0.6 yocto-embedded-recipes-2026 2026-05-29 2026-05-29 1 00:05 https://pretalx.com Europe/Paris Mistral Talk 2026-05-29T09:00:00+02:00 09:00 00:20 In which we will welcome all attendees and kick off the day! yocto-embedded-recipes-2026-95609-good-morning-and-welcome Josef Holzmayr en false https://pretalx.com/yocto-embedded-recipes-2026/talk/DLFBCL/ https://pretalx.com/yocto-embedded-recipes-2026/talk/DLFBCL/feedback/ Mistral Talk 2026-05-29T09:20:00+02:00 09:20 00:30 Learn about the meta-riscv layer, its achievements, its lessons learned, its limitations and how you can help. yocto-embedded-recipes-2026-95008-meta-riscv-current-status-and-call-for-contributions Michael Opdenacker en The RISC-V architecture is now officially supported by the Yocto project, but like on most other architectures, OpenEmbedded Core only supports emulated QEMU targets. Support for real hardware boards is brought by the "meta-riscv" layer. Since his first contributions to the layer in October 2025, Michael Opdenacker has contributed to the addition of new boards, expanding or updating support for existing ones, and seen similar contributions from others too. This talk will cover the current status of "meta-riscv" in terms of board support, the challenges faced, and the lessons learned maintaining a layer supporting different SoCs at the same time (unlike what happens in the ARM world). It will also highlight multiple areas in which further contributions are needed. Even though the layer was created in 2017, it can still be considered as young, as it targets a booming hardware architecture, and offers many opportunities to get involved, for all levels of experience. In particular, if you have never contributed to Yocto, it's a perfect place to get started. New code doesn't have to be perfect to be accepted, and what matters is to make progress together. false https://pretalx.com/yocto-embedded-recipes-2026/talk/FABH7C/ https://pretalx.com/yocto-embedded-recipes-2026/talk/FABH7C/feedback/ Mistral Talk 2026-05-29T09:50:00+02:00 09:50 00:30 This talk presents meta-raspberrypi-secure, an open-source Yocto layer that turns a Raspberry Pi 4/5 into a production-grade security-hardened platform. We walk through a defense-in-depth architecture built entirely with OpenEmbedded tooling covering secure boot with signed boot images, Dmcrypt full-disk encryption with hardware-bound key derivation, IMA/EVM file integrity enforcement, dm-verity, kernel module signing, A/B atomic updates and kernel hardening options all with a single kas build command. yocto-embedded-recipes-2026-95374-building-a-security-hardened-raspberry-pi-image-with-yocto-from-secure-boot-to-secure-applications Ayoub Zaki en We will cover: * Secure boot: signing boot images with RSA-2048 and provisioning the RPi EEPROM * Full-disk encryption : Dmcrypt with hardware-bound key derivation (OTP HMAC), including in-place first-boot encryption. * System integrity using AVB dm-verity and IMA/EVM * OS hardening: kernel lockdown, firewall, USBGuard, audit rules, hardened mounts, and SSH certificate authority support * **dev** vs. **prod** security profiles managing security posture from a single layer configuration The talk includes a live demo on a Raspberry Pi 5 and closes with guidance on adapting the layer for your own rpi based products. Target audience: Yocto/OE developers and BSP engineers interested in practical embedded Linux security. [1] https://github.com/embetrix/meta-raspberrypi-secure false Presentation https://pretalx.com/yocto-embedded-recipes-2026/talk/9G3V3D/ https://pretalx.com/yocto-embedded-recipes-2026/talk/9G3V3D/feedback/ Mistral Talk 2026-05-29T10:35:00+02:00 10:35 00:20 Megan will survey the participants for pain points, and for tools that they love and others they would like to go. She will also share the actions that were taken and project items that got support thanks to feedback from earlier surveys. Your opportunity to speak up as a user or contributor! yocto-embedded-recipes-2026-95581-megan-s-polling Megan Knight en false https://pretalx.com/yocto-embedded-recipes-2026/talk/UTZAZQ/ https://pretalx.com/yocto-embedded-recipes-2026/talk/UTZAZQ/feedback/ Mistral Talk 2026-05-29T10:55:00+02:00 10:55 00:30 One of the key benefits of the Yocto Project is the ecosystem of layers providing reusable hardware support, software packages and configuration policy - saving you the work of re-implementing everything