More than 380 people registered for the 2nd Annual Zephyr Developer Summit, which took place on June 8-9 in-person in Mountain View, CA and virtually for attendees around the world, to learn more about the fastest growing RTOS. We hosted a “Zephyr Intro Day” on June 7 and had 4 tracks, 2 mini-conferences, 2 tutorials, 54 sessions and 58 speakers who presented engaging technical content, best practices, use cases and more. We’ll be adding event videos each week to the Zephyr Youtube Channel.
Today, we’re featuring all of the presentations that showcase safety and security considerations with Zephyr RTOS including,“Virtualization with Zephyr & Xen for Embedded Safety Systems,” “Next Steps for Software Bill of Materials (SBOM) Generation in Zephyr,” “X.509 Client Authentication in Zephyr,” and “Hypervisor-less Virtio: Assembling Multi-OS Systems Using Standards-based Protocols for Intra-soC Connectivity.” Watch the videos below or click on the session title for links to the presentations.
“Virtualization with Zephyr & Xen for Embedded Safety Systems” – Dmytro Firsov, Senior Software Engineer at EPAM Systems
In this talk, Dmytro will explain which missing parts were added to Zephyr, which are still to be done and tell about system on Renesas H3 SoC that is being developed. It boots Xen, starts Zephyr as dom0 and starts guest Linux domain with HW peripherals access.
To simplify the system and minimize the changes needed to Zephyr this is based on past work including:
- Xen “thin dom0” concept when all the shared hardware resides outside of dom0 – “control” domain is separated from “hardware” domain(s)
- Using u-boot as a generic guest bootloader to avoid bloating Zephyr image with guest domain kernels
“Next Steps for Software Bill of Materials (SBOM) Generation in Zephyr” – Steve Winslow, Counsel at Boston Technology Law
2021 saw a growing recognition of the need for software distributions to include Software Bills of Materials (SBOMs). In 2021, the Zephyr project gained the ability to generate SBOMs in SPDX format at build time. This enables downstream recipients of a Zephyr build to have greater visibility into specifically which source code files were compiled and linked into the final binary. In this session, Steve will begin by presenting details about how the Zephyr SBOM functionality leverages the underlying CMake infrastructure to create SPDX documents during a Zephyr build. He will discuss the assumptions currently made regarding how Zephyr builds are structured. The session will then open for broader discussion about whether those assumptions are appropriate, and whether there are alternative approaches to SPDX document generation that are more suitable for Zephyr users.
“X.509 Client Authentication in Zephyr” – Kevin Townsend, Technical Lead at Linaro
Password-based client authentication is difficult to maintain, and prone to abuse, but there are very few end-to-end examples of what ‘mutual TLS’ — where client devices are authenticated using X.509 certificates — might look like in an embedded system. This presentation details work being done at Linaro to enable X.509 certificate-based client authentication to servers using TLS with Zephyr’s networking and security stacks (MbedTLS, TF-M, etc.). It includes a discussion of storage-free key derivation, certificate provisioning, server connectivity, and presents a complete end-to-end picture of what certificate-based client authentication and authorization might look like with the subsystems available in Zephyr today.
“Hypervisor-less Virtio: Assembling Multi-OS Systems Using Standards-based Protocols for Intra-soC Connectivity” – Danut (Dan) Gabriel Milea, Engineering Manager at Wind River
Edge computing applications can now span across multi-core CPU clusters and run-times and can include safety or real-time workloads which run on dedicated CPU cores. The connectivity between these collaborative run-times can be provided by standards-based protocols like virtio. Virtio can be used for communication between a guest and a hypervisor, but also to communicate laterally between runtimes deployed on a multicore CPU SoC. We label this type of communication hypervisor-less virtio. Adding virtio support to Zephyr enables the creation of efficient multi-core / multi-run-time applications. Building on top of standard virtio, hypervisor-less virtio can provide communication and resource sharing between a rich execution environment like Linux and a Zephyr-based application running on a dedicated hardware island.
If you have questions or would like to chat with any of our Zephyr speakers, ambassadors or members of the Technical Steering Committee (TSC), please join us on Discord.