To enable SMACK support, we need to configure the Linux kernel as explained in the Configuring the Linux kernel section in Chapter 2, The BSP Layer. We can add the following changes to the Wandboard's defconfig in a bbappend to the Linux kernel recipe:

+CONFIG_SECURITY=y 
+CONFIG_SECURITY_SMACK=y 
+CONFIG_AUDIT=y 

Refer to the source code distributed with the book for further details.

The meta-security-smack layer, part of meta-intel-iot-security, enables SMACK support on a Yocto image. To use it, first we need to clone it into the sources directory:

$ cd /opt/yocto/fsl-community-bsp/sources
$ git clone git://github.com/01org/meta-intel-iot-security  

Then we also need to add it to our conf/bblayers.conf, as described in the Creating a custom BSP layer section in Chapter 2, The BSP Layer by adding the following:

+  ${BSPDIR}/sources/meta-intel-iot-security/meta-security-smack    

We then need to configure our conf/local.conf file to use it as follows:

OVERRIDES .= ":smack" 
DISTRO_FEATURES_append = " smack" 

We will also install some extra user space applications to work with SMACK:

CORE_IMAGE_EXTRA_INSTALL += "coreutils smack-userspace" 

Finally, we can build our core image of choice.