Beyond the Release: Managing Long-Term Risk and Compliance in Embedded Linux with Yocto
- Anna-Lena Marx
- Embedded , Conferences
- April 14, 2026
The embedded systems of the future will be judged by their long-term resilience and security. For many manufacturers, however, the shift from a product release to continuous lifecycle management is a significant operational hurdle.
Regulations like the EU’s Cyber Resilience Act (CRA) are formalizing this challenge, demanding ongoing vulnerability management and creating a backdraft of responsibility that impacts the entire supply chain.
This presentation highlights that a robust and reproducible build system is the cornerstone of any sustainable product strategy in this new environment. It will explore how the Yocto Project provides the essential framework for building future-proof and maintainable systems.
The discussion will cover how its architecture enables the critical features needed to manage long-term risk: full-stack patchability for targeted CVE fixes, reproducible builds for maintaining legacy devices, and automated Software Bill of Materials (SBOM) generation for regulatory transparency.
Attendees will gain actionable strategies for implementing lifecycle-aware embedded development and transforming existing product portfolios to meet evolving regulatory requirements.
Presented at
- Embedded World Conference, Nuremberg, 2026-03-10
- EmBO++, Bochum, 2026-03-20
Related Posts
Building a Yocto Pipeline with KAS, GitHub Actions and AWS
- Anna-Lena Marx
- November 29, 2023
- Embedded , Conferences
Using KAS makes handling Yocto Projects easy. By shipping its own container with all needed dependencies, building sophisticated CI pipelines becomes pretty easy - in theory, or when using Gitlab.
But using GitHub as a code hosting platform with self-managed Action runners on AWS comes with a set of unexpected challenges.
Anna-Lena will talk about her quest through GitHub Actions, the Cloud and how to tame them.
The talk aims to point the audience to the obstacles when building CI pipelines for the Yocto Project with KAS, GitHub Actions, and custom action runners on AWS and strategies to handle them.
Building Embedded Systems with AOSP
- Anna-Lena Marx
- June 30, 2023
- Embedded , Conferences
In our community, building embedded systems based on Linux, e.g. with Yocto or buildroot, is standard and well known. Considering Android, respectively the AOSP as a base system feels strange at the beginning as it is a huge ecosystem that implies high system requirements. Of course, embedded Android is not a solution for each issue. Nevertheless, the AOSP provides a sophisticated base platform which is packed with a
- modern UI stack
- robust media and camera implementation
- modern AI runtime
- well known abstraction between system and app development
- energy optimization
and lots of other helpful infrastructure.
This makes AOSP an interesting approach for building more complex embedded systems.
LoRaWAN in theory and practice: A trip through Munich
- Anna-Lena Marx
- February 24, 2024
- Embedded , Conferences
LoRaWAN (Long Range Wide Area Network) is becoming increasingly popular, thanks in part to public networks such as The Things Network, which allow users to dispense with their own gateways. LoRaWAN also promises potential in terms of range and energy efficiency. But how does the standard perform in practice?
The aim of the presentation is to shed light on the technical background and demonstrate how practicable LoRa is in the field using real tests. It will be shown how the standard behaves in urban and rural areas, how differences in height of the gateway and different antennas influence the transmission quality.
Read Post