Konsulko Group: The Year in Review 2025

/by

In 2025, as in our previous 13 years in business, Konsulko Group focused on the practical hardware and software engineering that help companies build breakthrough embedded devices. More and more, this has been with a specific emphasis on deploying Edge AI. We worked alongside companies creating real-world products using AI-capable hardware in medical devices, robotics, smart transportation, and industrial automation.

Beyond our core services, we announced a new platform for Edge AI and published technical guides to address common integration challenges. The following highlights cover the technical work and resources we delivered this year to support embedded product development.

Introducing Konsulko Orca OS for Edge AI

On November 2, we launched Konsulko Orca OS, the production-ready Linux operating system designed for secure, high-performance AI applications on NVIDIA Jetson platforms. Built on the Yocto Project, and delivered as part of Konsulko Group’s software services, Orca OS is engineered from the ground up for deployment in real-world, commercial products, featuring long-term support, secure boot, encrypted storage, hardened production builds, remote diagnostics, reliable over-the-air (OTA) updates and cloud management.

Konsulko also offers end-to-end Jetson development services for the entire NVIDIA Jetson family, including custom hardware designs, board bring-up and application integration with OTA updates.

Custom Hardware for Complex Embedded Systems

Konsulko continued to deliver hardware design services ranging from schematic capture and PCB layout to rapid prototyping, custom SOMs and carrier boards, to manufacturing management. Serving the consumer electronics, medical, telecommunications, and industrial sectors, our engineers integrate robust hardware design with secure, production-ready software to accelerate our customers’ deployment of their devices.

Production Engineering for Medical and Utility Robotics

Our services work in 2025 focused heavily on deploying Edge AI in regulated and industrial environments. For example, we provided a production-secure, encrypted OS using Yocto and a mainline Linux kernel to serve as a base for AI applications operating at the edge for smart grid monitoring systems. 

Konsulko assisted with two separate medical device projects, both built on the NVIDIA Jetson platform. For both projects, we migrated the underlying OS from NVIDIA L4T to a production-ready Yocto Project distribution. A key requirement was creating and maintaining a custom SDK to enable their developers to build CUDA applications. Additionally, we ensured another medical device running on Yocto remained current by updating it with the latest NVIDIA SDK releases.

Addressing Hardware Security on NVIDIA

Implementing a full Chain of Trust on high-performance SoCs remains a significant challenge for engineering teams. In July, we published the technical guide, Cybersecurity on NVIDIA: Why Embedded Lags Enterprise Linux.

Embedded Linux systems, even on popular platforms like NVIDIA Jetson, can sometimes lag behind enterprise Linux distributions in terms of cybersecurity practices and promptness of security updates. This guide provides a high-level overview of the methodology and components utilized to secure Jetson hardware on production projects. 

The process establishes a hardware-based root of trust, which is then extended to verify the integrity of every subsequent boot stage, all the way to the Linux userspace. Furthermore, the solution incorporates encryption-at-rest to protect sensitive intellectual property in deployed systems.

Standardizing Hardware-in-the-Loop Testing (Labgrid)

At Open Source Summit Europe in August, Konsulko Principal Software Engineer Tim Orling (with Trevor Gamblin of Bay Libre) presented Powering Up: Lab Automation With Labgrid and CI. This highlighted a standardized testing infrastructure we can use for customer projects. 

We can utilize Labgrid (a Python library for embedded control) to integrate physical boards into the Continuous Integration pipeline. Instead of relying on QEMU or manual QA, we automate power cycling, serial console interaction, and GPIO manipulation on actual hardware to catch regressions in the boot process or hardware interaction layers before code reaches the client.

We have also leveraged this capability to support the U-Boot community. Specifically, we enabled the community to run their existing test suite automatically in Gitlab CI. This automation covers four distinct hardware platforms and various software configurations.

Executing Windows CE to Linux Migration

As Konsulko Principal Software Engineer George McCollister described in his technical blog post Migrating from Windows CE to Yocto-based Embedded Linux in January, our team managed several legacy migration projects for industrial customers. These projects involved porting application logic from deprecated Windows CE environments to supported Yocto Project-based Linux builds. 

