A/B Linux updates with RAUC and meta-rauc-community: now & in the futureLeon Anavi
RAUC is a safe and secure open source software solution for A/B updates of embedded Linux devices. It supports the Yocto Project and OpenEmbedded, Buildroot and PTXdist. Upgrades are performed through RAUC bundles which can be installed either through the network or using the old-fashioned way with a USB stick.
In 2020 layer meta-rauc-community was created to provide examples how to integrate the lightweight update client RAUC on various machines. Initially it supported Raspberry Pi. In 2021 the layer was moved to the RAUC organization in GitHub and over the time it was ported to new machine, including qemux86-64, sunxi (Allwinner) and NVIDIA Jetson TX2.
The presentation is appropriate for anyone interested in software upgrades. We will talk about the evolution of meta-rauc-community and provide guidelines for porting to new machines using Yocto and OpenEmbedded BSP layers.
Linux Kernel Booting Process (1) - For NLKBshimosawa
Describes the bootstrapping part in Linux and some related technologies.
This is the part one of the slides, and the succeeding slides will contain the errata for this slide.
Overview of the architecture of the Linux kernel, based on "Anatomy of the Linux Kernel" by M. Tim Jones (IBM Developerworks), http://www.ibm.com/developerworks/linux/library/l-linux-kernel/
A/B Linux updates with RAUC and meta-rauc-community: now & in the futureLeon Anavi
RAUC is a safe and secure open source software solution for A/B updates of embedded Linux devices. It supports the Yocto Project and OpenEmbedded, Buildroot and PTXdist. Upgrades are performed through RAUC bundles which can be installed either through the network or using the old-fashioned way with a USB stick.
In 2020 layer meta-rauc-community was created to provide examples how to integrate the lightweight update client RAUC on various machines. Initially it supported Raspberry Pi. In 2021 the layer was moved to the RAUC organization in GitHub and over the time it was ported to new machine, including qemux86-64, sunxi (Allwinner) and NVIDIA Jetson TX2.
The presentation is appropriate for anyone interested in software upgrades. We will talk about the evolution of meta-rauc-community and provide guidelines for porting to new machines using Yocto and OpenEmbedded BSP layers.
Linux Kernel Booting Process (1) - For NLKBshimosawa
Describes the bootstrapping part in Linux and some related technologies.
This is the part one of the slides, and the succeeding slides will contain the errata for this slide.
Overview of the architecture of the Linux kernel, based on "Anatomy of the Linux Kernel" by M. Tim Jones (IBM Developerworks), http://www.ibm.com/developerworks/linux/library/l-linux-kernel/
System Device Tree and Lopper: Concrete Examples - ELC NA 2022Stefano Stabellini
System Device Tree is an extension to Device Tree to describe all the hardware on an SoC, including heterogeneous CPU clusters and secure resources not typically visible to an Operating System like Linux. This full view allows the System Device Tree to be the "One true source" of the entire hardware description and helps to prevent the common (and hard-to-debug) problem of conflicting resources and system consistency. Lopper is an Open Source framework to parse and manipulate System Device Tree. With Lopper, it is possible to generate multiple traditional Device Trees from a single larger System Device Tree. This presentation will provide an overview of System Device Tree and will discuss the latest updates of the specification and tooling. The talk will illustrate multiple use-cases for System Device Tree with concrete examples, such as Linux running on the more powerful CPU cluster and Zephyr running on a smaller Cortex-R cluster. It will also show how to use Lopper to generate multiple traditional Device Trees targeting different OSes, not just Linux but also Zephyr/other RTOSes. Finally, an end-to-end demo based on Yocto to build a complete heterogeneous system with multiple OSes and RTOSes running on different clusters on a single reference board will be shown.
How to Choose a Software Update Mechanism for Embedded Linux DevicesLeon Anavi
How to Choose a Software Update Mechanism for Embedded Linux Devices
by Leon Anavi, Konsulko Group
Embedded Linux Conference NA 2022 and Open Source Summit NA 2022
Atomic software system update of an embedded Linux device has always been an important part of any product, especially nowadays with the existing large fleets of connected devices and Internet of Things. There are several different widely used in the industry approaches: A/B updates with dual redundant scheme, delta updates, container-based updates and combined strategies. Open source technologies such as Mender, RAUC and libostree based solutions implement these strategies and provide tools to manage updates of multiple devices. What are the advantages and disadvantages? How to choose an appropriate open source solution for a specific project? This session explores a number of different open source Linux software update technologies with practical examples for integrating them using the Yocto Project and OpenEmbedded. In order to better understand the strengths and weaknesses of each technology, we deep dive in various use cases. The talk is appropriate for anyone with basic knowledge about Linux. It will hopefully help managers, engineers and developers better understand the technical challenges and the available open source solutions with which to overcome them easier and faster so that they can focus on the unique core features of their products.