from scratch yourself. But with many layers available, there is an almost uncountable number of different combinations of layers that may be encountered in a Yocto Project build. The challenge is - how do we ensure that these different combinations will work as expected? The Yocto Project Compatible program and the `yocto-check-layer` script have been created to address this challenge. By following best practices and testing the compatibility of your layers, you can ensure that they work well in combination with the rest of the Yocto Project ecosystem. yocto-embedded-recipes-2026-92266-creating-yocto-project-compatible-layers Paul Barker en This talk will introduce the Yocto Project Compatible v3 program and the requirements for achieving Compatible status. It will explain how to run the `yocto-check-layer` scripts to test different types of layer and how best to automate this test within a CI/Autobuild system. Best practices to ensure layer compatibility will be discussed, building on my "Creating Friendly Layers" talks from past Yocto Project summits. The talk will finish with conclusions and future work which may be expected in these areas. false https://pretalx.com/yocto-embedded-recipes-2026/talk/CRHTUM/ https://pretalx.com/yocto-embedded-recipes-2026/talk/CRHTUM/feedback/ Mistral Talk 2026-05-29T11:40:00+02:00 11:40 00:30 The embedded systems of the future will be judged by their long-term resilience and security. For many manufacturers, however, the shift from a product release to continuous lifecycle management is a significant operational hurdle. Regulations like the EU's Cyber Resilience Act (CRA) are formalizing this challenge, demanding ongoing vulnerability management and creating a backdraft of responsibility that impacts the entire supply chain. This presentation highlights that a robust and reproducible build system is the cornerstone of any sustainable product strategy in this new environment. It will explore how the Yocto Project provides the essential framework for building future-proof and maintainable systems. The discussion will cover how its architecture enables the critical features needed to manage long-term risk: full-stack patchability for targeted CVE fixes, reproducible builds for maintaining legacy devices, and automated Software Bill of Materials (SBOM) generation for regulatory transparency. Attendees will gain actionable strategies for implementing lifecycle-aware embedded development and transforming existing product portfolios to meet evolving regulatory requirements. yocto-embedded-recipes-2026-95233-beyond-the-release-managing-long-term-risk-and-compliance-in-embedded-linux-with-yocto Anna-Lena Marx en false Slides https://pretalx.com/yocto-embedded-recipes-2026/talk/XJGTFB/ https://pretalx.com/yocto-embedded-recipes-2026/talk/XJGTFB/feedback/ Mistral Talk 2026-05-29T12:10:00+02:00 12:10 00:30 Over the years, I've been working on automating as much testing as possible for GNURadio based images for various pieces of hardware. This is a fairly complex application with many dependencies so there are many sources of potential failure. This talk shows how to automate the build and test process. yocto-embedded-recipes-2026-94800-from-source-to-hardware-hands-off-continuous-integration-to-hardware Philip Balister en Testing the final product helps protect against regressions in the software stack. Testing strategies evolved from manual tests, to Jenkins and qemu, and finally to gitlab ci and on hardware testing. This talk focuses on using gitlab CI and labgrid to build and test images on real hardware without any manual steps. false Slides https://pretalx.com/yocto-embedded-recipes-2026/talk/89DDPP/ https://pretalx.com/yocto-embedded-recipes-2026/talk/89DDPP/feedback/ Mistral Talk 2026-05-29T13:55:00+02:00 13:55 00:30 We build the kernel so systems behave predictably. For most servers, desktops, and laptops, the default architecture defconfig is “good enough.” Embedded boards and mobile devices are different: they often rely on device-specific configuration fragments maintained out-of-tree, and even a “close-to-mainline” kernel can require a bespoke fragment just to boot reliably. Meanwhile, selecting a mainline kernel with “similar” support frequently yields only partially working hardware. yocto-embedded-recipes-2026-94623-config-fragments-cure-or-curse David Heidelberg en false https://pretalx.com/yocto-embedded-recipes-2026/talk/39YTU9/ https://pretalx.com/yocto-embedded-recipes-2026/talk/39YTU9/feedback/ Mistral Talk 2026-05-29T14:25:00+02:00 14:25 00:30 This presentation tries to make the case to add APK to eventually remove IPK/OPKG from Openembedded. yocto-embedded-recipes-2026-95018-the-case-for-the-apk-package-format Rouven Czerwinski en Openembedded Core currently supports several package archive formats: - DEB created by debian - RPM created by Red Hat - IPK from NSLU2 Optware Both DEB and RPM are well supported by their respective communities, while the IPK format is supported nowadays by the opkg package manager. The opkg package manager however is not that well supported any more. The OpenWRT project which heavily used opkg before has since moved on to use the Alpine Linux Package Keeper (APK) format. This talk explores the existing package manager integration within OE core and will try to provide an initial investigation on how to add APK to Openembedded Core. false https://pretalx.com/yocto-embedded-recipes-2026/talk/SJ7KDU/ https://pretalx.com/yocto-embedded-recipes-2026/talk/SJ7KDU/feedback/ Mistral Talk 2026-05-29T15:10:00+02:00 15:10 00:30 The EU Cyber Resilience Act (CRA) and U.S. Executive Order 14028 have transformed Software Bills of Materials (SBOMs) from optional documentation into mandatory compliance artifacts. However, most Yocto-based projects generate SBOMs without cryptographic signatures, leaving them vulnerable to tampering to bypass security reviews. An unsigned SBOM provides transparency but not integrity or authenticity. This talk introduces a drop-in Yocto layer that automatically signs every generated SBOM using Cosign (from the Sigstore project) and enables downstream users, customers, and auditors to cryptographically verify SBOM authenticity. Developers simply add the layer and configure a signing key every image build then produces a signed SBOM alongside standard artifacts. The solution integrates seamlessly with existing workflows and requires no changes to application code. Attendees will learn how to implement end-to-end SBOM signing in their Yocto projects and provide customers with cryptographic proof that their SBOMs are authentic and unmodified. yocto-embedded-recipes-2026-95357-securing-the-software-supply-chain-automated-sbom-signing-in-yocto Yogesh Hegde en false https://pretalx.com/yocto-embedded-recipes-2026/talk/QFK9UH/ https://pretalx.com/yocto-embedded-recipes-2026/talk/QFK9UH/feedback/ Mistral Talk 2026-05-29T15:40:00+02:00 15:40 00:30 The world is focusing more on secure systems. When maintaining a Linux distribution, there is a challenge between stability and security corrections. While released versions must not break backward compatibility, they must remain secure. Some components provide patch releases but sometimes they add features that break things. This talk presents the latest changes that we made to enable Yocto Auto Upgrade Helper [1] to be compatible with Yocto Scarthgap LTS, update patched versions automatically, and add changelog information. Then in combination with the update on the layer meta-binaryaudit [2], we can validate that the version upgrade does not have any ABI changes and therefore be backward compatible. This combination can allow the Yocto Project or distributions teams to update components more frequently on stable branches and be more secure but backward compatible. References: [1] https://git.yoctoproject.org/auto-upgrade-helper/ [2] https://github.com/Nordix/meta-binaryaudit/ yocto-embedded-recipes-2026-95342-automatically-updating-stable-releases-with-auto-upgrade-helper-and-meta-binaryaudit Daniel Turull en false https://pretalx.com/yocto-embedded-recipes-2026/talk/C7M9PZ/ https://pretalx.com/yocto-embedded-recipes-2026/talk/C7M9PZ/feedback/ Mistral Talk 2026-05-29T16:10:00+02:00 16:10 00:30 We all know meta-st-stm32mp and we already covered how it is developed and how we can optimize it for a specific project use. Recently in the scarthgap-r3 release of ST, lot has changed and no backward-compatibility is now available. This talk is about the bad practices of maintaining a BSP layer and how we should always do not forget about the community expectations. yocto-embedded-recipes-2026-95463-how-to-not-maintain-a-bsp-layer Talel BELHAJSALEM en false https://pretalx.com/yocto-embedded-recipes-2026/talk/M9AX7Q/ https://pretalx.com/yocto-embedded-recipes-2026/talk/M9AX7Q/feedback/