We delivered modernized OS images that maintained existing application behavior while moving the underlying system to long-term supported (LTS) kernels, mitigating the security risks associated with end-of-life operating systems.

Explaining “Embedded Systems” to professionals in other fields

Those of us working in this field for 20-30 years (or more) can sometimes forget that the basics — what these systems are and the steps we take every day to make them work — may seems very foreign to folks in corporate management, finance, or students and newcomers to embedded engineering.

To this end, Konsulko Group started a series of informational articles. The first asks the overarching question: What is Embedded Systems Design?

Continuing our Contribution to Open Source communities

Throughout 2025, Konsulko engineers maintained their seats on the OpenEmbedded Board of Directors and the Yocto Project Technical Steering Committee, and played a key role in organizing and presenting at multiple community events. Our engineers continue in the role of project maintainer and make significant contributions to numerous Open Source projects.

We look forward to working with you in 2026 on building your next embedded device. Please contact us anytime to discuss your new or on-going hardware and software requirements.

Introducing Konsulko Orca OS, the Platform for the Edge

/by

Konsulko Orca OS™ is a secure, production-ready, and commercially supported Linux operating system designed for Edge AI and IoT devices. 

Delivered as part of Konsulko Group’s extensive software services for companies developing embedded devices, Orca OS provides a robust and reliable foundation for your products, enabling secure boot, encrypted storage, and reliable over-the-air (OTA) updates. 

Optimized for NVIDIA Jetson Orin platforms, Orca OS allows you to leverage powerful AI and machine learning frameworks in a secure and manageable environment.

Production-Ready by Design

Orca OS is engineered from the ground up for deployment in real-world commercial products. It includes long-term support, failsafe A/B OTA updates with rollback, hardened production builds, remote diagnostics, and cloud management via Azure IoT Hub. 

Emphasizing a security-first approach, Orca OS utilizes NVIDIA secure boot and dm-verity for a read-only root filesystem, plus dm-crypt/LUKS for encrypted data.

Built on Yocto Project

Konsulko Orca OS is built on the Yocto Project, and based on the latest stable and LTS Yocto Project releases. Yocto Project allows for the creation of custom Linux-based systems with unparalleled control and efficiency. 

Key advantages include broad industry and community support, reproducible builds from same source inputs, tailored SDKs for application development, and automatically-generated Software Bills of Materials (SBOMs) for security and compliance.

Bring Your AI Vision to the Edge

In addition to Orca OS, Konsulko provides end-to-end Jetson development services. From the earliest TK1 to the latest Orin and Thor families, Konsulko Group delivers production-ready, secure, and robust embedded Linux solutions for the entire NVIDIA Jetson family. From custom board bring-up to application integration with OTA updates, we provide the deep expertise you need.

To unlock the full potential of your edge devices with the security and reliability of Konsulko Orca OS and Edge AI services, please contact us today. Our expert team is ready to help you customize the platform that meets your specific product needs.

Cybersecurity on NVIDIA: Why Embedded Lags Enterprise Linux

/by

Embedded Linux systems, even on popular platforms like NVIDIA Jetson, can sometimes lag behind enterprise Linux distributions in terms of cybersecurity practices and promptness of security updates. Here’s why:

Customization and Divergence

Embedded Linux systems often involve significant customization and the use of specialized components (including NVIDIA hardware), which can diverge from the more homogenous use cases served by the enterprise Linux vendors that have one-size-fits-all distributions.

Resource Constraints

Embedded devices typically operate with limited resources (power, memory, processing power). These constraints can hinder the adoption of certain advanced security features available in enterprise Linux environments.

Update Cycles

Embedded systems, especially in critical infrastructure or applications, often have longer lifecycle requirements (lasting 10 years or more) compared to enterprise systems (typically 3-5 years). Constraints on cost and available bandwidth for metered data service (such as an LTE modem) can be a consideration as well. This can result in slower security patching and updates, leaving devices vulnerable to known exploits.

Threat Models

Embedded systems often face a different threat model compared to enterprise systems, including the possibility of physical access by attackers. This requires a tailored approach to security that may not be fully addressed by enterprise-focused solutions.

Less Stringent Security Measures

Traditionally, embedded devices sometimes lack robust mechanisms for detecting tampered files or unauthorized data access, making them attractive targets for offline attacks. 

