When you hear 'systemd' most people perceive it as an init manager. Perhaps initially it was the goal, but over time it became much more than that. In this talk Vyacheslav will discuss how it fits into Open Embedded build infrastructure, pitfalls and best practices.

The Cyber Resilience Act mandates security for all embedded products. This includes secure-by-default configuration, a mandatory update mechanism, and more.

The Yocto Project allows easy assembly of building blocks and the creation of a CRA-compatible product, but this will require user intervention, setup, and additional recipes. Each vendor can do it on their own, or we can mutualize the effort and work together.

This session will be an occasion to discuss creating an easy-to-use, CRA-compatible configuration. Marta will remind us of the CRA requirements, and then we will discuss various features, starting from compiler options and user setup by logging and auditing to secure boot and updates.

All Yocto branches under active maintenance, in addition to any patches proposed on the mailing lists, are built on the Yocto autobuilder. The Yocto SWAT team is responsible for monitoring build failures, doing a first investigation of their causes, logging the issues, and notifying the relevant
owners.

In this session, Mathieu will outline tasks and processes of the SWAT team, along with the tooling and recent improvements.

We've been using a pull request (PR) workflow with GitHub Actions for public OpenEmbedded layers such as meta-rauc, meta-labgrid and the LXA TAC BSP for years. This approach enhances visibility via GitHub, simplifies onboarding for new contributors, and provides automated feedback through CI, reducing maintainer workload.

Due to concerns with build-testing untrusted code, we were using GitHub's hosted runners with regular SSTATE pre-building on a separate server. This limited performance, especially for PRs changing global config variables, and made the PR workflow less smooth than it could be. To address this, we implemented a custom runner which uses QEMU on self-hosted hardware to run ephemeral VMs. SSTATE and DL_DIR can be read from the host, balancing build speed with security.

There is sometimes a disconnect between the deployment of containers
and virtualization in the ecosystem versus how the development of the
base technology has considered. Just because something is possible,
doesn't mean it is a best practice, or even something that should be
done. Similarly something that seems like an easy starting point may
not be the right solution for the longer term.

Over the past year there have been significant changes to
meta-virtualization that are intended to close the gap between
development and creators using the layer. These changes also attempt
to encode guidance and best practices into the recipes (and layer)
while continuing to provide base technologies for any number of
container/virtualization solutions.

This talk will be both a status update and also provide a closer look
at the motivations behind the changes and use casees of
meta-virtualization. It will provide some concrete examples of how
containers and virtualization deployment has been enhanced and finish
with the plans to complete some long standing features.

A brief retrospective on the Yocto release cadence and is it working for everyone.

Projects based on OpenEmbedded that are expected to have long lifetimes need to be prepared for updates that may outlast the LTS lifespans. The relatively recent change of LTS lifetime to 4 years is a huge step and makes life easier for many developers. However, there are many industries where the lifetimes are longer than that. Developers in these scenarios need to make decision early in their development regarding how they are going to support these systems after the community support has ended. In this talk we will discuss options for handling this and present some real-life projects we have seen that have faced this issue. After this talk, attendees will be better equipped to start discussions with their own teams to decide the right approach for them.

With OpenEmbedded, the Yocto Project and official layers, there is wide support for many embedded boards. However, such support usually comes with specific versions of the Linux kernel and the bootloader.

In this presentation, I will share 2 or 3 examples in which I replaced the default kernel and bootloader versions by newer mainline versions. That's handy for contributors to the kernel or bootloader projects, or for embedded system developers, who want to test the bleeding edge upstream versions and still take advantage of the OpenEmbedded and Yocto tooling and layer ecosystem to generate full featured images with exhaustive userspace stacks.

This talk explores various methods for patching a bootloader, focusing on the patching process rather than the specific changes made.
We will compare different approaches (devshell, devtool, manually navigating build directories) and how the combine with external tools for patching (git, quilt) and dealing with Kconfig configuration (menuconfig, config fragments, defconf).
The aim is to leave attendees with a sense of clarity that there are indeed a multitude of options to achieve the same goal.

There are many tools and utilities provided with Poky that hide in plain sight!
All too often we can sit at the keyboard pulling our hair out when the tool to help is right there begging to be used.

Software Bill of Materials have become an increasing important factor is software development. In alignment with this, OpenEmbedded has had support for generating high quality SBoMs for some time, but there is still room for new features and improvements