OpenEmbedded Workshop 2020
This year, co-located to the FOSDEM in Brussels, the first OpenEmbedded workshop was held. About 30 OpenEmbedded (and Yocto Project) enthusiasts - from the developers of the first hour to those still collecting their first experiences - got together at the DigitYser tech hub in Brussels. Pengutronix attended with their two developers most involved in OpenEmbedded: Jan Lübbe and Enrico Jörns.
The schedule for this day, introduced together with some warm welcoming words by Philip (crofton) Ballister, announced a bunch of promising talks with a slight focus on container and BSP topics.
Two longer coffee and one lunch break with sponsored food left enough time for socializing and discussing topics of interest.
One of this day's talks worthy of special mention is Bruce Ashfield's "CNCF on the edge: containers++" where he pointed out the entire scale of containers from the early beginnings of simple chroots to cloud native while keeping the focus on showing what of this is already provided by the OpenEmbedded ecosystem, e.g. with meta-virtualization or the container-based distribution OryxOS. But he also noted possible pitfalls of this world, like lock-in by relying too much on a specific runtime.
How to actually use OpenEmbedded to build container-based systems of different complexity was demonstrated by Scott Murray in "Building Containers with OpenEmbedded: Current State of the Art". He also sketched how bitbake's multiconfig capabilities can be used to generate a host system with built-in (generated) container images from a single bitbake run.
With "How to write a really good BSP layer" Chris Simmonds contributed one of his famous talks about technology basics where he pointed out the trinity of distro, machine, and image whose separation is one of the core powers of the OpenEmbedded build system. He sharpened the mindset and emphasised some practical guidelines to write a good and minimalistic BSP layer.
Last but not least, Pengutronix CTO Jan Lübbe's talk A Common Infrastructure for PKCS#11-Based Code Signing gave some technical insights in Pengutronix' recent developments to ease the more and more relevant topic of code-signing with OpenEmbedded. Code-signing is a key requirement to ensure deployed systems run the expected software and can be recovered from runtime compromise. With the classes and helper tools currently being developed in meta-code-signing one can access keys via PKCS#11 URIs from a crypto token to sign the (barebox) bootloader, FIT images or RAUC update bundles.
We would like to say many thanks to Philip (crofton) Ballister and the OpenEmbedded board for organizing this event!