Making Embedded Systems Secure

Konsulko Group has always worked with our customers to help them build secure embedded products, including new “AI on the Edge” devices on NVIDIA platforms.

Building a Chain of Trust

Konsulko engineers use their expertise to establish a secure boot process, ensuring the integrity of the system and core software from boot-time to end-of-life. This involves encrypting, verifying, and measuring the integrity of the system and core software at each stage.

Integration with Yocto Project and Key Management

We integrate security technologies within the Yocto Project framework for embedded Linux development, and manage cryptographic keys, which are crucial for secure communication and data protection.

On-Going Support and Maintenance

We offer services to support the long-term security and maintenance of these systems, helping to bridge the gap between enterprise and embedded security practices over the device’s lifecycle.

Security, Secure Boot and Chain-of-Trust Experts on NVIDIA platforms

Konsulko Group has extensive expertise in commercial device security, with proven expertise in security-critical and production-ready systems. We have an embedded-first mindset with a focus on long-term maintainability, and have been a trusted partner in embedded Linux and NVIDIA ecosystem development.

Our engineers have had over two decades working with the open source technologies necessary to help you effectively manage and support the security of your project. We have real customer success across medical, industrial, transportation and defense sectors.

Please contact us to learn how our engineering team can accelerate your next embedded product.

Integration and troubleshooting: Sterling LWB+ radio module

/by

Konsulko engineers are often asked to evaluate radio modules and other hardware that may be used with one of our customers’ custom boards for an upcoming embedded product. 

Recently, for two separate clients, we completed a detailed review of two WiFi/Bluetooth modules based on the Infinion CYW43439, manufactured by Ezurio (formerly Laird Connectivity and Boundary Devices). Ezurio hardware seems to be a popular choice, especially in the US, but Konsulko has no commercial relationship with the company and has made a purely technical evaluation.

Konsulko Senior Engineer Darko Alavanja has written this Integration and Troubleshooting Guide focussing on the Sterling LWB+ with WiFi 4 and Bluetooth 5.2 support. It has SDIO 2.0 and HCI HS-UART interface with a few additional GPIOs for turning on the module’s WiFi and/or BT regulators, sleep operation etc.

The Sona IF-513 module is M.2 form factor module that that supports Wi-Fi 6E + Bluetooth® 5.4 and uses SDIO 3.0 and HS-UART. It has a similar setup to Sterling LWB+ with one important quirk discussed in the Guide.

Topics include:

  • Hardware setup
  • GPIOs
  • SDIO interface – WiFi
  • HCI UART interface – Bluetooth
  • Yocto Build Setup
  • Kernel config
  • Device tree setup
  • Runtime validation

The troubleshooting section addresses:

  • Kernel build issues
  • Power sequencing
  • Module response to SDIO commands
  • SDIO data lines

You may download the guide to Integration and Troubleshooting of a Sterling LWB+ radio module here.

Migrating from Windows CE to Yocto-based Embedded Linux

/by

After 27 years, Windows CE, later known as Windows Embedded CE and Windows Embedded Compact, reached its end-of-life in 2023. Konsulko Group has been helping customers who formerly used Microsoft’s OS for embedded devices to transition to Linux. This short article by Konsulko Principal Software Engineer George McCollister outlines the steps.

Choosing the right software components and tools

Linux, with its vast hardware support and software ecosystem is a natural replacement for device manufacturers that used Windows CE to migrate their product offerings.

The Yocto Project unifies the OpenEmbedded build system and other tools to provide a powerful launch platform for your Embedded Linux device. Recipes for hundreds of software packages are included and thousands more are available through 3rd party layers. Most SoC vendors provide a Yocto compatible BSP (Board Support Package) layer with recipes for building a boot loader and OS kernel. It’s also possible to create your own BSP layer either from scratch or to extend a vendor provided layer.

The most important part of the Windows CE to Yocto-enabled Embedded Linux transition process is understanding the available software components and tools so you can choose the most suitable replacements. It’s common for Windows CE devices to have more custom software since the software ecosystem is much smaller than Embedded Linux. It’s critical to identify which custom software can be replaced with software provided by Yocto Project and third-party layers. Choosing the correct existing tools, drivers, libraries and frameworks will provide a smoother transition and more robust, easy to maintain final product.

