The Zephyr Developer Summit, hosted under the first-ever Embedded Open Source Summit in Prague, Czech Republic, on June 27-30 included presentations, BoFs, and training designed for real time problem solving and deep discussions. More than 1,300 people registered for the EOSS conference – representing 375 organizations across 56 countries around the globe. Zephyr had 75+ technical sessions (in-person and on-demand) for 3 tracks focused on users of Zephyr, developers contributing upstream, and maintainer-specific topics.
All of the videos from the Zephyr Developer Summit can be found on the Zephyr Youtube Channel. Each week, we’ll highlight a few videos in a blog for easy access. Today, we’re featuring a few sessions focused on IoT and device management including. “IoT Device Management with Zephyr,” “Connecting and Managing Zephyr Devices Remotely Using LWM2M and Eclipse Leshan,” “Management of IoT TinyML Devices,” “Provisioning in Zephyr,” “Boot to Cloud Security Considerations with IoT,” and “Distributed Embedded Systems Using Zephyr.”
- All communication is built on standard protocols
- Completely wireless gateway and sensor solution with cellular and BLE connectivity
- Gateway cloud communication with LTE-M and/or NB-IoT -LwM2M protocol used to manage gateways and sensors
- LwM2M over BLE for sensor to gateway communication
- BLE communication encrypted between gateway and sensor with standard PKI practices
- LittleFS filesystem to store all settings. Any sensitive data is encrypted in LittleFS
- Password protected shell and hardware based protection – prevents tampering with device settings physically
- Public-key-infrastructure (PKI) used for cloud connections
- Secure boot and secure signed firmware images
- All settings configurable at runtime for tailored customer service when manufacturing the hardware.
- Remote firmware debugging with Memfault.
Connecting and Managing Zephyr Devices Remotely Using LWM2M and Eclipse Leshan – Julien Vermillard, Architect at EdgeIQ
Provisioning in Zephyr– Jared Wolff, Owner of Circuit Dojo LLC
- A secure boot and firmware update process
- The secure flow of data through the system
- How do I know the data is trustworthy and hasn’t been tampered with?
- How do I know that this comes from the device it claims to?
- How can I limit visibility of sensitive data?
- Reliable device authentication
- Secret management
- Secure connectivity to public/private cloud servers
Embedded developers can no longer limit themselves to one specific silo, and need to have basic skills and an understanding of the entire end-to-end, boot-to-cloud and security landscape to make the right design choices to produce a minimally secure system. This presentation tries to lay down some of those key requirements and design choices, and makes suggestions about best practices to follow based on open source software and open standards. This includes generating device-bound, storage-free private keys and UUIDs, mutual TLS, how to encode and transmit data securely and reliably, and bootstrap and X.509 certificate management requirements.
Distributed Embedded Systems Using Zephyr – Yuval Peress, Senior Software Engineer at Google
Embedded computing goes way beyond a single chip. In a given system, it’s likely that several tasks are running concurrently and interacting with each other. In most other computing disciplines these would be called micro-services. With the latest integration of Pigweed’s embedded RPC implementation, it’s now possible to imagine a similar concept in the embedded domain. In such a system design, it’ll be possible to define the task’s interface using a .proto file. During compile time, we can choose how we want the generated code to behave: local vs remote. Having this boundary enables applications to distribute computation across multiple microcontrollers. During the talk, I’ll discuss the benefits of having a proto API boundary and the benefits of running the service locally vs remotely along with the overhead. Additionally, I’ll discuss the benefits of such a modular design on testing. Finally, we’ll walk through a sample application with 2 services. The sample will demonstrate the benefits of:
- Being able to develop the services in parallel
- Writing tests based on the API boundary (before writing code)
- Being able to run the service remotely without additional engineering overhead and minimal performance/memory overhead
For more information about the 2024 event, stay tuned by subscribing to the Zephyr quarterly newsletter or connect with us on @ZephyrIoT, Zephyr Project LinkedIn or the Zephyr Discord Channel to talk with community and TSC members.