The new EU Cyber Resilience Act is a big step towards better digital product security, aimed at protecting both consumers and businesses. This new rule from the European Commission covers the whole life of digital products, making sure they’re secure from start to finish. We want to make all digital stuff in the EU safer.

We’ve collaborated with Exein, a leading embedded systems cybersecurity company,  to create a guide for developers.

This guide is easy to use. It explains the Act and what it means for your projects. It’s written by experts in embedded systems and cybersecurity, and turns the Act’s complex rules into clear, practical advice.

You don’t need to sign up to get our guide. It’s free and open to anyone who wants to know more about the Cyber Resilience Act and what it means for cybersecurity.

Click the button below to get your free copy of the guide. Start learning about the Cyber Resilience Act and how it affects your work.

Download the Embedded Developers Guide to CRA

The Yocto Project, an open source collaborative project helping developers create custom Linux-based systems, today announced the release of Nanbield 4.3. Announced on the heels of a recent funding boost provided to the Yocto Project from Sovereign Tech Fund, the release of Nanbield 4.3 features a host of new improvements, including security process improvements, year 2038 time fixes for 32 bit systems, prebuilt artifacts to accelerate builds and a new contributors guide along with all the usual component updates to integrate together the changes from hundreds of other upstream open source projects.

The excitement continues with the welcomed addition of Witekio as a Yocto Project Gold Member, joining Automotive Grade Linux, Huawei, Renesas, Siemens, and Texas Instruments. As a Member, Witekio brings its history of delivering innovative embedded systems and products to Yocto Project in addition to donating advocacy efforts.

“Advocacy and Training are critical functions of open source projects that tend to receive less fanfare than other project functions,” said Richard Purdie, Yocto Project Lead Architect and Linux Foundation Fellow. “Witekio brings expertise and funding, enabling us to do more on behalf of our community. Witekio’s involvement will increase project visibility and provide more opportunities to connect with the community through webinars and events.”

“We are incredibly proud to be recognised as a Gold Member of the Yocto Project.” stated Samir Bounab, CEO of Witekio. “This partnership highlights our unwavering commitment to open source software, which enables us to provide our clients with cutting-edge embedded and IoT solutions. We look forward to contributing to the Yocto Project’s growth and sharing our expertise with the community.”

Witekio’s own Pierre Gal will give a talk about elevating product quality with automated testing at next week’s Yocto Project Virtual Summit (November 28 – 30, 2023) alongside fellow community speakers in beginner and advanced tracks. Security expert Marta Rybczynska will provide updates on Yocto Project security and changes in tooling including the CVE scanning process, SBOM generation with SPDX, default options, and more. Registration is USD$40 – the full schedule and registration is available here: https://summit.yoctoproject.org/yocto-project-summit-2023-11/

New funding from the Sovereign Tech Fund will help the Yocto Project drive significant transformation

The Yocto Project is a powerful and versatile open source initiative that offers a comprehensive set of tools and metadata, enabling developers to easily construct custom operating systems. With recently announced financial support from the Sovereign Tech Fund (STF), Yocto Project will drive significant transformation in the open source community. nstead of relying on pre-compiled binaries, the Yocto Project allows for creating tailored Linux images easily targeted to a specific device’s hardware architecture. This flexibility makes it an invaluable resource for a wide range of applications, from embedded systems to Internet of Things (IoT) devices.

“Without fanfare, Yocto Project touches most people’s lives without their knowledge,” notes Richard Purdie, lead Architect at Yocto Project. “At least half the world’s internet traffic passes through routers built using Yocto. Add in mobile phone masts, software in cars, software inside core server components, and there are billions of devices all around us that are relied upon every day, making it a key piece of easily overlooked critical infrastructure software.”

The Significance of the Yocto Project and openembedded

While the Yocto Project may not be visible to end-users, its importance is undeniable. It is the foundational software infrastructure for numerous industries, including automotive, medical technology, consumer electronics, and telecommunications. Companies like BMW Group, OpenBMC, and many operating system vendors depend on the Yocto Project to build their products. This underscores its critical role in developing connected cars, servers, communication base stations, and more.

Automotive Grade Linux utilizes Yocto Project to create the AGL Unified Code Base (UCB), which is used by member companies in various connected car models. BMW Group also uses the software in some of its vehicles. The OpenBMC project uses the Yocto Project as a foundation and is, in turn, used by many hardware manufacturers in their servers (Dell, Microsoft, Meta, IBM, and others). Some operating system vendors also build their products on Yocto Project, supplying telecommunications companies that use Yocto Project, for example, in communication base stations.

Yocto Project has a close relationship with OpenEmbedded, the build architecture the project has adopted. Build architecture or framework describes the comprehensive set of compatible tools, scripts, metadata, and recipes that OpenEmbedded provides to simplify and automate constructing customized Linux distributions. Using this framework enables modularity, customization, and flexibility for developers.

