== Clean the console and output to serial == Into **/etc/inittab**: Comment: # TERMINALS #x1:12345:respawn:/sbin/agetty 38400 console linux #c1:12345:respawn:/sbin/agetty 38400 tty1 linux #c2:2345:respawn:/sbin/agetty 38400 tty2 linux #c3:2345:respawn:/sbin/agetty 38400 tty3 linux #c4:2345:respawn:/sbin/agetty 38400 tty4 linux #c5:2345:respawn:/sbin/agetty 38400 tty5 linux #c6:2345:respawn:/sbin/agetty 38400 tty6 linux And set: s0:12345:respawn:/sbin/agetty -L 115200 ttymxc0 linux == Other files == * Set the correct entry into **/etc/fstab** with /dev/mmcblk0pX in case of uSD * Set your password into **/etc/shadow** * Add your ssh key * /etc/ssh/sshd_config put: * Banner none * AllowUsers root * #AcceptEnv LANG LC_* * AllowAgentForwarding no * AllowTcpForwarding no * GatewayPorts no * X11Forwarding no * PermitRootLogin yes * StrictModes yes * RhostsRSAAuthentication no * HostbasedAuthentication no * AuthorizedKeysFile .ssh/authorized_keys * Edit and set your network configuration * /etc/resolv.conf nameserver 8.8.8.8 options timeout:1 * Into **/etc/portage/make.conf** put: CHOST="armv7a-hardfloat-linux-gnueabi" CFLAGS="-O2 -pipe -mfpu=vfpv4 -mfloat-abi=hard -march=native -mtune=native" CXXFLAGS="${CFLAGS}" MAKEOPTS="-j2" PORTAGE_IONICE_COMMAND="ionice -c 3 -p \${PID}" PORTAGE_NICENESS="19" FEATURES="parallel-fetch sandbox fail-clean noman noinfo nodoc" PORTAGE_RSYNC_EXTRA_OPTS="-z --compress-level=9 -4 --exclude=/metadata/md5-cache -- exclude=/metadata/cache" LC_MESSAGES=C CURL_SSL="openssl" PYTHON_SINGLE_TARGET="python2_7" PYTHON_TARGETS="python3_4 python2_7" U_DEVICES="custom-cflags custom-cxxflags" U_SYSTEM="ipv6 hardened glibc-omitfp cxx minimal nptl zlib threads lzma xz xtpax xattr openrc inotify openmp" USE="-* ${U_DEVICES} ${U_SYSTEM}" INPUT_DEVICES="keyboard" PAX_MARKINGS="XT" * echo 'en_US.UTF-8 UTF-8' > /etc/locale.gen * Content of **/etc/portage/package.use**: app-editors/nano -minimal app-shells/bash readline dev-lang/python xml ssl net-analyzer/wireshark netlink pcap net-dns/dnsmasq -dhcp -id -inotify net-misc/wget ipv6 zlib ssl sys-apps/openrc netifrc sys-apps/net-tools arp hostname sys-apps/iproute2 -minimal sys-apps/kmod tools sys-apps/hwids udev pci net usb sys-fs/cryptsetup kernel sys-process/procps ncurses == System packages == * emerge --sync * emerge -DaNuv world * emerge -av hdparm parted iptables dnsmasq ethtool app-misc/screen gentoolkit u-boot-tools net-analyzer/nmap net-misc/bridge-utils net-misc/dhcp net-misc/dibbler net-misc/iperf net-misc/quagga net-misc/radvd net-misc/telnet-bsd sys-power/cpupower sys-process/vixie-cron net-misc/ntp syslog-ng * Set the hostname * /etc/conf.d/ip* SAVE_ON_STOP="no" * rc-update del keymaps boot;rc-update del netmount;rc-update del termencoding boot * rc-update add iptables boot default;rc-update add ip6tables boot default * cp /usr/share/zoneinfo/America/La_Paz /etc/localtime == Firewall == {{ :iot-gate-imx7-iptables.txt |}} {{ :iot-gate-imx7-ip6tables.txt |}} == /etc/sysctl.conf == net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.all.rp_filter = 1 net.ipv4.tcp_syncookies = 1 net.ipv4.icmp_echo_ignore_broadcasts = 1 kernel.panic = 3 net.ipv6.conf.all.accept_ra=0 net.ipv4.ip_forward = 1 net.ipv6.conf.all.autoconf=0 net.ipv6.conf.default.autoconf=0 net.ipv6.conf.all.accept_ra_defrtr = 0 net.ipv6.conf.default.accept_ra_defrtr = 0 net.ipv6.conf.all.accept_ra = 0 net.ipv6.conf.default.accept_ra = 0 net.ipv4.conf.all.accept_source_route=0 net.ipv4.conf.default.accept_source_route=0 net.ipv4.conf.all.accept_redirects=0 net.ipv4.conf.default.accept_redirects=0 net.ipv4.conf.all.secure_redirects=0 net.ipv4.conf.default.secure_redirects=0 Into the **/etc/fstab** none /tmp tmpfs defaults,nosuid,size=32M,mode=1777 none /var/tmp tmpfs defaults,nosuid,size=128M,mode=1777 none /var/lib/ntp tmpfs defaults,nosuid,size=32M,mode=755,uid=123,gid=123 none /var/spool/cron/lastrun tmpfs defaults,nosuid,size=1M,mode=750 == Tweak == /etc/local.d/baselayout1.start echo -e "\033[9;0]" >/dev/console echo 5 > /proc/sys/vm/laptop_mode echo 10 > /proc/sys/vm/swappiness /usr/bin/cpupower frequency-set -g ondemand