2025-05-16 –, Promenade 1
Back in the day, we sometimes found ourselves in the development phase with a Linux image that was running perfectly and meeting all functional requirements. But when it came time to move it to production, install it on products, and ship it to end users, we suddenly realized that passwords needed to be changed and some developer tools had to be removed because they were unnecessary and could potentially aid attackers.
This is where dual images come into play.
Using the Yocto Project as a case study, we will share best practices for configuring and deploying dual images:
- development images with interactive tools for software engineers,
- and streamlined, secure production images for end-user deployment.
We will focus on how to maintain consistency between images, avoid common pitfalls like filesystem configuration and shell interpreter differences, and minimize security risks in production environments.
Starting as an embedded software developer, Pierre GAL has spent 20 years supporting equipment manufacturers in their software development efforts. Currently, Pierre leads the technical developments of The Embedded Kit, an ecosystem of software solutions designed to provide device manufacturers with the tools and knowledge needed to build, connect, test, and secure their embedded Linux systems, all without vendor or provider lock-in.