About Sulka

Sulka is a Yocto Linux distribution that aims to provide a secure base for embedded Linux systems. The distro aims to be generic enough that it can fit most use cases, and provide enough configuration that it can be tailored for other systems.

The distro hardening is achieved by performing the following tasks by default:

  • Installing firewall and monitoring packages

  • Disabling root logins, and forcing all root actions to be done with sudo

  • Securing user logins with PAM

  • Hardening the application configurations, like OpenSSH

  • Minimizing the DISTRO_FEATURES of the image

Repositories

There are multiple repositories related to Sulka. Here you can find the listing of them:

  • kas Sulka

    This is the top-level repository of the project. It is the kas configuration repository. Kas is the build tool used to configure and build Sulka, and it is commonly used in Yocto projects. From this repository you can find the build configuration, and instructions on how to build the repository.

  • kas Sulka Raspberry Pi example

    Example repository of how the Sulka project can be ported on a custom hardware. The example ports the Sulka distro to Raspberry Pi 4 64-bit, but the instructions in the repo can be applied to other hardware as well.

  • meta-sulka-distro

    This repository is the distro part of the Sulka. It defines the packages that get installed into the user space, and the hardening configurations for the packages.

  • meta-sulka-kernel

    This repository is the kernel configuration part of the Sulka. It contains kernel metadata for creating a hardened kernel.

  • meta-sulka-bsp

    This repository is the board support package part of the Sulka. It contains metadata for hardened bootloader, which in the reference implementation is U-Boot.

  • meta-sulka-raspberrypi

    This is the integration layer that performs some modifications and additions to the Sulka that are required to port the distro to the Raspberry Pi. These actions mostly consist of editing the bootloader and kernel metadata, as they are quite board specific.

  • Sulka documentation

    This is the documentation repository for Sulka. It is also the source for this very page you are reading! If you spot missing or incorrect documentation, please raise an issue in this repository.

  • Sulka tests

    This is the test repository for Sulka.

Supported Yocto Versions

The goal is to support the latest long-term support release of Yocto (currently Scarthgap).