Choose which install method you would like to see instructions for. Debs work for any debian-based OS such as Debian, Ubuntu, and Mint. RPMS work for any Fedora-based OS such as Fedora, centOS, RHEL, and Rocky Linux.
Need to know your distribution? Run this command in a terminal:
The RunSafe-maintained meta-lfr layer contains all of the neccessary configuration files to integrate Code' Load-time Function Randomization (LFR) into a yocto build environment.
The LFR_PACKAGE contains pre-built binaries cross-compiled for different CPU targets. Currently supported is 32-bit ARM with support for 32- and 64-bit Intel and 64-bit ARM coming soon.
Sourcing oe-init-build-env prepares the environment for building yocto recipes and images. Adding meta-lfr to the list of layers will result in all recipes being built with Code protections in place.
The binaries contained in the package provided from LFR_PACKAGE in the step 3 cooridinate with the qemuarm MACHINE target.
This command will build the core-image-minimal image with Code protections. The resulting image can be run using
bitbake command can be run to build other images, or individual recipes with Code protection using
This shows how to confirm that Code has been applied to a given binary using the
readelf tool from the
binutils package. You must have
binutils on your system for it to work, but it is commonly available.