Boosting I/O Performance with KVM io_uringShapeBlue
Storage performance is becoming much more important. KVM io_uring attempts to bring the I/O performance of a virtual machine on almost the same level of bare metal. Apache CloudStack has support for io_uring since version 4.16. Wido will show the difference in performance io_uring brings to the table.
Wido den Hollander is the CTO of CLouDinfra, an infrastructure company offering total Webhosting solutions. CLDIN provides datacenter, IP and virtualization services for the companies within TWS. Wido den Hollander is a PMC member of the Apache CloudStack Project and a Ceph expert. He started with CloudStack 9 years ago. What attracted his attention is the simplicity of CloudStack and the fact that it is an open-source solution. During the years Wido became a contributor, a PMC member and he was a VP of the project for a year. He is one of our most active members, who puts a lot of efforts to keep the project active and transform it into a turnkey solution for cloud builders.
-----------------------------------------
The CloudStack European User Group 2022 took place on 7th April. The day saw a virtual get together for the European CloudStack Community, hosting 265 attendees from 25 countries. The event hosted 10 sessions with from leading CloudStack experts, users and skilful engineers from the open-source world, which included: technical talks, user stories, new features and integrations presentations and more.
------------------------------------------
About CloudStack: https://cloudstack.apache.org/
The Yocto Project and OpenEmbedded are often used for building custom GNU/Linux distributions for powering interactive kiosk and displaying HTML5 content.
Although Chromium is the most popular choice for a web browser, it is infamous for the long build time. In this presentation you will see a practical alternative approach using the surf web browser. Surf is a simple minimalist web browser based on WebKit2/GTK+ with interface that does not include any graphical control elements. It a perfect fit for a kiosk.
The presentation will offer the exact steps how to build a minimal GNU/Linux distribution with systemd, X11, openbox window manager and the Surf web browser. Furthermore, we will discuss practical examples for software over air updates of this simple distribution. Raspberry Pi 4 will be used as a reference hardware for all demonstrations.
This presentation is suitable for beginners. It will demonstrate a practical use of the Yocto Project/OpenEmbedded for a common use case, some tips and tricks as well as examples for selection systemd as init system and software over the air mechanism.
Summary of linux kernel security protectionsShubham Dubey
Linux kernel goes through very rapid changes each release. Over each release new protections and mitigations are added to make it more secure against different category of attacks. Unlike other platform, Linux security features are not advertise enough and most of the time limit to a mail thread. Since Linux is getting popular day by day in different sectors of industries, it is important for a researcher or an administrator to be aware about what protection it provide against sophisticated attacks targeting Linux kernel. In this session, I will take you through the different security features that Linux kernel has introduced over years and their limitations or bypasses. We will go though few demos to verify the working and bypasses of these protections. In the end I will discuss what is missing on Linux kernel that can be improved in future. This talk will help security researcher in identify the current Linux security protection and gaps presents in Linux kernel. With this knowledge they can tweak their product, for example an AV vendor working on Linux security need to be aware what protection is already present before working on something new. A developer dealing with Linux kernel development can also utilize this session to identify the security issues their code may hold and things they need to take care and ignore to make their modules or components secure
U-Boot, a boot loader for Embedded boards based on PowerPC, ARM, MIPS and several other processors, which can be installed in a boot ROM and used to initialize and test the hardware or to download and run application
code.
Note: When you view the the slide deck via web browser, the screenshots may be blurred. You can download and view them offline (Screenshots are clear).
System Device Tree and Lopper: Concrete Examples - ELC NA 2022Stefano Stabellini
System Device Tree is an extension to Device Tree to describe all the hardware on an SoC, including heterogeneous CPU clusters and secure resources not typically visible to an Operating System like Linux. This full view allows the System Device Tree to be the "One true source" of the entire hardware description and helps to prevent the common (and hard-to-debug) problem of conflicting resources and system consistency. Lopper is an Open Source framework to parse and manipulate System Device Tree. With Lopper, it is possible to generate multiple traditional Device Trees from a single larger System Device Tree. This presentation will provide an overview of System Device Tree and will discuss the latest updates of the specification and tooling. The talk will illustrate multiple use-cases for System Device Tree with concrete examples, such as Linux running on the more powerful CPU cluster and Zephyr running on a smaller Cortex-R cluster. It will also show how to use Lopper to generate multiple traditional Device Trees targeting different OSes, not just Linux but also Zephyr/other RTOSes. Finally, an end-to-end demo based on Yocto to build a complete heterogeneous system with multiple OSes and RTOSes running on different clusters on a single reference board will be shown.