There is an OpenEmbedded community and non-profit organization which oversees that architecture and technology. It doesn’t have member funding like the Yocto Project, so the Yocto Project has funded much of the work on OpenEmbedded. The two projects share codebases such as BitBake and OpenEmbedded-Core, so work on one directly benefits the other. Due to the ability to build everything from source including the toolchain, OpenEmbedded has often found uses in academic and research and development environments since it allows unconstrained experimentation at all levels of the source code. Many of the activities commissioned by the Sovereign Tech Fund contribute to OpenEmbedded-Core and thus to the many open source communities that build on it.

The funded work improves the long-term sustainability of the project by attracting a new generation of developers.

The Sovereign Tech Fund: A Game Changer

As IoT and embedded systems evolve, the need for specialized engineers to work on the Yocto Project becomes increasingly critical. Additionally, the Yocto Project shares codebases with OpenEmbedded, further emphasizing the need for investment in both projects. Recognizing the importance of the Yocto Project, the Sovereign Tech Fund has stepped in with a mission to enhance its efficiency, security, user experience, and developer engagement.

According to Purdie, “While the Yocto Project is widely used and depended upon, new technology projects tend to attract much more attention, and I’m heartened to see the Sovereign Tech Fund focusing on helping key pieces of infrastructure within the Yocto Project. The significant benefit we bring is that we can ripple the benefits and improvements out through entire ecosystems quickly and effectively, building on one of our founding principles: sharing and allowing collaboration on – and reuse of – processes and technology.”

The Sovereign Tech Fund’s support will be channeled into several key areas of development:

1. Build Process and Workflow Improvements:

• Core workflow improvements, including enhancements to build tooling and workflows.
• Development of the Yocto Project Reference Binary Distribution, focusing on workflow improvements and policies.
• Introduction of Patchtest, an automated testing tool for code patches submitted via mailing lists.

2. Security and Quality Improvements:

• Strengthening security processes and the security team.
• Advancing Software Bill of Materials (SBOMs) for improved transparency.
• Addressing tooling issues and enhancing quality-of-life features in Devtool, Recipetool, and Pseudo.

3. Integration and Usability Enhancements:

• Updates and improvements to Toaster, a web-based UI for BitBake.
• Integration of VSCode with Yocto Project for enhanced developer features and usability.

4. Layer Management Standardization:

• Integration of OpenEmbedded Core best practices into Meta-OpenEmbedded.
• Development of standard tools for managing Yocto layers, promoting layer tooling standardization.

Securing the Future of Yocto Project

The new resources provided by the Sovereign Tech Fund marks a pivotal moment in the Yocto Project’s journey. By addressing core workflow, security, integration, and layer management, this funding ensures the long-term sustainability of the project. Moreover, it creates an environment that is welcoming to new developers, encouraging them to contribute and eventually become maintainers.

On the matter of Yocto’s future, Purdie says, “With our increasing attention to security and requirements like software manifests, Yocto Project continues to provide solutions that are secure and innovative. Through this work and through collaboration with projects like SPDX the Yocto Project is well placed to deliver solutions that meet or exceed legislation requirements and allow us to take software accountability, security and update solutions to the next level along with leading developments in areas like software reproducibility.”

In Conclusion

The Yocto Project, with its source-based approach and wide-ranging applications, is a cornerstone of open source development. The Sovereign Tech Fund’s commitment to bolstering this project is a testament to its importance within the software ecosystem. As the Yocto Project undergoes these vital improvements, it continues to provide the foundation for countless industries and developers to build innovative and secure solutions. With these developments, the Yocto Project is poised to thrive and remain at the forefront of open source technology for years to come.

About the Sovereign Tech Fund

The Sovereign Tech Fund (STF) supports the development, improvement, and maintenance of open digital infrastructure in the public interest. Its goal to strengthen the open source ecosystem sustainably, focusing on security, resilience, technological diversity, and the people behind the code. STF is funded by the German Federal Ministry of Economics and Climate Action (BMWK) and hosted at and supported by the German Federal Agency for Disruptive Innovation GmbH (SPRIND).

Klepsydra AI – Cloud detection onboard from space with a custom Linux distribution built by the Yocto Project

 

What is Cloud detection?

Cloud detection is a crucial process in Earth Observation used to identify and mask clouds in satellite imagery. This is necessary because clouds can obstruct the view of the Earth’s surface, making it difficult to accurately interpret and analyse the data.

Cloud detection algorithms typically use a combination of spectral and spatial information to differentiate between clouds and other features in the imagery. For instance, they may utilize information from various wavelengths of light to distinguish between clouds and land or water surfaces. They may also use contextual information, such as the size and shape of features in the image, to aid in cloud identification.

Once clouds are detected, they can be masked or removed from the image so that the underlying land or water surface can be analysed. This is important for a wide range of applications, including land use and land cover mapping, crop monitoring, and climate studies.

