New funding from the Sovereign Tech Fund will help the Yocto Project drive significant transformation
The Yocto Project is a powerful and versatile open source initiative that offers a comprehensive set of tools and metadata, enabling developers to easily construct custom operating systems. With recently announced financial support from the Sovereign Tech Fund (STF), Yocto Project will drive significant transformation in the open source community. nstead of relying on pre-compiled binaries, the Yocto Project allows for creating tailored Linux images easily targeted to a specific device’s hardware architecture. This flexibility makes it an invaluable resource for a wide range of applications, from embedded systems to Internet of Things (IoT) devices.
“Without fanfare, Yocto Project touches most people’s lives without their knowledge,” notes Richard Purdie, lead Architect at Yocto Project. “At least half the world’s internet traffic passes through routers built using Yocto. Add in mobile phone masts, software in cars, software inside core server components, and there are billions of devices all around us that are relied upon every day, making it a key piece of easily overlooked critical infrastructure software.”
The Significance of the Yocto Project and openembedded
While the Yocto Project may not be visible to end-users, its importance is undeniable. It is the foundational software infrastructure for numerous industries, including automotive, medical technology, consumer electronics, and telecommunications. Companies like BMW Group, OpenBMC, and many operating system vendors depend on the Yocto Project to build their products. This underscores its critical role in developing connected cars, servers, communication base stations, and more.
Automotive Grade Linux utilizes Yocto Project to create the AGL Unified Code Base (UCB), which is used by member companies in various connected car models. BMW Group also uses the software in some of its vehicles. The OpenBMC project uses the Yocto Project as a foundation and is, in turn, used by many hardware manufacturers in their servers (Dell, Microsoft, Meta, IBM, and others). Some operating system vendors also build their products on Yocto Project, supplying telecommunications companies that use Yocto Project, for example, in communication base stations.
Yocto Project has a close relationship with OpenEmbedded, the build architecture the project has adopted. Build architecture or framework describes the comprehensive set of compatible tools, scripts, metadata, and recipes that OpenEmbedded provides to simplify and automate constructing customized Linux distributions. Using this framework enables modularity, customization, and flexibility for developers.
There is an OpenEmbedded community and non-profit organization which oversees that architecture and technology. It doesn’t have member funding like the Yocto Project, so the Yocto Project has funded much of the work on OpenEmbedded. The two projects share codebases such as BitBake and OpenEmbedded-Core, so work on one directly benefits the other. Due to the ability to build everything from source including the toolchain, OpenEmbedded has often found uses in academic and research and development environments since it allows unconstrained experimentation at all levels of the source code. Many of the activities commissioned by the Sovereign Tech Fund contribute to OpenEmbedded-Core and thus to the many open source communities that build on it.
The funded work improves the long-term sustainability of the project by attracting a new generation of developers.
The Sovereign Tech Fund: A Game Changer
As IoT and embedded systems evolve, the need for specialized engineers to work on the Yocto Project becomes increasingly critical. Additionally, the Yocto Project shares codebases with OpenEmbedded, further emphasizing the need for investment in both projects. Recognizing the importance of the Yocto Project, the Sovereign Tech Fund has stepped in with a mission to enhance its efficiency, security, user experience, and developer engagement.
According to Purdie, “While the Yocto Project is widely used and depended upon, new technology projects tend to attract much more attention, and I’m heartened to see the Sovereign Tech Fund focusing on helping key pieces of infrastructure within the Yocto Project. The significant benefit we bring is that we can ripple the benefits and improvements out through entire ecosystems quickly and effectively, building on one of our founding principles: sharing and allowing collaboration on – and reuse of – processes and technology.”
The Sovereign Tech Fund’s support will be channeled into several key areas of development:
1. Build Process and Workflow Improvements:
- Core workflow improvements, including enhancements to build tooling and workflows.
- Development of the Yocto Project Reference Binary Distribution, focusing on workflow improvements and policies.
- Introduction of Patchtest, an automated testing tool for code patches submitted via mailing lists.
2. Security and Quality Improvements:
- Strengthening security processes and the security team.
- Advancing Software Bill of Materials (SBOMs) for improved transparency.
- Addressing tooling issues and enhancing quality-of-life features in Devtool, Recipetool, and Pseudo.
3. Integration and Usability Enhancements:
- Updates and improvements to Toaster, a web-based UI for BitBake.
- Integration of VSCode with Yocto Project for enhanced developer features and usability.
4. Layer Management Standardization:
- Integration of OpenEmbedded Core best practices into Meta-OpenEmbedded.
- Development of standard tools for managing Yocto layers, promoting layer tooling standardization.
Securing the Future of Yocto Project
The new resources provided by the Sovereign Tech Fund marks a pivotal moment in the Yocto Project’s journey. By addressing core workflow, security, integration, and layer management, this funding ensures the long-term sustainability of the project. Moreover, it creates an environment that is welcoming to new developers, encouraging them to contribute and eventually become maintainers.
On the matter of Yocto’s future, Purdie says, “With our increasing attention to security and requirements like software manifests, Yocto Project continues to provide solutions that are secure and innovative. Through this work and through collaboration with projects like SPDX the Yocto Project is well placed to deliver solutions that meet or exceed legislation requirements and allow us to take software accountability, security and update solutions to the next level along with leading developments in areas like software reproducibility.”
The Yocto Project, with its source-based approach and wide-ranging applications, is a cornerstone of open source development. The Sovereign Tech Fund’s commitment to bolstering this project is a testament to its importance within the software ecosystem. As the Yocto Project undergoes these vital improvements, it continues to provide the foundation for countless industries and developers to build innovative and secure solutions. With these developments, the Yocto Project is poised to thrive and remain at the forefront of open source technology for years to come.
About the Sovereign Tech Fund
The Sovereign Tech Fund (STF) supports the development, improvement, and maintenance of open digital infrastructure in the public interest. Its goal to strengthen the open source ecosystem sustainably, focusing on security, resilience, technological diversity, and the people behind the code. STF is funded by the German Federal Ministry of Economics and Climate Action (BMWK) and hosted at and supported by the German Federal Agency for Disruptive Innovation GmbH (SPRIND).