Tprrt's Blog

Embedded Linux

This week, the embedded Linux landscape has seen a mix of hardware developments, software updates, and community discussions, showcasing innovation and ongoing challenges in the field.

Embedded Linux

The realm of embedded Linux continues to evolve, with numerous advancements and solutions catering to specific needs in embedded systems development. Here's a roundup of the latest articles in this area.

SBCs and Solutions - LinuxGizmos.com: embedded Linux news & devices: Notable for introducing the Dragon Q8B, a compact single-board computer powered by the Qualcomm Snapdragon 8cx Gen 3. [Read more here](https://linuxgizmos.com). - Embedded Linux Distribution & Solutions | SUSE: Highlights SUSE’s embedded Linux distribution, offering a secure suite of open-source products for creating small-footprint devices. [Read more here](https://www.suse.com/solutions/embedded). - Enterprise management with Ubuntu: Emphasizes how thousands of businesses utilize Ubuntu for managing appliances efficiently, showcasing its global support capabilities. [Read more here](https://ubuntu.com/embedded).

Security and System Updates - Linux DRM Ioctl Developed By AMD Being Disabled Following Ongoing Security Issue: Discusses recent developments in the 7.1 kernel, where the DRM pull request faced challenges due to security concerns. [Read more here](https://www.phoronix.com/news/Linux-7.1-DRM-Change-Handle). - Security updates for Friday: Covers various security updates for multiple distributions including AlmaLinux and Debian, addressing vulnerabilities and enhancing system integrity. [Read more here](https://lwn.net/Articles/1076605).

Development Trends - Moving beyond fork() + exec(): Analyzes the evolution of process management in Unix-like systems, moving past traditional calls to improve efficiency in embedded contexts. [Read more here](https://lwn.net/Articles/1076018/). - Ruby's Bundler adds a cooldown feature: Highlights new functionality in Bundler, reflecting broader trends in package management that can influence embedded systems development. [Read more here](https://lwn.net/Articles/1076526/).

User Interface Updates - GNOME File Previewer Finally Switches TO GTK4, Adds Dark Mode: Describes enhancements to the GNOME Sushi file preview tool, showcasing the shift to GTK4 and user experience improvements. [Read more here](https://www.phoronix.com/news/GNOME-File-Previewer-GTK4). - KDE Plasma 6.8 Will Make Sure You Don't Miss Your Low Battery Notifications While Gaming: Discusses upcoming features in KDE aimed at enhancing user experience for embedded devices, particularly during critical tasks like gaming. [Read more here](https://www.phoronix.com/news/Plasma-6.8-Low-Battery-Full-S).

These articles reflect the vibrant landscape of embedded Linux, highlighting the ongoing innovations and challenges that developers and users face.

Embedded Linux

The world of Embedded Linux is evolving with new hardware and software releases aimed at optimizing performance and integration within IoT devices and embedded systems. Here are some noteworthy developments:

Embedded Linux

The world of Embedded Linux is constantly evolving, with advancements in security, kernel updates, and application development leading the way. The articles this week delve into various facets of this intriguing domain, from managing updates to enhancements in real-time performance.

Security and Updates

Security is a paramount concern in embedded systems, and this week's articles compiled relevant discussions on maintaining system integrity and update strategies.

• Safe and Secure OTA Updates for Embedded Linux | RAUC - An introduction to RAUC, an update client designed to manage reliable OTA updates on embedded devices.
• Update strategy for linux kernel, rootfs and firmware - Reddit - Discussion on designing an effective update strategy for hardware components.
• Seven new stable kernels with patches for CVE-2026-46333 - Announcement of stable kernel updates addressing significant vulnerabilities.

Kernel Developments

Kernel improvements continue to shape the Embedded Linux landscape, with many articles shedding light on new features, stability, and changes.

• Linux 7.0.8 Released & LTS Kernels Updated For ssh-keysign-pwn - Report on the latest Linux kernel releases addressing serious security vulnerabilities.
• Linux's Latest Vulnerability Allows Reading Root-Owned Files By Unprivileged Users - Examination of vulnerabilities impacting kernel security.
• Coreboot + AMD openSIL Powered Firmware Published For The Gigabyte MZ33-AR1 - Release details regarding new firmware leveraging core technologies for better system performance.