Windows CE to Yocto Based Embedded Linux Migration

Getting Started

A good first step is to perform the Yocto Project Quick Build. This will familiarize you with the basics required to build an Embedded Linux Image and find the appropriate BSP layer for your hardware. Once you add a BSP layer you can build an image such as core-image-minimal for one of the MACHINEs provided by the BSP. This build process will usually provide a boot loader image (typically U-Boot), a Linux kernel image, a Linux devicetree blob and filesystem image. Some BSPs will provide a wic image that can be directly flashed to bootable media such as a Micro SD card. Unlike Windows CE, the default file system type used for the root file system is usually Ext4.

Kernel Drivers and Devicetree

Before attempting to port any device drivers from Windows CE, check to see if a suitable driver already exists in the Linux kernel. The first place to look is in the official Linux kernel source tree. The drivers directory is organized into subsystems, find the subsystem for the type of device that you’re looking for and browse through available drivers. If you’re unable to locate a driver for the device, download the source code and search the driver directory for the part number or partial part number. For example if you were looking for a driver for the TI  WL1837MOD WiFi and Bluetooth module you would try searching for “wl1837” with a tool such as git grep. This would lead to the following results in this case but if you were still unable to find a device driver the next place to look is on the component manufacturer’s website.

bluetooth/hci_ll.c:     { .compatible = "ti,wl1837-st" },
net/wireless/ti/wlcore/sdio.c:  { .compatible = "ti,wl1837", .data = &wl18xx_data },
net/wireless/ti/wlcore/spi.c:   { .compatible = "ti,wl1837", .data = &wl18xx_data},

For bluetooth you would use the hci_ll driver and for wireless LAN you would use the wlcore driver. Once you find the compatible string for the driver you want to use, you need to add an entry for it to the kernel devicetree under the appropriate node. If the module was connected via SPI controller 1 you would add the new node under the spi1 node. Documentation/devicetree/bindings in the Linux kernel source includes information about the devicetree properties the driver recognizes.

System and Init Manager

Linux systems have a system and init manager. Yocto defaults to building the OS image with the SysVinit system but systemd and BusyBox init are also available. BusyBox init can be suitable for very simple embedded systems while systemd is better suited to systems that have many running services with interdependencies.

Adding Additional Software to your Image

Once you’re able to build and boot a basic Linux system consisting of a boot loader, kernel and simple root file system you can explore adding additional software into your image. There are hundreds of packages that you can include in your image available in poky and hundreds more available in meta-openembedded.

If there’s no recipe for the software you want to add in either poky or meta-openembedded it may be provided by a 3rd party layer. The OpenEmbedded Layer Index makes it easy to find 3rd party layers by browsing or searching by layer or recipe name.

Running .NET Applications on Linux

If you’re migrating software written to use .NET framework there are two different Yocto compatible layers available which allow it to run on Linux.

  • meta-mono provides Mono which is an open source implementation.
  • meta-dotnet-core uses Microsoft provided .NET Core binaries.

Porting Win32 Applications to POSIX

If you have application code that uses the Win32 API it will need to be ported to use a combination of POSIX function calls and other libraries. Any Win32 threading or synchronization function calls made from C will need to be changed to use pthreads. C++ code can be changed to use concurrency classes which abstract pthread calls. Win32 code that creates or interacts with window objects (HWND) will need to be changed to use a different graphical framework such as GTK or Qt.

Qt Framework on Linux

If you’re using Qt Framework in Windows CE you can utilize the meta-qt5 or meta-qt6 layers (depending on which version of Qt your application uses) to build the framework and provide bitbake classes to build your application.

System Updates

There are multiple Yocto compatible solutions available for doing OTA and other types of updates.

Need some help or good advice?

Konsulko Group’s long history with Linux, Yocto Project and OpenEmbedded can provide the expertise customers need when moving to an embedded, open source operating system. Some of Konsulko’s engineers were working with Linux even before the inception of Windows CE in 1996, and many have years of experience moving product offerings from proprietary RTOSs to Linux. Contact us to discuss how we can help with your migration.

