Beyond the Release: Managing Long-Term Risk and Compliance in Embedded Linux with Yocto

The embedded systems of the future will be judged by their long-term resilience and security. For many manufacturers, however, the shift from a product release to continuous lifecycle management is a significant operational hurdle.
Regulations like the EU’s Cyber Resilience Act (CRA) are formalizing this challenge, demanding ongoing vulnerability management and creating a backdraft of responsibility that impacts the entire supply chain.

This presentation highlights that a robust and reproducible build system is the cornerstone of any sustainable product strategy in this new environment. It will explore how the Yocto Project provides the essential framework for building future-proof and maintainable systems.
The discussion will cover how its architecture enables the critical features needed to manage long-term risk: full-stack patchability for targeted CVE fixes, reproducible builds for maintaining legacy devices, and automated Software Bill of Materials (SBOM) generation for regulatory transparency.
Attendees will gain actionable strategies for implementing lifecycle-aware embedded development and transforming existing product portfolios to meet evolving regulatory requirements.

Your Vendor's BSP Is Probably Not Built For Product Longevity - Now What?

Vendor Board Support Packages (BSPs) are the standard for bringing new silicon to market, showcasing features, and promising an “easy” start. However, for those of us building products with long-term lifecycles, these BSPs often fail to meet quality requirements. They can be overly intrusive and typically don’t separate feature showcases from the well-maintained base needed for product development. This focus on rapid demonstration frequently results in BSPs which are difficult to maintain, lack transparency, and are built on non-LTS Yocto and kernel versions, making them unsuitable for products expected to last 5, 10, or even 20 years.

Yocto Vendor BSPs - The good, the bad, the ugly

Vendor Board Support Packages (BSPs) promise a quick start, but we all know the reality: a tangled mess of demo apps, weird custom tools, and an old, unmaintained kernel. This is a nightmare for products that need to live longer than a demo on the developer’s desk.

In this talk, we get our hands dirty. Forget the polished slides; we’re going to take a live, no-holds-barred look at some real-world vendor BSPs to see the common pain points firsthand. From there, we’ll discuss what we actually need from a BSP for a production device and explore the tipping point where setting up your own clean foundation becomes the smarter choice for building products that are meant to last.

Building Trust - Use Cases and Implementation of TPM 2.0 in Embedded Linux Systems

Artwork by: Sparkelle (Yan) — Licensed under Creative Commons BY-SA 4.0

As embedded systems become increasingly interconnected, the demand for robust platform security and integrity has surged. Trusted Platform Modules (TPM), currently in version 2.0, are becoming increasingly beneficial for enhancing security in embedded systems. TPMs provide hardware-backed mechanisms for critical functions such as random number generation, cryptographic key generation, key binding and data sealing.

This presentation will explore the capabilities of TPM 2.0, focusing on several practical use cases, including:

Patching Unpatchable Files

In the Yocto world, the .bbappend file is a well-known and documented mechanism for altering recipe files, and an essential part of daily operations. While not common, there are instances where it becomes necessary to modify other file types, such as .inc or .bbclass, which do not offer an equivalent append mechanism. This session will summarize various strategies for effectively handling these file types when patching cannot be avoided.

Yocto on the Edge - Unusual challenges when building not so embedded systems

Building embedded systems with Yocto on ARM platforms is a common practice, but when the products move further to the edge and become less “embedded,” new challenges arise. In this session, we will explore the requirements and challenges faced when developing Yocto-based systems for edge computing based on Intel.

We will dive into topics such as provisioning x86-based platforms, securely managing Linux user logins on a read-only root file system with enforced password changes, and implementing A/B updates together with secure boot. Real-world project requirements will be used as a guide to discuss practical solutions and best practices for addressing these challenges.

Advanced System Profiling, Tracing and Trace Analysis with Perfetto in Android and Yocto

Embedded World 2024

Android Automotive OS: A short introduction into Google's AAOS

Android, or the Android Open Source Project (AOSP), is primarily known from the smartphone market. What is less well known, however, is that the AOSP also provides a good basis for embedded systems and ensures a pleasant reading experience on eReaders, for example.

