Open Source Summit + Embedded Linux Conference North America 2026

BusyBox is a go-to userspace stack for embedded routers, but BusyBox syslogd remote logging is often deployed without transport security—sending logs in plaintext across networks. In enterprise deployments, there exists a security and compliance gap when encrypted log transport, such as RFC 5425-style secure syslog, is expected.

This talk shares a production-driven approach: after evaluating syslog-ng/rsyslog and weighing their integration cost against embedded constraints, we added TLS 1.3 directly to BusyBox syslogd using OpenSSL APIs, reusing crypto already on the device. We’ll demo end-to-end secure logging (router → syslog server), including optional server certificate pinning to reduce MITM risk, and validate the improvement with a packet capture.

We’ll then cover embedded-specific engineering details: preserving UDP logging behavior for backwards compatibility, gating TLS behind a build-time feature flag, testing success/failure paths (handshake and pinning errors), and overnight memory monitoring of syslogd. We’ll close with upstream interest in syslog over TLS and next-step considerations.

GCC is default toolchain for Linux based systems, ever since the Linux Distributions were being put together from early days of Linux. However, there have been important developements in compiler technologies and LLVM project has come along. The LLVM infrastructure has been used to build various different compilers for different languages, Clang is the C/C++ static compiler and rust also uses LLVM. There is LLD ( LLVM Linker ) LLDB, ( LLVM Debugger ). binutils like objcopy, objdump, strip etc. are also added. C/C++ compiler runtime in compiler-rt/libc++ has matured as well. The compiler has been used to build Linux Kernel already, However, it can be used to build full Embedded Linux Systems using infrastructure like Yocto project. This talk will showcase that a Linux system can be built completely using LLVM toolchain, replacing the compiler, compiler-runtime, binutils with LLVM built tools. In addition it will also discuss the modern tooling provided with LLVM and Clang and static analyser ( clang-scan ), clang-tidy, clanf-format etc. show-casing additional tooling that can be used by developers e.g. sanitizers.

Modern heterogeneous SoCs often integrate multiple remote processors (rprocs) that control peripherals for safety purposes, alongside a general-purpose processor running a HLOS like Linux. In automotive systems, these peripherals still need to be shared with Linux for complex use cases like Ethernet traffic sharing, coordinating multiple display pipelines. The Remote Processor Messaging (RPMsg) framework in Linux enables this model by providing an efficient IPC mechanism, allowing devices owned by rprocs to be exposed to Linux as standard devices through virtual kernel drivers built on top of RPMsg. With the growing adoption of this approach, interfaces like rpmsg-gpio, rpmsg-i2c, rpmsg-net are becoming increasingly common.

Using the upstreamed rpmsg-tty driver as an example, this talk presents:
1. The key design principles for building virtual drivers with RPMsg, covering topics like channel & endpoint management(static vs dynamic), synchronization.
2. A comparative study of RPMsg-based solutions with its VirtIO alternative, highlighting trade-offs in latency, resources and use case suitability.
3. Challenges, upstreaming lessons, common pitfalls and scope for future improvement.

In this talk, Tim will describe the status of work to reduce boot-time for Linux systems. This include work by the Boot-Time Special Interest Group (SIG), as well as others in the Linux ecosystem. We will cover patches that have gone upstream to the Linux kernel and to systemd in the past year, their potential boot-time savings, and how to use them in your own projects. Patches in progress will also be discussed. Tim will summarize recent boot-time talks from other events (particularly Linux Plumbers Conference), highlighting some of the techniques that were described. Finally, Tim will present his own work to build a boot-time wizard program, to help developers find boot-time bottlenecks and areas where boot speed can be improved.

With more stringent regulations for automotive usecases, every millisecond of boot time is critical. Safety features like rear-view camera and surround view must start working quickly to meet regulations. A typical solution is to have custom boot loaders as they are often faster than U-Boot and the memory footprint of U-Boot has been increasing as device trees grow larger. However, U-Boot provides significant advantages: rich driver model, broad hardware and strong community support.

This raises an important question: how can U-Boot be made a more attractive alternative to custom RTOS bootloaders w.r.t boot time and memory footprint? The answer lies in "bootph" (boot phase) tags, which enable selective node tagging to solve the above-mentioned problems.

This session aims to cover the following:
1. Overview of U-Boot boot phases(SPL, VPL, TPL & U-Boot proper).
2. Deep dive into bootph tags: usage, meaning, and how they affect each boot phase.
3. Common pitfalls: accidentally removing SPL-required nodes, over-tagging shared peripherals, and overusing bootph-all tag.
4. A live case study demonstrating how U-Boot matched the boot time of a custom RTOS bootloader on the TI J7200 SoC.

Secure boot is becoming essential for more embedded Linux systems, yet secure firmware signing at scale remains challenging. Traditional approaches often rely on manual, locally managed scripts and cryptographic keys, leading to increased security risks from development to production environments. This presentation demonstrates a practical approach to secure boot image creation using U-Boot's Binman tool integrated with Hardware Security Modules (HSMs) for cryptographic signing. We examine how Binman assembles multi-stage boot images and delegates signing to HSMs, protecting private keys while enabling automated builds. We will also explore how Binman's signing workflow can be adapted to support various HSM deployment models. Attendees will understand how image signing with Binman establishes a secure boot chain of trust, why HSM-backed signing is critical for production systems, and how open-source tools can be combined with security best practices to create more robust and scalable firmware signing workflows. The goal is to help the broader open-source ecosystem adopt more standardized and secure practices for firmware image creation and signing suitable for production deployment