16 case studies featured in Konsulko Group’s Year in Review

/by

As we reach the end of 2024, we want to thank our customers, partners and engineers for another successful year (our 12th!) helping companies around the world develop their embedded products.

We’ve collected sixteen new case studies across multiple industries to showcase our work and give a sense of the scope and breadth of our engineering across multiple industries.

Healthcare Industry Solutions

At Konsulko Group, we provide engineering services to help our customers develop innovative, secure, and FDA-compliant healthcare products. With expertise spanning biometric sensor integration, secure embedded Linux development, and scalable system design, we provide software and hardware engineering services to support our customers in the medical industry as they develop innovative and reliable products. 

Our work spans a wide range of applications, and we are engaged by Point-of-Care Diagnostics companies, Medical Device Startups, Robotics and Automation developers, Biometric Sensor Integration projects and established Healthcare manufacturers.

Read two case studies:

  • Secure Point-of-Care Diagnostics
  • Communication Hub Proof-of-Concept

Industrial Automation, Heavy Equipment Manufacturers and Smart Energy

Konsulko Group provides engineering services to support customers in designing and developing innovative products across the industrial and heavy equipment market. Our clients rely on our expertise to bring their ideas to life, whether they are building advanced agricultural machinery, mining systems or industrial automation equipment. While we do not deliver turnkey solutions, we offer the hardware and software engineering capabilities necessary to help our customers achieve their goals.

We work with a diverse range of customers, including global leaders in Agriculture Technology, Mining Equipment, Transportation and Railway Technology providers, Heavy Machinery manufacturers, and Food and Manufacturing Equipment suppliers. 

We’ve published five case studies:

  • Secure Device Management in Industrial Automation
  • Scalable IoT Device Management on Kubernetes for Construction/Home Automation
  • Addressing Emissions Issues in i.MX8M-based hardware for MIL-STD461G Compliance
  • Custom Yocto Build for Nvidia Jetson Xavier AGX for Defense/Industrial manufacturers
  • Real-Time PRU and Xenomai Integration for ADC Data Acquisition on BeagleBone Black for the Smart Energy industry

Services for the Telecommunications Industry

Konsulko Group has extensive experience providing engineering services to support our telecommunications customers in designing and developing innovative technologies. With expertise in embedded Linux software and hardware engineering, we help our customers create next-generation products. 

We collaborate with a diverse range of customers in the telecommunications industry, including Network Infrastructure suppliers, Wireless Communications innovators, Satcom Technology developers, Telecom Monitoring and Optimization specialists, and Defense and Secure Communications providers.

You may read detailed descriptions of five of our engagements here:

  • Prototype Development of New Networking Architecture
  • Embedded Linux Engineering for Networking Routers
  • Yocto Project Customization for Advanced Telecommunications Hardware
  • Secure Embedded System with Webserver and Device Driver Development
  • Driver Development for High-Performance FPGA Ethernet Systems

Engineering the Next Generation of Transportation

The transportation industry is undergoing a technological revolution, and Konsulko Group is at the forefront, helping customers develop embedded systems that drive innovation in connected vehicles, autonomous platforms, and advanced automotive technologies.

We work with a diverse range of customers in the transportation industry, including Connected and Autonomous Vehicle developers, Semiconductor leaders, Mapping and Navigation innovators, Industry Consortiums and OEMs, and Silicon Valley Innovation Offices.

We’ve posted four case studies of a few of our engagements:

  • Audio System Integration for Autonomous Vehicle Platform
  • Apple CarPlay Integration for Automotive Infotainment
  • Multimedia Audio System Development and Integration
  • Debugging and Resolving Infotainment System Freeze Issues

Expanding Konsulko’s reach and expertise

Embedded hardware engineering

Konsulko Group offers complete hardware services including design, integration, validation and certification, rapid prototyping, biometric signals, sensors, wireless communications, low power applications and manufacturing test/support.

In April, Konsulko Group welcomed three veteran hardware developers to our growing team. Alexandar Kalaydjiev now serves as Konsulko Hardware Director. Marin Balkandjiev and Tsvetan Mudrov, PhD joined Konsulko as Principal Hardware Engineers.

Customers can leverage their technical expertise and extensive experience to create comprehensive products and solutions tailored to their specific requirements.