Google is now increasingly pushing into the automotive sector with Android Automotive. But what exactly is Android Automotive or the Android Automotive Operating System (AAOS)? How does it differ from Android or the AOSP? And what are the advantages over classic operating systems for infotainment?

USB Updates - Challenges, Approaches and Practical Tips

Over-the-air updates have established themselves as the standard for networked devices, but the effort involved in operating the server side is not always commensurate with the benefits. In such cases, the supposedly simple and quick solution of implementing updates via USB is often chosen. But is it really always that uncomplicated? What considerations are necessary to implement USB updates effectively?

This presentation provides an insight into the challenges of USB updates and presents solutions and practical tips for successful implementation. Find out which aspects need to be considered in order to optimize USB updates and ensure a smooth process

LoRaWAN in theory and practice: A trip through Munich

LoRaWAN (Long Range Wide Area Network) is becoming increasingly popular, thanks in part to public networks such as The Things Network, which allow users to dispense with their own gateways. LoRaWAN also promises potential in terms of range and energy efficiency. But how does the standard perform in practice?

The aim of the presentation is to shed light on the technical background and demonstrate how practicable LoRa is in the field using real tests. It will be shown how the standard behaves in urban and rural areas, how differences in height of the gateway and different antennas influence the transmission quality.

Building a Yocto Pipeline with KAS, GitHub Actions and AWS

Using KAS makes handling Yocto Projects easy. By shipping its own container with all needed dependencies, building sophisticated CI pipelines becomes pretty easy - in theory, or when using Gitlab. But using GitHub as a code hosting platform with self-managed Action runners on AWS comes with a set of unexpected challenges.
Anna-Lena will talk about her quest through GitHub Actions, the Cloud and how to tame them. The talk aims to point the audience to the obstacles when building CI pipelines for the Yocto Project with KAS, GitHub Actions, and custom action runners on AWS and strategies to handle them.

Building Embedded Systems with AOSP

In our community, building embedded systems based on Linux, e.g. with Yocto or buildroot, is standard and well known. Considering Android, respectively the AOSP as a base system feels strange at the beginning as it is a huge ecosystem that implies high system requirements. Of course, embedded Android is not a solution for each issue. Nevertheless, the AOSP provides a sophisticated base platform which is packed with a

• modern UI stack
• robust media and camera implementation
• modern AI runtime
• well known abstraction between system and app development
• energy optimization

and lots of other helpful infrastructure.
This makes AOSP an interesting approach for building more complex embedded systems.

How a modern Yocto setup could look like

In 2015, we built a sophisticated meeting room information system based on Android Things as a student project. As Android Things was deprecated in 2021, we started to use our Yocto Project experience to develop a maintainable, future proof embedded system.

When setting up a new project from scratch, we focused on proper solutions for

• a maintainable, well supported and patchable build environment for the embedded systems
• version control, reproducible builds and continuous integration
• license management
• a secure and stable update mechanism on image base and
• managing releases The talk aims to show how we build a system that matches our requirements using the Yocto Project, KAS, Gitlab CI, and Mender.io. Besides, we will have a short outlook to the application built in Flutter.

Presented at

• Yocto Project Summit 2022.11, virtual, 2022
• buildingIoT, Munich, 2023

Raspberry Pi für die professionelle Produktentwicklung - Eine gute Idee?

Maschinen und Geräte durch Vernetzung und Software aufzuwerten ist ein Kerngedanke des IoT. So werden die resultierenden Projekte häufig aus der Fachdomäne mit dem Wunsch nach schnellen und einfachen Erfolgen gestartet. Die Idee liegt dann nahe den beliebten Raspberry Pi als Basis zu nutzen. Das Gerät ist ja bekannt, fast alles wurde schon einmal von irgendwem gemacht und ins Netz gestellt. Klingt fast zu schön, um wahr zu sein - ist es auch aus professioneller Sicht. Die Gründe hierfür und welche Faktoren bei der Entscheidung für eine Hard- und Software-Plattform als Basis für ein IoT Produkt berücksichtigen werden sollten, sind Inhalt des Vortrags.