Embedded Solutions and Applications

Innovations and resources for embedded systems are highlighted, showcasing tools, platforms, and technologies that aim to enhance performance in various applications.

• Embedded Linux for i.MX Applications Processors | NXP Semiconductors - Overview of the support for embedded Linux on NXP's i.MX processors.
• Top Embedded Linux Solutions for 2026 What to Look For? - Insightful predictions on upcoming trends and solutions in Embedded Linux.
• GitHub - fkromer/awesome-embedded-linux: A curated list of awesome Embedded Linux resources - A valuable collection of Embedded Linux resources for developers and engineers.

Emerging Technologies and Community Insights

The community continues to share insights and discussions around future trends and technologies impacting the Embedded Linux experience.

• Next Gen Embedded Linux: Overview - YouTube - A video exploring the future directions of Embedded Linux developments.
• LinuxChanges - Linux Kernel Newbies - Highlights of recent changes to the Linux kernel, exhibiting innovation and progress.
• LinuxGizmos.com: embedded Linux news & devices - Regular updates and news focused on embedded Linux devices and technology.

This week's articles present a rich tapestry of information for anyone interested in or working with Embedded Linux, emphasizing the importance of security, kernel updates, and innovative solutions.

Major component upgrades

The toolchain and core components received significant version bumps:

• Linux kernel 6.18
• GCC 15.2
• glibc 2.43
• LLVM/Clang 22.1.3
• Python 3.14.4
• systemd 259.5
• Go 1.26.2, Rust 1.94.1
• QEMU 10.2.0
• U-Boot 2026.01

Over 300 recipe upgrades in total.

Rust in the Linux kernel

One of the most significant additions is first-class Rust support for building the Linux kernel and out-of-tree kernel modules:

• A new kernel-yocto-rust class adds the required dependencies to build Rust components of the kernel.
• A new module-rust class supports building out-of-tree Rust kernel modules. A skeleton example is available under meta-skeleton/recipes-kernel/rust-out-of-tree-module.
• Enabling Rust in the kernel is now as simple as adding rust to KERNEL_FEATURES in a recipe that inherits kernel-yocto.

Security improvements on by default

Several security and hardening features that were previously opt-in are now enabled by default in the nodistro setup:

• security_flags.inc — adds security-related compiler and linker flags.
• no-static-libs.inc — disables most static libraries.
• uninative — allows reuse of native sstate built on one distro on another, also enabled by default now.
• OpenSSL now disables TLS 1.0/1.1 by default.

New SBOM and CVE tooling

The CVE analysis and SBOM generation story got a major overhaul:

• A new sbom-cve-check class replaces the old cve-check class for post-build CVE analysis of images. It uses the new python3-sbom-cve-check tool internally.
• A new sbom-cve-check-recipe class allows CVE analysis at the recipe level, without building the full software.
• SPDX 2.2 support has been dropped; the project now supports SPDX 3 only.
• New variables SPDX_INCLUDE_KERNEL_CONFIG and SPDX_INCLUDE_PACKAGECONFIG allow exporting richer metadata into SPDX documents.

BitBake and tooling improvements

bitbake-setup received a lot of love in this release:

• Non-destructive update behavior: local commits and modifications are preserved during bitbake-setup update.
• Shared State is now shared between builds by default (SSTATE_DIR and BB_HASHSERVE_DB_DIR set in site.conf).
• VSCode configuration files are now generated by default.
• The unpack_update() function allows updating a Git repository in-place.

WIC is now an external project

The WIC image creator tool has been extracted from OpenEmbedded-Core and is now maintained as a standalone project. The recipe in OE-Core now builds from this external source. A new wicenv image type was also added.

devtool IDE integration

The devtool ide-sdk command saw several improvements:

• gdbserver attach mode support.
• GDB pretty-printing for C++ STL types.
• Kernel module development support.

What's next

As an LTS release, wrynose will receive long-term maintenance. If you are on scarthgap (5.0), now is a good time to plan your migration. The migration guide is available at the Yocto Project documentation.

Embedded Linux

The world of embedded Linux continues to grow rapidly, encompassing a variety of topics from development to applications in modern technology. This week's articles delve into recent advancements, tools, and discussions happening within the embedded Linux community across various sectors.

Embedded Development Tools

This sub-theme focuses on tools and frameworks that are essential for developing embedded Linux applications, showcasing new resources and updates aimed at streamlining the development process.

