Guide to Busybox Compilation on Automotive Build Platforms

Busybox is an GPL2 software project that combines tiny versions of many common UNIX utilities into a single small executable. It has been around since the early 90’s, and it’s used in a vast variety of embedded systems, this is why it gained the title Swiss Army Knife of Embedded Linux.

In Busybox, each utility is called an applet. Calling make config, users can customize applets and compile only applets relevant to them into one unified and easy to use binary.
Calling the make install command, Busybox will install itself on the system by copying your customized Busybox binary to the /bin folder. Busybox automatically creates symlinks for all compiled applets. Each symlink will call the Busybox binary with the relevant applet name.

This means that if we call an applet, busybox will be executed with the applet as the first parameter (argv[0]).

Securing the Busybox binary is challenging because it is difficult to change permissions or track each individual applet for the following reasons:

Creating different binaries for different applets is a great solution for maintaining busybox functionality without introducing the security issues raised by running all the applets in one binary.

The script requires you to provide a busybox config file by either calling make config or by providing one pre-made.

The next step will be to find all the applets in the config file. Remove all the applets from the config file, except the one that you want to include and compile busybox.

The script will continue until all the applets are compiled.

Industrial build platforms require adaptation and more functionality than a single script. For example, you may be required to do any or all of the following:

Make file format: You will need to adapt the process to work in a makefile format to support specific commands:

Each command has its own details that are build-platform specific and require an understanding of the target build system.

Different build systems have different compilation processes, some need to use different environment variables in order for the compiler to work with the right prerequisites.

One example can be the cross compiler, which can be changed from different build environments and if not supported correctly, the binaries won’t work on the target.

The config process can vary across environments, some config processes need to support different configurations depending on its use. I.e. for release, development, and debug.

You may want to keep the busybox support for menuconfig, in which case you will need to decide how you are going to implement it in your environment.

In the compiling process you not only create the regular busybox compiled artifacts but you also create different binaries that may be located in different paths in your build system. You will need to customize your cleaning process to suit your environment.

It is necessary to know where each applet is going to be located in the file system. Luckily, you can extract this information in the file include/applets.h and place each applet in the right folder.

\ *) \

exit 1;\

;;\

It is necessary to know how busybox will call the binary file in the system (this is different from the name in the config file we are parsing in the compilation stage) by parsing the applets.h file from the include directory.

Finally, copy the applet to its correct location in the target build

Busybox is a GPL2 tool that is used in many embedded systems and linux distributions, it provides us with many useful tools that are easy to use, but in some cases when packaged in one binary file it can increase your security risks. By separating each applet to a different binary, we are able to maintain full functionally while reducing exposure to cyber risk.

Industrial (and automotive) build systems require adaptations to the generic process of separating each applet to a different binary and some stages need to be customized to the specific build environment as illustrated in this document.

Related posts:

The so-called Panama Papers exposed 2.6 TB of information that threatened the reputations and privacy of many of the world’s richest and most powerful figures. If you thought this kind of incident…

The origin of life has fascinated humanity for thousands of years. Science fiction has had an absolute field day depicting various ideas regarding our origin. A wide array of beliefs from pure…

Mientras pienso el título de esta reflexión, siento que no puedo soslayar qué interrogantes nos plantea el deseo de ser paritarias en este siglo 21 atravesado por una pandemia global e instituyente…