Konsulko hardware engineers can manage and facilitate the production of the developed products, ensuring their successful realization. We can provide deployment support as required, ensuring a smooth transition for the end-customer.

New in 2024 to our expert team of engineers

In addition to our Hardware group, Konsulko continues to attract outstanding talent to our team. This year we have added three individuals who represent some of the best in embedded Linux and open source engineering.

  • Peter Tyser has designed hardware and software for rugged, high performance computers targeting military, aerospace, and industrial applications. He has hands-on experience with hardware design, board bring-up, board debug, firmware development, OS development, documentation, failure analysis, product verification, and anti-tamper security.
  • Andrew Bradford (bradfa) is an author/developer of the “Cross Linux From Scratch” embedded book and has contributed patches to the Linux kernel, u-boot, and Yocto/OpenEmbedded projects. He also has extensive experience with EnergyStar and EMC/EMI testing, compliance, and certification.
  • Filipe Pires has crafted robust, efficient, and user-friendly applications that run seamlessly on Linux platforms. Filipe is experienced in build automation, scripting, and web development, with proficiency in multiple frameworks and industry best practices.

You can learn more about the whole Konsulko team of embedded hardware and software consultants on our Meet the Team page.

Open source contributions and conferences

Konsulko’s senior leadership have been contributors in the Linux kernel and other OSS communities since the late 1990s. In addition to our commercial engineering work for our customers, the Konsulko team continues to have active roles in a number of Open Source projects including U-Boot, Yocto Project, OpenEmbedded and Automotive Grade Linux (AGL).

Konsulko engineers made presentations at open source and commercial conferences and developer gatherings including Embedded Linux Conferences (North America and Europe), AGL All Member Meetings and Yocto Project Summits. We also published seven new technical articles as blogs on our website.

All of us at Konsulko Group look forward to working with you in the coming year. Contact us to explore how our engineering services can help bring your innovative products to life in 2025 and beyond.

Konsulko to speak at multiple OSSE events, September 16-19

/by

We’re heading to Austria for Open Source Summit Europe, with a large contingent of our engineers, as well as four speakers for this always important conference.

September 16: AGL updates to Yocto Project 5.0

Principal Engineer Scott Murray will join the Linux Foundation’s Walt Miner to present “What’s Happening with Automotive Grade Linux and How Our Update to Yocto 5.0 Went.” Walt and Scott will share some lessons learned from upgrading from the 4.0 to 5.0 versions of the Yocto Project and provide an update on the latest AGL features included in the Ricefish release.

September 17: Rewriting zblock in Rust

Vitaly Wool, Principal Engineer and GM of Konsulko AB will discuss “Rusty Swapping: Rewriting a Zswap Backend in Rust.” Rust has gained popularity as the second Linux kernel high-level language. Recently, Vitaly rewrote a zswap backend called zblock in Rust. This talk will cover the main principles of zblock (which stay the same no matter which language is used), the obstacles met while implementing it in Rust, and finally the comparison of the two.

September 17: Best Practices for Scarthgap

Principal Engineer Tim Orling will present “Are You Ready For Scarthgap? Best Practices For The Latest Yocto Project LTS Release.” Tim will discuss setting up your own “distribution” and board-support package (BSP), and share techniques for managing and discovering layers. He’ll discuss best practices to ensure your public layers are ready for the Layer Index, and investigate meta-lts-mixin layers. He’ll look at the latest tools for Software Bill of Materials (SBOM), license compliance (SPDX), and software vulnerabilities (CVEs), and share ways to leverage new IDE tools added in this release.

September 19: A/B Update Solutions with Yocto Project

At Yocto Project Developer Day 2024 (co-located with OSEE) Senior Engineer Leon Anavi will provide a “Side-by-side Comparison of Dual A/B Update Solutions with the Yocto Project.” Leon’s talk will provide a detailed exploration of Mender, RAUC, and swupdate, comparing them on the same hardware platforms. He’ll discuss their advantages and disadvantages and how to select the most appropriate open-source solution for specific projects. Leon will delve into various use cases and practical examples, concluding with a side-by-side comparison.

We hope you’ll be able to join us in Vienna.

