The Linux Foundation Projects
Skip to main content
All Posts By

Megan Knight

Latest Long Term Support Release, New Platinum Member Boeing, and Developer Day 2024

By Blog, Featured

Scarthgap 5.0 release packed with 300+ recipe upgrades and improvements to a variety of critical areas.

SAN FRANCISCO, May 30, 2024 /PRNewswire/ — The Yocto Project, an open source collaborative project that developers use to create custom Linux-based systems, today announced the release of Scarthgap 5.0, the latest Long Term Support (LTS) release. This mega-release is packed with over 300 recipe upgrades and improvements to a variety of critical areas including core workflow, security, testing, Toaster web UI, packaging, and the roll-out of a new plug-in for VSCode among other available IDEs. As a Yocto Project LTS release, Scarthgap 5.0 will be maintained with bug fixes and security updates for 4 years.

Yocto continues to grow and is pleased to welcome Boeing at the Platinum level, alongside AMD, Arm, AWS, BMW Group, Cisco, Comcast, Exein, Intel, LG Electronics, Qualcomm and WindRiver. As a Platinum Member, Boeing brings extensive knowledge regarding Embedded Linux and Yocto Project usage in safety-critical environments to the project community.

“Yocto Project usage is subtle but extensive, powering the internet in routers through to telecommunications, automotive, aerospace, and much more,” said Richard Purdie, Yocto Project Architect. “We’re happy to welcome Boeing recognizing and supporting the project and now being able to publicly illustrate the project’s role in another key industry.”

“Boeing is honored to join the Yocto Project as a Platinum Member,” said Jinnah Hosein, Software Engineering Vice President and Chief Software Engineer of the Boeing Company. “Simply put, it’s the best technical solution available today for creating custom Linux builds for embedded targets. We recognize the long-standing hard work of the project’s maintainers, and we look forward to supporting them and contributing back into the ecosystem.”

“It is wonderful to see major companies that gain so much benefit from open source contribute back and invest in the sustainability of those projects,” said Andrew Wafaa, Yocto Project Chair. “I am delighted to welcome Boeing as a Platinum member to the Yocto Project and look forward to furthering both Boeing’s use of and influencing of the Yocto Project”

The Yocto Project is proud to announce the details for their annual Yocto Project Developer Day, taking place on Thursday, September 19 alongside Open Source Summit Europe in Vienna, Austria. This full-day event provides beginner and advanced developers with the opportunity to participate in a variety of sessions, presentations, and tutorials dedicated to the project and members of the community. The Call for Proposals is now open and accepting submissions for a variety of new and traditional topics, including Aerospace/Safety-Critical and Security.

The Yocto Project continues to drive open source collaboration around custom Linux-based systems. To learn more about Yocto Project, including how to become a member, contribute to the community, and register for Yocto Project Developer Day, please visit the Yocto Project website. Full release notes for Scarthgap 5.0 are available here.

Media Contact
Noah Lehman | The Linux Foundation
nlehman@linuxfoundation.org
</div class:”content-inner”>

Empowering Digital Security: Your Comprehensive Guide to Navigating the EU Cyber Resilience Act with Exein

By Blog, Featured

The new EU Cyber Resilience Act is a big step towards better digital product security, aimed at protecting both consumers and businesses. This new rule from the European Commission covers the whole life of digital products, making sure they’re secure from start to finish. We want to make all digital stuff in the EU safer.

We’ve collaborated with Exein, a leading embedded systems cybersecurity company,  to create a guide for developers.

This guide is easy to use. It explains the Act and what it means for your projects. It’s written by experts in embedded systems and cybersecurity, and turns the Act’s complex rules into clear, practical advice.

You don’t need to sign up to get our guide. It’s free and open to anyone who wants to know more about the Cyber Resilience Act and what it means for cybersecurity.

Click the button below to get your free copy of the guide. Start learning about the Cyber Resilience Act and how it affects your work.

