Linux

Beyond the Release: Managing Long-Term Risk and Compliance in Embedded Linux with Yocto

Beyond the Release: Managing Long-Term Risk and Compliance in Embedded Linux with Yocto

The embedded systems of the future will be judged by their long-term resilience and security. For many manufacturers, however, the shift from a product release to continuous lifecycle management is a significant operational hurdle.
Regulations like the EU’s Cyber Resilience Act (CRA) are formalizing this challenge, demanding ongoing vulnerability management and creating a backdraft of responsibility that impacts the entire supply chain.

This presentation highlights that a robust and reproducible build system is the cornerstone of any sustainable product strategy in this new environment. It will explore how the Yocto Project provides the essential framework for building future-proof and maintainable systems.
The discussion will cover how its architecture enables the critical features needed to manage long-term risk: full-stack patchability for targeted CVE fixes, reproducible builds for maintaining legacy devices, and automated Software Bill of Materials (SBOM) generation for regulatory transparency.
Attendees will gain actionable strategies for implementing lifecycle-aware embedded development and transforming existing product portfolios to meet evolving regulatory requirements.

Read Post
Your Vendor's BSP Is Probably Not Built For Product Longevity - Now What?

Your Vendor's BSP Is Probably Not Built For Product Longevity - Now What?

Vendor Board Support Packages (BSPs) are the standard for bringing new silicon to market, showcasing features, and promising an “easy” start. However, for those of us building products with long-term lifecycles, these BSPs often fail to meet quality requirements. They can be overly intrusive and typically don’t separate feature showcases from the well-maintained base needed for product development. This focus on rapid demonstration frequently results in BSPs which are difficult to maintain, lack transparency, and are built on non-LTS Yocto and kernel versions, making them unsuitable for products expected to last 5, 10, or even 20 years.

Read Post
Yocto Vendor BSPs - The good, the bad, the ugly

Yocto Vendor BSPs - The good, the bad, the ugly

Vendor Board Support Packages (BSPs) promise a quick start, but we all know the reality: a tangled mess of demo apps, weird custom tools, and an old, unmaintained kernel. This is a nightmare for products that need to live longer than a demo on the developer’s desk.

In this talk, we get our hands dirty. Forget the polished slides; we’re going to take a live, no-holds-barred look at some real-world vendor BSPs to see the common pain points firsthand. From there, we’ll discuss what we actually need from a BSP for a production device and explore the tipping point where setting up your own clean foundation becomes the smarter choice for building products that are meant to last.

Read Post
Building Trust - Use Cases and Implementation of TPM 2.0 in Embedded Linux Systems

Building Trust - Use Cases and Implementation of TPM 2.0 in Embedded Linux Systems

Artwork by: Sparkelle (Yan) — Licensed under Creative Commons BY-SA 4.0

As embedded systems become increasingly interconnected, the demand for robust platform security and integrity has surged. Trusted Platform Modules (TPM), currently in version 2.0, are becoming increasingly beneficial for enhancing security in embedded systems. TPMs provide hardware-backed mechanisms for critical functions such as random number generation, cryptographic key generation, key binding and data sealing.

This presentation will explore the capabilities of TPM 2.0, focusing on several practical use cases, including:

Read Post
Advanced System Profiling, Tracing and Trace Analysis with Perfetto in Android and Yocto

Advanced System Profiling, Tracing and Trace Analysis with Perfetto in Android and Yocto

Together with my colleague Stefan Lengfeld.

Tracing is a capable mechanism for deep system analysis and profiling with a minimal overhead. By recording defined system events, in Linux but also Android, tracing can be used to analyze concurrency or latency issues, for example. Android’s systrace tool made it easy to analyze and correlate traces and events due to a graphical UI, in order to help developers identify performance bottlenecks. The successor to this advanced and convenient tool is called Perfetto. It’s available for pure Linux too, and part of Yocto (meta-oe) since Langdale now. In the talk, we’ll have a look into

Read Post