• Explore the curated list of resources in awesome Embedded Linux resources.
• Gain insights into the development environments with Getting Started with Embedded Linux Podcast.
• Check out Embedded Linux Distribution & Solutions by SUSE to address challenges in IoT and edge devices.

Embedded Linux Applications

Embedded Linux is increasingly being integrated into various hardware applications. This section highlights discussions surrounding its applicability in contemporary hardware and systems.

• Discover the evolution of embedded Linux as it adapts to AI-Powered Edge Devices.
• Read about the Embedded Linux for i.MX Applications Processors by NXP and its features.
• Learn how embedded Linux influences product development in the era of Industrial AI.

Security in Embedded Systems

The security aspect of embedded Linux is critical, especially with its widespread use in various devices. This section covers vulnerabilities and security measures relevant to the embedded Linux ecosystem.

• Stay updated on the Dirty Frag Vulnerability that affects multiple distributions without patches yet.
• Review the implications of security updates and potential risks as outlined in Embedded Linux News and Analysis.
• Check recent enhancements in security patches and updates for embedded systems.

Events and Community Engagement

Engagement with the open-source community is vital for the continued growth of embedded Linux. This theme emphasizes upcoming events and collaborations that foster innovation.

• Register now for the Open Source Summit in Minneapolis happening May 18–20.
• Explore recent developments and community announcements featured in Bootlin's Embedded Systems News.
• Catch up on community discussions within the Linux Plumbers Conference 2023 focusing on the embedded Linux ecosystem.

Introduction

Since some years, I haven't built an embedded Linux without using a framework, like Open Embedded from the Yocto project. Then here, I wanted to make a guide to help you to build quickly, from "scratch" a very minimal embedded Linux to boot a target. The following examples have been written to boot a virtual Qemu target but, they can be adapted to boot a real target. Moreover, the build environment will be bootstrapped with a prebuilt cross-toolchain, I have chosen to use one provided by Bootlin and using glibc.

Setup the environment

First, it is required to install the packages that are needed to install and use the cross-toolchain but also to compile the host tools and to provide Qemu:

• The Ncurses libraries are only required to execute the command make menuconfig.
• The certificates and wget will be used to download the prebuilt toolchain.
• In the same way, git will be used to checkout the source of Busybox and Linux.
• The Qemu packages will be used to emulate system platform and to execute static binaries cross-compiled for aarch64 on the x86-64 host.

apt update
apt install -y --no-install-recommends \
    bc \
    build-essential \
    ca-certificates \
    cpio \
    file \
    flex \
    git \
    ipxe-qemu \
    libncurses5-dev \
    libncursesw5-dev \
    libssl-dev \
    qemu \
    qemu-system-aarch64 \
    qemu-user-static \
    wget

Now, it is time to download and install the prebuilt toolchain:

mkdir ~/src
cd ~/src
wget https://toolchains.bootlin.com/downloads/releases/toolchains/aarch64/tarballs/aarch64--glibc--stable-2020.08-1.tar.bz2
tar xvjf aarch64--glibc--stable-2020.08-1.tar.bz2

Once the toolchain has been extracted you have to set the required environment variables to cross-compile binaries:

• PATH: It shall be extended so that the cross-tools from the cross-toolchain will be available from the environment
• CROSS_COMPILE: In order to clarify the prefix used by the cross-tools
• ARCH: The architecture of the target platform

ls ~/src/aarch64--glibc--stable-2020.08-1/bin/*gcc
~/src/aarch64--glibc--stable-2020.08-1/bin/aarch64-linux-gcc

export PATH=~/src/aarch64--glibc--stable-2020.08-1/bin:$PATH
export CROSS_COMPILE=aarch64-linux-

Now, it is possible to call the cross-tools from the shell:

aarch64-linux-gcc -v
Using built-in specs.
COLLECT_GCC=~/src/aarch64--glibc--stable-2020.08-1/bin/aarch64-linux-gcc.br_real
COLLECT_LTO_WRAPPER=~/src/aarch64--glibc--stable-2020.08-1/bin/../libexec/gcc/aarch64-buildroot-linux-gnu/9.3.0/lto-wrapper
Target: aarch64-buildroot-linux-gnu
<...>
Thread model: posix
gcc version 9.3.0 (Buildroot 2020.08-14-ge5a2a90)

Concerning the variable PATH this one will be set afterwards because its value depends on the binary that will be built.

