Alkemist by RunSafe

alkemist logo


center logo for this page's deployment type


shield with heart in the middle
You're only a few steps away from deploying LFR into your Yocto environment!
1 of 7
Down Arrow Mirrored

Select Yocto Distribution

2 of 7
Down Arrow

Clone Repos

The RunSafe maintained meta-lfr layer contains all of the neccessary configuration files to integrate LFR into a yocto build environment.

3 of 7
Down Arrow Mirrored

Customize LFR layer.conf

The LFR_PACKAGE contains pre-built binaries cross-compiled for different CPU targets. Currently supported is 32-bit ARM with support for 32- and 64-bit Intel and 64-bit ARM coming soon.

4 of 7
Down Arrow

Prepare Build Environment

Sourcing oe-init-build-env prepares the environment for building yocto recipes and images. Adding meta-lfr to the list of layers will result in all recipes being built with LFR protections in place.

5 of 7
Down Arrow Mirrored

Customize LFR local.conf

The binaries contained in the package provided from LFR_PACKAGE in the step 3 cooridinate with the qemuarm MACHINE target.

6 of 7
Down Arrow

Build Yocto Image

This command will build the core-image-minimal image with LFR protections. The resulting image can be run using runqemu qemuarm.

The bitbake command can be run to build other images, or individual recipes with LFR protection using bitbake <recipe/image>.

7 of 7
Alkemist Logo

Verify LFR Protection

This shows how to confirm that LFR has been applied to a given binary using the readelf tool from the binutils package. You must have binutils on your system for it to work, but it is commonly available.