpr=8648725188DD401BB9A0D3FFD180414029A3A836 X-Last-TLS-Session-Version: TLSv1.3 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Tue, 06 Jan 2026 15:34:51 -0000 X-Groupsio-URL: https://lists.yoctoproject.org/g/docs/message/8400 Remove links to the start of the securing-images section, as these are old now and not really related to the Yocto Project. Signed-off-by: Antonin Godard --- documentation/security-manual/securing-images.rst | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/documentation/security-manual/securing-images.rst b/documentation/security-manual/securing-images.rst index c66dde7f7..cc6f95003 100644 --- a/documentation/security-manual/securing-images.rst +++ b/documentation/security-manual/securing-images.rst @@ -3,22 +3,6 @@ Making Images More Secure ************************* -Security is of increasing concern for embedded devices. Consider the -issues and problems discussed in just this sampling of work found across -the Internet: - -- *"*\ `Security Risks of Embedded - Systems `__\ *"* - by Bruce Schneier - -- *"*\ `Internet Census - 2012 `__\ *"* by Carna - Botnet - -- *"*\ `Security Issues for Embedded - Devices `__\ *"* - by Jake Edge - When securing your image is of concern, there are steps, tools, and variables that you can consider to help you reach the security goals you need for your particular device. Not all situations are identical when