Cloud detection is also utilised in real-time applications such as weather forecasting and disaster management, where monitoring cloud cover and its changes over time is crucial. In these applications, cloud detection algorithms can track the movement and formation of clouds, providing valuable information for predicting weather patterns and identifying areas that may be impacted by natural disasters.

Cloud detection onboard

Performing cloud detection onboard Earth Observation satellite offers several benefits over performing cloud detection on the ground:

1. Faster response time: Cloud detection onboard the satellite enables near real-time detection and removal of clouds, which is particularly useful for time-critical applications such as weather forecasting and disaster response.
2. Reduced data transmission: Transmitting large amounts of satellite imagery data to the ground can be expensive and time-consuming. By performing cloud detection onboard, only the useful data (i.e. data without clouds) needs to be transmitted to the ground, reducing data transmission costs.
3. Improved data quality: Cloud detection onboard the satellite can result in improved data quality because the detection algorithms can take into account the unique characteristics of the satellite’s sensors and the viewing geometry. This can result in more accurate and reliable cloud detection.
4. Increased availability of cloud-free data: By performing cloud detection onboard, the satellite can provide a higher percentage of cloud-free data, which is particularly important for applications such as land use and land cover mapping, crop monitoring, and climate studies.
5. Improved efficiency of downstream processing: Cloud detection onboard the satellite can improve the efficiency of downstream processing by reducing the amount of data that needs to be processed on the ground. This can lead to faster and more accurate analysis of the data.

KATESU project

The current commercial version of Klepsydra AI has successfully passed validation in an ESA activity called KATESU for Teledyne e2v’s LS1046 and Xilinx ZedBoard onboard computers, achieving outstanding performance results. During this activity, two DNN algorithms provided by ESA, CME and OBPMark-ML, were tested.

Klepsydra on a custom Linux distribution built by the Yocto Project

The Yocto Project is an umbrella organization for a number of open-source technologies which simplify the process of building and customizing Linux-based operating systems for embedded devices. It provides a flexible and scalable infrastructure, enabling developers to create highly optimized and tailored Linux distributions for their specific embedded systems.

In Klepsydra, the Yocto Project plays a crucial role in our workflow, particularly when it comes to generating Linux images for our LS1046 based computer. To begin, we set the necessary Yocto Project build tools up and configure the build system to specifically target our desired hardware platform. This ensures that the resulting Linux image is optimized and compatible with our LS1046 device.

To tailor the Linux kernel and other system components to our specific requirements, we create custom Yocto Project recipes. These recipes allow us to incorporate the necessary changes and optimizations, ensuring that the resulting Linux image is finely tuned to meet our needs. Additionally, we introduce the meta-virtualization layer to our Yocto Project setup, which enables us to include Docker in the final root filesystem of the generated image.

Once the build has been configured and our customizations have been applied, the next step is to generate the Linux image for our target platform. This involves compiling and packaging all the requiredcomponents, including the kernel, device drivers, libraries, and applications, into a deployable image file. This image file can then be flashed onto an SD card, effectively preparing it for booting Linux on our LS1046 device.

With the Linux image successfully booted on the target platform, we proceed to create the necessary Docker image directly on the LS1046 device. Leveraging the Docker capabilities provided by the meta-virtualization layer, we prepare a Docker image that encapsulates the specific software, dependencies, and configurations required for our testing purposes.

Once the Docker image is prepared, we launch a container from it on the target device. This container serves as a controlled environment where we can perform various tests and evaluations on the LS1046 device. By executing tests within the container, we can isolate and evaluate specific functionalities or scenarios, ensuring the reliability and performance of our software on the target platform.

Demo online

https://klepsydra.com/klepsydra-ai-esa-obmark-ml-online-demo-ii-the-cloud-detection-dnn/

The demo showcases the Cloud Detection DNN model executed on three identical computers, each with a different optimisation. The first computer runs Klepsydra optimised for latency (kpsr.lat), the second uses TensorFlow Lite, and the third uses Klepsydra optimised for CPU (kpsr.cpu).

Klepsydra AI demonstrates remarkable elasticity and high-performance capabilities. The kpsr.lat configuration can process up to two times more images per second than TensorFlow Lite, while kpsr.cpu processes the same number of images as TensorFlow Lite but with fewer CPU resources. These improvements are evident in both the Intel and ARM versions of the demo.

In summary, Klepsydra AI provides customers with a unique capability to adapt to their specific needs, whether it be latency, CPU, RAM, or throughput. This feature makes Klepsydra AI highly suitable for onboard AI applications such as Earth Observation onboard data processing and compression, vision-based navigation for in-orbit servicing, and lunar landing.

Acknowledgments

This demo was prepared as part of ESA’s KATESU project to evaluate Klepsydra AI for Space use. For further information on this project, please refer to https://klepsydra.com/klepsydra-ai-technology-evaluation-space-use/.

The OBPMark-ML DNN was provided to Klepsydra by courtesy of ESA. This algorithm is part of ESA’s OBPMark framework (https://obpmark.github.io/). For further information on this framework, please contact OBPMark@esa.int.