Download the Embedded Developers Guide to CRA

Latest Release, New Gold Member Witekio, and Virtual Summit

By Blog, Featured

The Yocto Project, an open source collaborative project helping developers create custom Linux-based systems, today announced the release of Nanbield 4.3. Announced on the heels of a recent funding boost provided to the Yocto Project from Sovereign Tech Fund, the release of Nanbield 4.3 features a host of new improvements, including security process improvements, year 2038 time fixes for 32 bit systems, prebuilt artifacts to accelerate builds and a new contributors guide along with all the usual component updates to integrate together the changes from hundreds of other upstream open source projects.

The excitement continues with the welcomed addition of Witekio as a Yocto Project Gold Member, joining Automotive Grade Linux, Huawei, Renesas, Siemens, and Texas Instruments. As a Member, Witekio brings its history of delivering innovative embedded systems and products to Yocto Project in addition to donating advocacy efforts.

“Advocacy and Training are critical functions of open source projects that tend to receive less fanfare than other project functions,” said Richard Purdie, Yocto Project Lead Architect and Linux Foundation Fellow. “Witekio brings expertise and funding, enabling us to do more on behalf of our community. Witekio’s involvement will increase project visibility and provide more opportunities to connect with the community through webinars and events.”

“We are incredibly proud to be recognised as a Gold Member of the Yocto Project.” stated Samir Bounab, CEO of Witekio. “This partnership highlights our unwavering commitment to open source software, which enables us to provide our clients with cutting-edge embedded and IoT solutions. We look forward to contributing to the Yocto Project’s growth and sharing our expertise with the community.”

Witekio’s own Pierre Gal will give a talk about elevating product quality with automated testing at next week’s Yocto Project Virtual Summit (November 28 – 30, 2023) alongside fellow community speakers in beginner and advanced tracks. Security expert Marta Rybczynska will provide updates on Yocto Project security and changes in tooling including the CVE scanning process, SBOM generation with SPDX, default options, and more. Registration is USD$40 – the full schedule and registration is available here: https://summit.yoctoproject.org/yocto-project-summit-2023-11/

Sovereign Tech Fund Boosts Yocto Project

By Blog, Featured

New funding from the Sovereign Tech Fund will help the Yocto Project drive significant transformation

The Yocto Project is a powerful and versatile open source initiative that offers a comprehensive set of tools and metadata, enabling developers to easily construct custom operating systems. With recently announced financial support from the Sovereign Tech Fund (STF), Yocto Project will drive significant transformation in the open source community. nstead of relying on pre-compiled binaries, the Yocto Project allows for creating tailored Linux images easily targeted to a specific device’s hardware architecture. This flexibility makes it an invaluable resource for a wide range of applications, from embedded systems to Internet of Things (IoT) devices.

“Without fanfare, Yocto Project touches most people’s lives without their knowledge,” notes Richard Purdie, lead Architect at Yocto Project. “At least half the world’s internet traffic passes through routers built using Yocto. Add in mobile phone masts, software in cars, software inside core server components, and there are billions of devices all around us that are relied upon every day, making it a key piece of easily overlooked critical infrastructure software.”

The Significance of the Yocto Project and openembedded

While the Yocto Project may not be visible to end-users, its importance is undeniable. It is the foundational software infrastructure for numerous industries, including automotive, medical technology, consumer electronics, and telecommunications. Companies like BMW Group, OpenBMC, and many operating system vendors depend on the Yocto Project to build their products. This underscores its critical role in developing connected cars, servers, communication base stations, and more.

Automotive Grade Linux utilizes Yocto Project to create the AGL Unified Code Base (UCB), which is used by member companies in various connected car models. BMW Group also uses the software in some of its vehicles. The OpenBMC project uses the Yocto Project as a foundation and is, in turn, used by many hardware manufacturers in their servers (Dell, Microsoft, Meta, IBM, and others). Some operating system vendors also build their products on Yocto Project, supplying telecommunications companies that use Yocto Project, for example, in communication base stations.

Yocto Project has a close relationship with OpenEmbedded, the build architecture the project has adopted. Build architecture or framework describes the comprehensive set of compatible tools, scripts, metadata, and recipes that OpenEmbedded provides to simplify and automate constructing customized Linux distributions. Using this framework enables modularity, customization, and flexibility for developers.

