1.. _hardening: 2 3Hardening Tool 4############## 5 6Zephyr contains several optional features that make the overall system 7more secure. As we take advantage of hardware features, many of these 8options are platform specific and besides it, some of them are unknown 9by developers. 10 11To address this problem, Zephyr provides a tool that helps to check an 12application configuration option list against a list of hardening 13preferences defined by the **Security Group**. The tool can identify the build 14target and based on that provides suggestions and recommendations on how to 15optimize the configuration for security. 16 17Usage 18***** 19 20After configure of your application, change directory to the build folder and: 21 22.. code-block:: console 23 24 # ninja build system: 25 $ ninja hardenconfig 26 # make build system: 27 $ make hardenconfig 28 29The output should be similar to the one bellow: 30 31.. code-block:: console 32 33 34 name | current | recommended || check result 35 =================================================================================================================== 36 CONFIG_HW_STACK_PROTECTION | n | y || FAIL 37 CONFIG_BOOT_BANNER | y | n || FAIL 38 CONFIG_PRINTK | y | n || FAIL 39 CONFIG_EARLY_CONSOLE | y | n || FAIL 40 CONFIG_OVERRIDE_FRAME_POINTER_DEFAULT | n | y || FAIL 41 CONFIG_DEBUG_INFO | y | n || FAIL 42 CONFIG_TEST_RANDOM_GENERATOR | y | n || FAIL 43 CONFIG_BUILD_OUTPUT_STRIPPED | n | y || FAIL 44 CONFIG_STACK_SENTINEL | n | y || FAIL 45
