Designing and building embedded firmware can be complex, with all its dependencies and spaghetti makefiles that have not been touched for decades. Despite these common complexities, establishing a foundation to build secure software starts with the hardening of the platform and toolchain. Many Embedded Linux devices use BusyBox which contains common GNU utilities. There are certain configurations to be made to BusyBox and also updates for it as well. In addition to BusyBox, embedded frameworks, and toolchains should be modified to only those libraries and functions being used when configuring firmware builds. RTOS systems often have POSIX utilities available as well but configured by SoC, MCU, and chip vendors who have modified versions of common utilities. Embedded Linux build systems such as Buildroot, Yocto, and others perform the task of setting up and configuring the toolchain environment. Removal of known insecure libraries and protocols such as Telnet not only minimize attack entry points in firmware builds, but also provide a secure-by-design approach to building software an effort to thwart potential security threats. In this recipe, we will show how to use Buildroot to select and deselect network services and configurations.