Software Updates on i.MX8MP, Part 2: Mender & Yocto Project

/by

Software over-the-air (OTA) updates are essential for any modern embedded Linux device. In part 1, we explored A/B software updates using RAUC and qbee.io. For our demonstrations, we utilized the new open source hardware Olimex’s iMX8MPlus System on Module (SOM) and Evaluation Board (EVB). The NXP i.MX8MP is a robust microprocessor, ideal for industrial-grade applications and widely adopted across various industries. In part 2, we will use Mender to update the same hardware.

About Mender

Mender.io is an open-source platform designed for managing and deploying over-the-air (OTA) updates to embedded devices. It provides a reliable and secure method to keep devices up-to-date, minimizing downtime and reducing the risks of manual updates. Mender supports an open-source A/B update scheme and offers an optional proprietary implementation for delta updates.

As a turnkey solution, Mender features a web interface for comprehensive device management and is available as a Software-as-a-Service (SaaS) for small and medium businesses, as well as hosted or on-premise solutions for large enterprises. It supports robust update strategies, rollback mechanisms, and add-ons for configuring, monitoring, and troubleshooting devices. Mender is a state-of-the-art solution for maintaining and managing fleets of connected devices across various industries.

Building an Image with Mender

Here are the steps to build core-image-base with Mender for Olimex:

  • Install the kas tool (optional: to install it globally for all users, run the installation as root or using sudo):
pip install kas
  • Clone meta-mender-community git repository for Yocto LTS release 5.0 (scarthgap):
git clone -b scarthgap https://github.com/mendersoftware/meta-mender-community
  • Create a build directory and navigate into it:
mkdir -p meta-mender-community/mender-nxp && cd meta-mender-community/mender-nxp
  • Create a kas configuration add-on to enable passwordless root access for development purposes:
cat <<EOF > debug-image.yml
header:
  version: 14

local_conf_header:
  developer-features: |
    EXTRA_IMAGE_FEATURES = "debug-tweaks"
EOF
  • Run the following command to start the build process:
kas build ../kas/olimex-imx8mp-evb.yml:debug-image.yml

Initiating the build process from scratch is a bit of a marathon, as kas and bitbake need to download all the source code and execute a plethora of tasks. Feel free to grab a cup of tea (or maybe a whole teapot) while you wait!

Flashing the Mender Image

Using kas and BitBake will result in the production of an image file. After the build process is complete, you will find the generated image at the following relative path: build/tmp/deploy/images/olimex-imx8mp-evb/core-image-base-olimex-imx8mp-evb.sdimg. This path indicates the location within the build directory where the final image is stored, ready for deployment to Olimex iMX8MP-SOM-4GB-IND and iMX8MP-SOM-EVB-IND.

The core-image-base-olimex-imx8mp-evb.sdimg file must be flashed onto a microSD card to be used with your device. This can be accomplished using various applications such as dd or bmaptool for command-line options. If you prefer a user-friendly application with a graphical interface, you can use Balena Etcher, which simplifies the flashing process and provides a straightforward GUI.

To set up and verify your Olimex iMX8MP-SOM-EVB-IND board, follow these steps:

  • Connect the USB-to-UART adapter to the A53_DBG1 connector on the Olimex iMX8MP-SOM-EVB-IND, and insert the Ethernet cable and the microSD card.

  • Plug the 5V power supply into the power jack of the iMX8MP-SOM-EVB-IND to power up the board.
  • Ensure the system boots successfully, then log in as the root user (no password required) and check the Mender status by executing the following commands:
mender-update show-provides
mender-update show-artifact
mender-update --version
changes

Creating a Mender Artifact

Mender artifact refers to a package format used by the Mender update manager for over-the-air (OTA) software updates. It contains all the necessary components such as firmware, scripts, configuration files, and metadata required to update a device’s software reliably and securely. The layer meta-mender/meta-mender-core is essential for integrating Mender’s functionality into the Yocto Project and OpenEmbedded build system as it provides required classes and scripts that automate the creation of Mender artifacts as part of the build process.

