
+
=
You're only a few steps away from deploying Alkemist:Source into your Yocto environment!
1 of 7
Select Yocto Distribution
2 of 7
Clone Repos
The RunSafe-maintained meta-lfr layer contains all of the neccessary configuration files to integrate Alkemist:Source' Load-time Function Randomization (LFR) into a yocto build environment.
3 of 7
Customize Alkemist:Source layer.conf
The LFR_PACKAGE contains pre-built binaries cross-compiled for different CPU targets. Currently supported is 32-bit ARM with support for 32- and 64-bit Intel and 64-bit ARM coming soon.
4 of 7
Prepare Build Environment
Sourcing oe-init-build-env prepares the environment for building yocto recipes and images. Adding meta-lfr to the list of layers will result in all recipes being built with Alkemist:Source protections in place.
5 of 7
Customize Alkemist:Source local.conf
The binaries contained in the package provided from LFR_PACKAGE in the step 3 cooridinate with the qemuarm MACHINE target.
6 of 7
Build Yocto Image
This command will build the core-image-minimal image with Alkemist:Source protections. The resulting image can be run using
The
runqemu qemuarm
.The
bitbake
command can be run to build other images, or individual recipes with Alkemist:Source protection using bitbake <recipe/image>
.7 of 7

Verify Alkemist:Source Protection
This shows how to confirm that Alkemist:Source has been applied to a given binary using the
readelf
tool from the binutils
package. You must have binutils
on your system for it to work, but it is commonly available.