RunSafe Logo

  • Documentation
  • Code
  • Repo
  • Flare
  • ASRI Reports
  • Support
RUNSAFE
CODE
Deployment GuideHow it Works
Step 1

Select Install Method

Deployment Option
Deployment Option
Deployment Option
Deployment Option

Choose which install method you would like to see instructions for. Debs work for any debian-based OS such as Debian, Ubuntu, and Mint. RPMS work for any Fedora-based OS such as Fedora, centOS, RHEL, and Rocky Linux.


Step 2

Select Distribution

Need to know your distribution? Run this command in a terminal: cat /etc/centos-release


Step 3

Clone Repos

The RunSafe-maintained meta-lfr layer contains all of the neccessary configuration files to integrate Code' Load-time Function Randomization (LFR) into a yocto build environment.


Step 4

Clone Repos

The LFR_PACKAGE contains pre-built binaries cross-compiled for different CPU targets. Currently supported is 32-bit ARM with support for 32- and 64-bit Intel and 64-bit ARM coming soon.


Step 5

Prepare Build Environment

Sourcing oe-init-build-env prepares the environment for building yocto recipes and images. Adding meta-lfr to the list of layers will result in all recipes being built with Code protections in place.


Step 6

Clone Repos

The binaries contained in the package provided from LFR_PACKAGE in the step 3 cooridinate with the qemuarm MACHINE target.


Step 7

Build Yocto Image

This command will build the core-image-minimal image with Code protections. The resulting image can be run using runqemu qemuarm.

The bitbake command can be run to build other images, or individual recipes with Code protection using bitbake <recipe/image>.


Step 8

Verify Code Protection

This shows how to confirm that Code has been applied to a given binary using the readelf tool from the binutils package. You must have binutils on your system for it to work, but it is commonly available.