Build the Linux kernel

So, the environment is ready to pull the sources of the latest stable branch of the kernel Linux and to build them:

git clone git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
cd linux
git checkout -b local/linux-5.4.y origin/linux-5.4.y
# git show HEAD

export ARCH=arm64

make defconfig
  HOSTCC  scripts/basic/fixdep
  HOSTCC  scripts/kconfig/conf.o
  HOSTCC  scripts/kconfig/confdata.o
  HOSTCC  scripts/kconfig/expr.o
  LEX     scripts/kconfig/lexer.lex.c
  YACC    scripts/kconfig/parser.tab.[ch]
  HOSTCC  scripts/kconfig/lexer.lex.o
  HOSTCC  scripts/kconfig/parser.tab.o
  HOSTCC  scripts/kconfig/preprocess.o
  HOSTCC  scripts/kconfig/symbol.o
  HOSTLD  scripts/kconfig/conf
*** Default configuration is based on 'defconfig'
#
# configuration written to .config
#

# make menuconfig

make -j$(nproc)
  <...>
  AR      drivers/net/ethernet/built-in.a
  AR      drivers/net/built-in.a
  AR      drivers/built-in.a
  GEN     .version
  CHK     include/generated/compile.h
  LD      vmlinux.o
  MODPOST vmlinux.o
  MODINFO modules.builtin.modinfo
  LD      .tmp_vmlinux.kallsyms1
  KSYM    .tmp_vmlinux.kallsyms1.o
  LD      .tmp_vmlinux.kallsyms2
  KSYM    .tmp_vmlinux.kallsyms2.o
  LD      vmlinux
  SORTEX  vmlinux
  SYSMAP  System.map
  Building modules, stage 2.
  MODPOST 531 modules
  OBJCOPY arch/arm64/boot/Image
  GZIP    arch/arm64/boot/Image.gz

The command make defconfig will apply the default configuration for the target platform (cf. ARCH=arm64), and the compilation will be performed by make -j$(nproc).

The commands git show HEAD and make defconfig are optional: - the first is useful to verify that the latest commit corresponding to the latest tag of the branch linux-5.4.y. - the second can be used if you want to customize the kernel configuration.

NB. The kernel Linux but also Busybox and some projects use Kbuild to manage the build options

Populate the sysroot

The easy way to bootstrap a sysroot is to use Busybox that has been created to offer common UNIX tools into a single executable and it is size-optimized. To create a sysroot, it is only required to add a few configuration files.

The steps to pull and build Busybox are similar to those of the kernel Linux.

git clone git://git.busybox.net/busybox
cd busybox
git checkout -b local/1_32_stable origin/1_32_stable
# git show HEAD

export ARCH=aarch64
export LDFLAGS="--static"

make defconfig
# make menuconfig
make -j$(nproc)

make install

Here, the LDFLAGS is set to force static linking of Busybox quickly, but it is also possible to use make menuconfig to set CONFIG_STATIC=y. The advantage of the static executable is that it can be tested with Qemu:

qemu-aarch64-static busybox echo "Hello!"
Hello!
qemu-aarch64-static busybox date
Sat Jun 27 15:06:41 UTC 2020

The binary qemu-aarch64-static allows to execute a binary built for another architecture on the host computer, for example here it allows to execute the Busybox binary compiled for an aarch64 target on a x86-64 host.

The last command make install created a tree into the _install directory that can be used to populate the sysroot:

ls -l _install
total 4
drwxr-xr-x. 1 tperrot tperrot 974 Nov 30 15:22 bin
lrwxrwxrwx. 1 tperrot tperrot  11 Nov 30 15:22 linuxrc -> bin/busybox
drwxr-xr-x. 1 tperrot tperrot 986 Nov 30 15:22 sbin
drwxr-xr-x. 1 tperrot tperrot  14 Nov 30 15:22 usr

ls -l _install/bin
<...>
lrwxrwxrwx. 1 tperrot tperrot       7 Nov 30 15:22 umount -> busybox
lrwxrwxrwx. 1 tperrot tperrot       7 Nov 30 15:22 uname -> busybox
lrwxrwxrwx. 1 tperrot tperrot       7 Nov 30 15:22 usleep -> busybox
lrwxrwxrwx. 1 tperrot tperrot       7 Nov 30 15:22 vi -> busybox
lrwxrwxrwx. 1 tperrot tperrot       7 Nov 30 15:22 watch -> busybox
lrwxrwxrwx. 1 tperrot tperrot       7 Nov 30 15:22 zcat -> busybox

