Yocto Project Dev Day at OSS/ELC-E 2024
👍
Best practises when creating a new BSP.
Every Yocto developer has experienced it: a minor change in a recipe triggers a bunch of other recipes to be rebuilt. What if we could prevent other recipes from being rebuilt each time? The Yocto community has been wanting a solution for this for years, and now it’s here! Enter bblock. With bblock, you can lock recipes - and even a single task inside a recipe - to prevent them from being rebuilt. Knowing how to use bblock will help you save a lot of development time in all your Yocto based projects!
In this presentation, we will explore practical security measures for embedded
systems using Trusted Execution Environment (TEE) and its secure storage
implementations. We will cover the benefits of TEEs, the idea of a root of
trust, and share insights from our experience of integrating it within our
Yocto-based Secure Embedded Linux distribution, Zarhus OS. Attendees will gain
practical hints and tools to enhance the security of their embedded systems.
Let's distill the usefulness of our Yocto and Docker session for fellow embedded developers into a succinct description:
-
Efficiency and Consistency:
- By adopting Docker for Yocto builds, developers ensure consistent environments across teams.
- No more time wasted troubleshooting host-specific issues—Docker provides a stable foundation. -
Collaboration Made Easy:
- Docker images can be shared effortlessly. Colleagues can jump into the same build environment without setup hassles.
- Collaborative development becomes smoother and more productive. -
Reproducible Builds:
- Docker containers encapsulate dependencies, ensuring that builds are reproducible.
- Say goodbye to "it works on my machine" scenarios. -
Avoiding Host System Pitfalls:
- Docker isolates Yocto builds from host system changes.
- Developers can focus on the project, not system quirks. -
Live Demo: Real-World Application:
- Our BeaglePlay demo showcases practical usage of Yocto and Docker.
- Attendees will witness the power of this approach firsthand.
Arguments for and against using AUTOREV in Yocto-based projects
Ensuring atomic software system updates for embedded Linux devices is crucial, especially nowadays with the fleets of connected devices and Internet of Things (IoT). Various open-source solutions, based on the dual A/B redundant scheme, are widely used in the industry. This talk will provide a detailed exploration of Mender, RAUC, and swupdate, comparing them on the same hardware platforms. We'll discuss their advantages and disadvantages and how to select the most appropriate open-source solution for specific projects.
This session will cover practical examples of integrating Mender, RAUC, and swupdate using the Yocto Project and OpenEmbedded on Raspberry Pi 5 and the Olimex I.MX8MP SoM and evaluation board. To understand the strengths and weaknesses of each technology, we will delve into various use cases and practical examples, concluding with a side-by-side comparison.
This talk is suitable for anyone with a basic knowledge of the Yocto Project, OpenEmbedded and embedded Linux. It aims to help managers, engineers, and developers better understand the technical challenges and the available open-source A/B update solutions, enabling them to overcome these challenges more efficiently and focus on the unique core features of their products.
Building embedded systems with Yocto on ARM platforms is a common practice, but when the products move further to the edge and become less "embedded," new challenges arise. In this session, we will explore the requirements and challenges faced when developing Yocto-based systems for edge computing based on Intel.
We will dive into topics such as provisioning x86-based platforms, securely managing Linux user logins on a read-only root file system with enforced password changes, and implementing A/B updates together with secure boot. Real-world project requirements will be used as a guide to discuss practical solutions and best practices for addressing these challenges.
Abstract, but not virtual.
👋