Alkemist by RunSafe

Step 1
Down Arrow Mirrored

Select Install Method

Choose which install method you would like to see instructions for. Debs work for any debian-based OS such as Debian, Ubuntu, and Mint. RPMS work for any Fedora-based OS such as Fedora, centOS, RHEL, and Rocky Linux.


Step 2
Down Arrow

Select Yocto Distribution

Yocto 3.1 (Dunfell)


Step 3
Down Arrow Mirrored

Clone Repos

The RunSafe-maintained meta-lfr layer contains all of the neccessary configuration files to integrate Alkemist:Code' Load-time Function Randomization (LFR) into a yocto build environment.


Step 4
Down Arrow

Customize Alkemist:Code layer.conf

The LFR_PACKAGE contains pre-built binaries cross-compiled for different CPU targets. Currently supported is 32-bit ARM with support for 32- and 64-bit Intel and 64-bit ARM coming soon.


Step 5
Down Arrow Mirrored

Prepare Build Environment

Sourcing oe-init-build-env prepares the environment for building yocto recipes and images. Adding meta-lfr to the list of layers will result in all recipes being built with Alkemist:Code protections in place.


Step 6
Down Arrow

Customize Alkemist:Code local.conf

The binaries contained in the package provided from LFR_PACKAGE in the step 3 cooridinate with the qemuarm MACHINE target.


Step 7
Down Arrow Mirrored

Build Yocto Image

This command will build the core-image-minimal image with Alkemist:Code protections. The resulting image can be run using runqemu qemuarm.

The bitbake command can be run to build other images, or individual recipes with Alkemist:Code protection using bitbake <recipe/image>.


Step 8
Alkemist Logo

Verify Alkemist:Code Protection

This shows how to confirm that Alkemist:Code has been applied to a given binary using the readelf tool from the binutils package. You must have binutils on your system for it to work, but it is commonly available.