In order, to finalize this minimal sysroot, it is required to create a rcS init script:

mkdir _install/proc _install/sys _install/dev _install/etc _install/etc/init.d
cat > _install/etc/init.d/rcS << EOF
#!/bin/sh
mount -t proc none /proc
mount -t sysfs none /sys
/sbin/mdev -s
[ ! -h /etc/mtab ]  && ln -s /proc/mounts /etc/mtab
[ ! -f /etc/resolv.conf ] && cat /proc/net/pnp > /etc/resolv.conf
EOF
chmod +x _install/etc/init.d/rcS

Build the filesystem

The target of this step is to package the sysroot tree into a filesystem that can be mounted by the kernel. There is two available possibilities, either build a ramfs or a rootfs.

Globally, the difference between both is that:

• the ramfs is a very simple filesystem that can be used by the kernel to create a block device into the RAM space from an archive.
• the rootfs is a filesystem mounted from a non volatile device by the kernel.

For more information about the difference between the ramfs and the rootfs, you can you refer to the kernel documentation.

mkdir _rootfs
rsync -a _install/ _rootfs
chown -R root:root _rootfs
cd _rootfs
find . | cpio -o --format=newc > ../rootfs.cpio
cd ..
gzip -c rootfs.cpio > rootfs.cpio.gz

dd if=/dev/zero of=rootfs.img bs=1M count=10
mke2fs -j rootfs.img
mkdir _rootfs
mount -o loop rootfs.img _rootfs
rsync -a _install/ _rootfs
chown -R root:root _rootfs
sync
umount _rootfs

Boot the target

Following, the qemu commands to boot the minimal embedded Linux system that has been built.

# With the ramfs
qemu-system-aarch64 -nographic -no-reboot -machine virt -cpu cortex-a57 -smp 2 -m 256 \
    -kernel ~/src/linux/arch/arm64/boot/Image \
    -initrd ~/src/busybox/rootfs.cpio.gz \
    -append "panic=5 ro ip=dhcp root=/dev/ram rdinit=/sbin/init"

# With the rootfs
qemu-system-aarch64 -nographic -no-reboot -machine virt -cpu cortex-a57 -smp 2 -m 256 \
    -kernel ~/src/linux/arch/arm64/boot/Image \
    -append "panic=5 ro ip=dhcp root=/dev/vda" \
    -drive file=~/src/busybox/rootfs.img,format=raw,if=none,id=hd0 -device virtio-blk-device,drive=hd0

Then the target will be boot to shell, "It's alive!":

[    0.000000] Booting Linux on physical CPU 0x0000000000 [0x411fd070]
[    0.000000] Linux version 5.10.0-rc5 (tperrot@27ea4a863f61) (aarch64-linux-gcc.br_real (Buildroot 2020.08-14-ge5a2a90) 9.3.0, GNU ld (GNU Binutils) 2.33.1) #1 SMP PREEMPT Mon Nov 30 14:40:05 UTC 2020
[    0.000000] Machine model: linux,dummy-virt
<...>
[    0.858346] Sending DHCP requests ., OK
[    0.870558] IP-Config: Got DHCP answer from 10.0.2.2, my address is 10.0.2.15
[    0.870909] IP-Config: Complete:
[    0.871199]      device=eth0, hwaddr=52:54:00:12:34:56, ipaddr=10.0.2.15, mask=255.255.255.0, gw=10.0.2.2
[    0.871566]      host=10.0.2.15, domain=, nis-domain=(none)
[    0.871825]      bootserver=10.0.2.2, rootserver=10.0.2.2, rootpath=
[    0.871866]      nameserver0=10.0.2.3
[    0.872389]
[    0.875863] ALSA device list:
[    0.876151]   No soundcards found.
[    0.879353] uart-pl011 9000000.pl011: no DMA platform data
[    0.920237] Freeing unused kernel memory: 5952K
[    0.921223] Run /sbin/init as init process

Please press Enter to activate this console.