Menu
How do I keep an OE/Yocto based embedded linux system updated regarding security issues?
My understanding is that Yocto releases are maintained for only six months. After that I need to apply fixes/patches myself. Is that correct?
I also understand that typically there will be additional layers (public and private ones) not part of Yocto per se that need to be taken care of.
Note that my question is not about getting the update out to the embedded device and flashing it. The focus of my question is how to best track the software used by my system, what known security issues are out there and which security patches to apply.
My impression so far is that people start to build a device with Yocto release 'x' and stick to it. They might apply security patches for things that have gotten a lot of bad press, but only ad hoc, not in a systematic manner.
Is there an official/documented process?
817
You can find a lot of informations concerning Yocto Security in wiki.
As stated there, CVE patches are applied to all stable branches, so it's more than 6 months, as Morty was released in november 2016.
There is a specific Security layer that contains security audit tools for instance.
Main layer advantage is that Yocto version update is quite straightforward, you can see this video that explains how to migrate easily from one version to another.
130
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