Follow the steps below to build a Mender Artifact for iMX8MP-SOM-EVB-IND that extends the system with the addition of the simple text editor nano:

  • Create a kas configuration add-on to add nano:
cat <<EOF > update-image.yml
header:
  version: 14

local_conf_header:
  update-image: |
    IMAGE_INSTALL:append = " nano"
EOF
  • Build both core-image-base and its corresponding Mender Artifact using:
kas build ../kas/olimex-imx8mp-evb.yml:debug-image.yml:update-image.yml
  • This process will generate a Mender Artifact containing nano at the file path build/tmp/deploy/images/olimex-imx8mp-evb/core-image-base-olimex-imx8mp-evb.mender.

Installing the Mender Artifact

Mender serves as a comprehensive update solution, featuring a central server that acts as a hub for storing and orchestrating software updates across fleets of devices via over-the-air deployment. Using Mender’s intuitive web UI or REST APIs, you can efficiently manage devices, upload software releases, and execute seamless deployments to distribute updates across your devices. Alternatively, Mender can operate in standalone mode, independent of a server.

To perform a manual standalone deployment using Mender in the terminal, follow the steps below. In this setup, no Mender Server is involved, and updates are initiated directly on the device.

  • Start a simple HTTP server in the directory with the Mender Artifact:
python3 -m http.server

mender-update install http://<server>:8000/core-image-base-olimex-imx8mp-evb.mender

NOTE: Replace <server> with the IP address of the machine on which the Python3 HTTP server is running.

changes

  • Reboot the embedded Linux device:
reboot
  • Login as root on the board and verify that nano text editor has been installed.
  • Ensure the new deployment becomes permanent:
mender-update commit
changes

This example illustrates the seamless integration of Mender using the Yocto Project release Scarthgap on an embedded computer powered by the NXP i.MX8MP SoC. It demonstrates how you can effectively manage updates across fleets of devices using the Mender server. Furthermore, Mender also provides additional tools for remote troubleshooting, ensuring smooth operations in the field.

How do Mender.io and RAUC differ?

The Mender client is an application that runs on embedded devices. In a production setup, it connects to the Mender server to perform automatic updates by downloading and installing Mender Artifacts as they become available. Initially, the Mender client was developed in Go. However, a strategic decision was made to rewrite it in C++ to reduce the application’s footprint and support more platforms, including real-time operating systems (RTOS).

In comparison, RAUC, the alternative A/B open-source solution explored in part one, also has an application running on the embedded Linux device, but it is written in C. Unlike Mender, RAUC does not provide a server to manage devices, so a third-party solution such as qbee.io or Eclipse hawkBit is required.

Another notable technical difference is that RAUC integration through meta-rauc-nxp relies on a wks file where the A and B partitions are explicitly specified. In contrast, meta-mender-nxp uses classes and special variables provided by Mender to define those partitions, and BitBake generates a temporary wks file while building Mender-enabled images.

In terms of security, both Mender and RAUC support signing and verification of updates. Mender supports signing artifacts using RSA with a recommended key length of at least 3072 bits or ECDSA with curve P-256. RAUC employs X.509 cryptography for signing and verifying update bundles.

Leveraging the insights and experiences discussed in parts 1 and 2 of this article, here is a side-by-side comparison of the key features of Mender and RAUC:

FeatureMenderRAUC
A/B updatesYesYes
Roll-backYesYes
Configure add-onAvailableNo
Monitor add-onAvailableNo
Troubleshoot add-onAvailableNo
Client implementationC++C
Client licenseApache 2.0LGPL-2.1
Yocto Project integrationYesYes
Management serverYes3rd-party

Mender.io provides a comprehensive, turnkey solution that covers everything from embedded devices to cloud-based software-as-a-service for managing fleets of connected devices. It also offers convenient add-ons and proprietary delta updates. Meanwhile, RAUC reliably integrates seamlessly with both in-house and third-party device management systems. The choice of update technology should be based on your specific requirements and use cases.

About Konsulko Group

Over the years, Konsulko engineers have made significant contributions to the community and crucial embedded Linux open-source projects, including the Yocto Project, OpenEmbedded, the Linux kernel, and U-Boot. We specialize in assisting customers in developing commercial products leveraging these technologies. With expertise in BSP bring-up on diverse hardware platforms for embedded devices, our services encompass a wide range of open-source solutions for software updates. Contact us to discuss the best update strategy and technology for your embedded product requirements.