For years I have been telling myself that it’s a bit too much for a single person to try and manage a distro, but now I think it’s time to give it a go. I’ve been working with Yocto for years at this point, and I have some idea what maintaining a Yocto distro requires. I’m not sure if I’m at the “Peak of Mount Stupid” or “Plateau of Sustainability” on the Dunning-Kruger curve, but let’s not worry about that too much yet.My idea is to create a secure Yocto distribution that is free to use, “quite” “simple” and perhaps at times frustratingly hardened (but all for the good cause). I named it Sulka, more on the name a bit later. You can find the current version from this repository (no tagged releases yet). I am somewhat hopeful it will be easier to manage a Yocto distribution because it is a much narrower target than a general purpose distro like Ubuntu. And because it’s security-oriented, I can remove a lot of features, making it even simpler.To answer the age-old question, “Should I cut this feature or not”, the answer is hopefully obviousExisting AlternativesThere are a few secure alternatives to Yocto’s default reference distribution Poky. Wind River Linux is a common commercial solution. I also found The Embedded Kit Welma and TimeSys VigiShield when doing some research on the topic, but I’m personally not familiar with these two. The Yocto meta-layer meta-security has this meta-hardening sub-layer that contains a good hardening distro as well.All in all, my idea is not really completely unique. But I thought that it’d be interesting to apply the learnings from my Yocto Hardening blog series into something actually useful. Sulka is also free and open-source, so it’s a bit different in that sense compared to the commercial solutions. A closer comparison would be with the open-source meta-hardening layer, but I hope that by developing this stuff on my repo I can move faster and add features that might not necessarily fit the generic security repo.Of course, I know t...
First seen: 2025-06-13 21:54
Last seen: 2025-06-13 21:54