How to Choose a Software Update Mechanism for Embedded Linux DevicesLeon Anavi
How to Choose a Software Update Mechanism for Embedded Linux Devices
by Leon Anavi, Konsulko Group
Embedded Linux Conference NA 2022 and Open Source Summit NA 2022
Atomic software system update of an embedded Linux device has always been an important part of any product, especially nowadays with the existing large fleets of connected devices and Internet of Things. There are several different widely used in the industry approaches: A/B updates with dual redundant scheme, delta updates, container-based updates and combined strategies. Open source technologies such as Mender, RAUC and libostree based solutions implement these strategies and provide tools to manage updates of multiple devices. What are the advantages and disadvantages? How to choose an appropriate open source solution for a specific project? This session explores a number of different open source Linux software update technologies with practical examples for integrating them using the Yocto Project and OpenEmbedded. In order to better understand the strengths and weaknesses of each technology, we deep dive in various use cases. The talk is appropriate for anyone with basic knowledge about Linux. It will hopefully help managers, engineers and developers better understand the technical challenges and the available open source solutions with which to overcome them easier and faster so that they can focus on the unique core features of their products.
Boosting I/O Performance with KVM io_uringShapeBlue
Storage performance is becoming much more important. KVM io_uring attempts to bring the I/O performance of a virtual machine on almost the same level of bare metal. Apache CloudStack has support for io_uring since version 4.16. Wido will show the difference in performance io_uring brings to the table.
Wido den Hollander is the CTO of CLouDinfra, an infrastructure company offering total Webhosting solutions. CLDIN provides datacenter, IP and virtualization services for the companies within TWS. Wido den Hollander is a PMC member of the Apache CloudStack Project and a Ceph expert. He started with CloudStack 9 years ago. What attracted his attention is the simplicity of CloudStack and the fact that it is an open-source solution. During the years Wido became a contributor, a PMC member and he was a VP of the project for a year. He is one of our most active members, who puts a lot of efforts to keep the project active and transform it into a turnkey solution for cloud builders.
-----------------------------------------
The CloudStack European User Group 2022 took place on 7th April. The day saw a virtual get together for the European CloudStack Community, hosting 265 attendees from 25 countries. The event hosted 10 sessions with from leading CloudStack experts, users and skilful engineers from the open-source world, which included: technical talks, user stories, new features and integrations presentations and more.
------------------------------------------
About CloudStack: https://cloudstack.apache.org/
The Yocto Project and OpenEmbedded are often used for building custom GNU/Linux distributions for powering interactive kiosk and displaying HTML5 content.
Although Chromium is the most popular choice for a web browser, it is infamous for the long build time. In this presentation you will see a practical alternative approach using the surf web browser. Surf is a simple minimalist web browser based on WebKit2/GTK+ with interface that does not include any graphical control elements. It a perfect fit for a kiosk.
The presentation will offer the exact steps how to build a minimal GNU/Linux distribution with systemd, X11, openbox window manager and the Surf web browser. Furthermore, we will discuss practical examples for software over air updates of this simple distribution. Raspberry Pi 4 will be used as a reference hardware for all demonstrations.
This presentation is suitable for beginners. It will demonstrate a practical use of the Yocto Project/OpenEmbedded for a common use case, some tips and tricks as well as examples for selection systemd as init system and software over the air mechanism.
Summary of linux kernel security protectionsShubham Dubey
Linux kernel goes through very rapid changes each release. Over each release new protections and mitigations are added to make it more secure against different category of attacks. Unlike other platform, Linux security features are not advertise enough and most of the time limit to a mail thread. Since Linux is getting popular day by day in different sectors of industries, it is important for a researcher or an administrator to be aware about what protection it provide against sophisticated attacks targeting Linux kernel. In this session, I will take you through the different security features that Linux kernel has introduced over years and their limitations or bypasses. We will go though few demos to verify the working and bypasses of these protections. In the end I will discuss what is missing on Linux kernel that can be improved in future. This talk will help security researcher in identify the current Linux security protection and gaps presents in Linux kernel. With this knowledge they can tweak their product, for example an AV vendor working on Linux security need to be aware what protection is already present before working on something new. A developer dealing with Linux kernel development can also utilize this session to identify the security issues their code may hold and things they need to take care and ignore to make their modules or components secure
U-Boot, a boot loader for Embedded boards based on PowerPC, ARM, MIPS and several other processors, which can be installed in a boot ROM and used to initialize and test the hardware or to download and run application
code.
Note: When you view the the slide deck via web browser, the screenshots may be blurred. You can download and view them offline (Screenshots are clear).