5.8. Making Images More Secure

The Yocto Project has security flags that you can enable that help make your build output more secure. The security flags are in the meta/conf/distro/include/security_flags.inc file in your Source Directory (e.g. poky).

These GCC/LD flags enable more secure code generation. By including the security_flags.inc file, you enable flags to the compiler and linker that cause them to generate more secure code.

Note

These flags are enabled by default in the poky-lsb distribution.

Use the following line in your local.conf file to enable the security compiler and linker flags to your build:

     require conf/distro/include/security_flags.inc