Composing Reliable Systems with Virtualization and the Yocto Project: The vendor kernel is dead. Long live secured vendor kernels
2020-10-29 , Intermediate Room

Surrounded by legacy requirements and motivated attackers, can you use mainline kernels for new security protections, without risking application compatibility? Yocto Project’s meta-virtualization layer maintains hypervisors that can isolate bare-metal kernels from workload-tailored, virtual-hardware kernels.

Virtualization enables strong isolation via robust, narrow interfaces, to run efficient, multi-layered systems on hardware and software platforms from diverse sources.

We show how to assemble fully integrated systems with YP, with multiple hypervisors -- Xen, KVM and ACRN -- as interchangeable components under build configuration control, with a selection of from-source and binary-distro guests, to run on hardware from Intel, AMD and Arm.


As an expert in your industry, you have designed a world-class software application to help your customers bring their existing business to fast-moving digital frontiers.

YP provides flexible, powerful and efficient tooling to build full system images from source, with security-supported Open Source components. Manifests of source metadata, with layered patch management and reproducible builds enable control over the supply chain of every bit that you deploy.

You will learn the workflow, layers and tooling for composing reliable systems with virtualization, using modern mainline kernels to meet the critical security requirements of your hardware platform while retaining the application compatibility you need.

See also:

Tim Orling is a senior software engineer in the Internet of Things Group (IOTG) and the Yocto Project Architect for Intel. Tim joined Intel in early 2016 and currently works on the High-velocity Silicon Platform Engineering (HSPE) team, after many years as a volunteer developer for OpenEmbedded and the Yocto Project. He has been an open source software and embedded hardware enthusiast for many years. He taught in a university setting for more than 5 years and has given many well-received training sessions and technical talks at conferences. Tim has a fascination with all things fermented and microbiological (homebrewing, cider-, wine-, and cheese-making, kefir, kombucha, lacto-fermented anything). Tim is an avid gardener, recovering mountain biking addict and has been known to sing and play guitar on occasion. He looks forward to his 28 chili pepper plants producing a bumper crop this year.

This speaker also appears in:

Christopher Clark is a software consultant working on Open Source virtualization and security technologies with Xen, OpenXT and Linux. He is the maintainer of the Argo inter-domain communication subsystem of the Xen hypervisor, Xen's recipes in the Yocto meta-virtualization layer and a member of the OpenEmbedded Project.