Alkemist by RunSafe
ALKEMIST:PORTAL

alkemist logo

+

center logo for this page's deployment type

=

shield with heart in the middle
You're only a few steps away from deploying Alkemist:Source into your Yocto environment!
1 of 7
Down Arrow Mirrored

Select Yocto Distribution


2 of 7
Down Arrow

Clone Repos

The RunSafe-maintained meta-lfr layer contains all of the neccessary configuration files to integrate Alkemist:Source' Load-time Function Randomization (LFR) into a yocto build environment.

3 of 7
Down Arrow Mirrored

Customize Alkemist:Source layer.conf

The LFR_PACKAGE contains pre-built binaries cross-compiled for different CPU targets. Currently supported is 32-bit ARM with support for 32- and 64-bit Intel and 64-bit ARM coming soon.

4 of 7
Down Arrow

Prepare Build Environment

Sourcing oe-init-build-env prepares the environment for building yocto recipes and images. Adding meta-lfr to the list of layers will result in all recipes being built with Alkemist:Source protections in place.

5 of 7
Down Arrow Mirrored

Customize Alkemist:Source local.conf

The binaries contained in the package provided from LFR_PACKAGE in the step 3 cooridinate with the qemuarm MACHINE target.

6 of 7
Down Arrow

Build Yocto Image

This command will build the core-image-minimal image with Alkemist:Source protections. The resulting image can be run using runqemu qemuarm.

The bitbake command can be run to build other images, or individual recipes with Alkemist:Source protection using bitbake <recipe/image>.

7 of 7
Alkemist Logo

Verify Alkemist:Source Protection

This shows how to confirm that Alkemist:Source has been applied to a given binary using the readelf tool from the binutils package. You must have binutils on your system for it to work, but it is commonly available.