Yocto based Embedded Linux IoT Device Development

Yocto based Embedded Linux IoT Device Development

We provide development support, integration support and consultancy for

Linux BSP Development

  • uBoot bootloader adaptation
  • Kernel configuration and hardening
  • Device tree configuration
  • Secure Boot on Cortex-A CPU (Arm Trustzone)
  • Persistent memory layout and partitioning

Linux Application Development

  • In Rust, C++, Python, Typescript
  • For target CPU, GPU, NPU
  • Including
    • Application architecture and design
    • BDD and TDD test frameworks usage and test case specification
    • Documentation as code

Multi Device and Multi Application Integration

  • Maintenance of multiple devices (different PCB-A's), at different hardware revisions and different assembly variants
  • Maintenance of different applications (and the dependencies to PCB-A's) at different versions, with different feature toggles.
  • Tooling support for BSP developers to integrate new BSP's.
  • Tooling support for application developers to integrate and test the application on the target hardware
  • Decoupling of application development cycles from bsp development cycles
  • Continuous Integration into CI servers
  • Release management procedures
  • Service middleware configuration
    • logging facilities
    • deployment e.g. of libraries and tooling like databases (e.g. Postgres), communication protocol server (e.g. MQTT Mosquitto, like Nginx web server)
    • service user and arbitrary tools (like strace, openssh, ) setup
  • Yocto Upstream configuration maintenance

IOT Device Integration Testing

  • ptest infrastructure for
    • application
    • 3rd party middleware components
    • BSP
  • As part of Continuous Integration
  • Either on target hardware or on QEMU machine at the same ISA architecture like the target

Board Functional Circuit Testing (FCT) Fixture Development

Functional circuit testing is a quality assurance measure at PCB-A production. It requires to install and instrument a test fixture software on the newly manufactured board.

This Functional Circuit Test (FCT) software is a Yocto firmware image itself, running the very same bootloader and kernel like the production application.

Factory Deployment and Device Provisioning

  • Deploy initial firmware: (at one of the last steps during production)
    • Generate and deploy secure keys keys; blow security boot fuses
    • Provide a default configuration
    • Enable the IoT device for (secure, remote) software updates
  • Device Provisioning
    • Add new IoT devices to the network.
    • Configure the IoT device behavior

Secure Boot and secure Software Update

  • Software update via mender, swupdate or rauc
  • Migration of work data and configuration at software update
  • Factory Reset of configuration data
  • Secret management of boot keys (as part of the CI, release infrastructure)
  • Secure lifecycle management including secure build

Privacy and Data Integrity Measures

  • Encryption of
    • Data at rest (data file system partition)
    • Data in transit (e.g. via TLS, HTTPS)
  • Secure logging (assure integrity and confidentiality of logs)
  • Security logging (log all security relevant activities)

Support of the Cybersecurity Resilience Act (CRA) mandatory Activities

  • System hardening
  • SBOM
  • 3rd party component validation (i.e. SouP - for medical products)
  • Common Vulnerabilities and Exposures (CVE) management via timesys

AMS Yocto Integration Environment

We maintain our own Yocto environment. It is called AMS (AlMedSo). We showcase our expertise on a set of sample applications (images) running on a zoo of boards.

Here is the manifest repo and the recipe and config repositories as well as a Docker Container for (headless) Yocto builds.

Also, we publish Yocto related blog posts.