There is an OpenEmbedded community and non-profit organization which oversees that architecture and technology. It doesn’t have member funding like the Yocto Project, so the Yocto Project has funded much of the work on OpenEmbedded. The two projects share codebases such as BitBake and OpenEmbedded-Core, so work on one directly benefits the other. Due to the ability to build everything from source including the toolchain, OpenEmbedded has often found uses in academic and research and development environments since it allows unconstrained experimentation at all levels of the source code. Many of the activities commissioned by the Sovereign Tech Fund contribute to OpenEmbedded-Core and thus to the many open source communities that build on it.

The funded work improves the long-term sustainability of the project by attracting a new generation of developers.

The Sovereign Tech Fund: A Game Changer

As IoT and embedded systems evolve, the need for specialized engineers to work on the Yocto Project becomes increasingly critical. Additionally, the Yocto Project shares codebases with OpenEmbedded, further emphasizing the need for investment in both projects. Recognizing the importance of the Yocto Project, the Sovereign Tech Fund has stepped in with a mission to enhance its efficiency, security, user experience, and developer engagement.

According to Purdie, “While the Yocto Project is widely used and depended upon, new technology projects tend to attract much more attention, and I’m heartened to see the Sovereign Tech Fund focusing on helping key pieces of infrastructure within the Yocto Project. The significant benefit we bring is that we can ripple the benefits and improvements out through entire ecosystems quickly and effectively, building on one of our founding principles: sharing and allowing collaboration on – and reuse of – processes and technology.”

The Sovereign Tech Fund’s support will be channeled into several key areas of development:

1. Build Process and Workflow Improvements:

  • Core workflow improvements, including enhancements to build tooling and workflows.
  • Development of the Yocto Project Reference Binary Distribution, focusing on workflow improvements and policies.
  • Introduction of Patchtest, an automated testing tool for code patches submitted via mailing lists.

2. Security and Quality Improvements:

  • Strengthening security processes and the security team.
  • Advancing Software Bill of Materials (SBOMs) for improved transparency.
  • Addressing tooling issues and enhancing quality-of-life features in Devtool, Recipetool, and Pseudo.

3. Integration and Usability Enhancements:

  • Updates and improvements to Toaster, a web-based UI for BitBake.
  • Integration of VSCode with Yocto Project for enhanced developer features and usability.

4. Layer Management Standardization:

  • Integration of OpenEmbedded Core best practices into Meta-OpenEmbedded.
  • Development of standard tools for managing Yocto layers, promoting layer tooling standardization.

Securing the Future of Yocto Project

The new resources provided by the Sovereign Tech Fund marks a pivotal moment in the Yocto Project’s journey. By addressing core workflow, security, integration, and layer management, this funding ensures the long-term sustainability of the project. Moreover, it creates an environment that is welcoming to new developers, encouraging them to contribute and eventually become maintainers.

On the matter of Yocto’s future, Purdie says, “With our increasing attention to security and requirements like software manifests, Yocto Project continues to provide solutions that are secure and innovative. Through this work and through collaboration with projects like SPDX the Yocto Project is well placed to deliver solutions that meet or exceed legislation requirements and allow us to take software accountability, security and update solutions to the next level along with leading developments in areas like software reproducibility.”

In Conclusion

The Yocto Project, with its source-based approach and wide-ranging applications, is a cornerstone of open source development. The Sovereign Tech Fund’s commitment to bolstering this project is a testament to its importance within the software ecosystem. As the Yocto Project undergoes these vital improvements, it continues to provide the foundation for countless industries and developers to build innovative and secure solutions. With these developments, the Yocto Project is poised to thrive and remain at the forefront of open source technology for years to come.

About the Sovereign Tech Fund

The Sovereign Tech Fund (STF) supports the development, improvement, and maintenance of open digital infrastructure in the public interest. Its goal to strengthen the open source ecosystem sustainably, focusing on security, resilience, technological diversity, and the people behind the code. STF is funded by the German Federal Ministry of Economics and Climate Action (BMWK) and hosted at and supported by the German Federal Agency for Disruptive Innovation GmbH (SPRIND).